Prerequisites: You need to have Go installed and add
$GOPATH/binto$PATH, you can usego versionto check whether you have installed it. For the$PATHissue, you can see the details at the official docs
Install and update are quite easy, they use the same command, just run the following command then everything's done.
go install github.com/CX330Blake/letsgo@latestUse letsgo --help to see the full usage.
Use the default settings to scan a URL.
letsgo --url <https://example.com>
If you want to check what it can does, you can use the labs provided by Port Swigger. There're 6 labs which varies in defferent bypass skill to exploit the path traversal vulnerability, and letsgo can deal with ALL of them, quick, and precise. Use the lab to learn more about path traversal, GLHF!
- PortSwigger - File path traversal, simple case
- PortSwigger - File path traversal, traversal sequences blocked with absolute path bypass
- PortSwigger - File path traversal, traversal sequences stripped non-recursively
- PortSwigger - File path traversal, traversal sequences stripped with superfluous URL-decode
- PortSwigger - File path traversal, validation of start of path
- PortSwigger - File path traversal, validation of file extension with null byte bypass
- Add the customize file name (e.g. flag.txt)