Gelo

Overview

Build web exploits easily and quickly with Gelo

Gelo is a Lua extension library that enables easy and fast development of web security utilities and exploits. Gelo extends Lua with a set of objects and functions derived from the Sandcat tools that allow you to write scripts for performing complex pen-testing tasks.

EXE Generation
Includes a simple tool for converting any Lua/Gelo application to a small executable.

Gelo-powered exploit example
We've converted one of our HTTP exploits from Python to Lua/Gelo. (See the source)

Gelo 1.0 is still a beta version. We expect to significantly expand it as development goes on.

Features

Gelo extends Lua with:

• HTTP object and functions
• HTTPS Support
• HTML Parser
• String list object and parser
• Base64 encoding/decoding
• URL functions
• URL Encoding/Decoding
• Regular expression and Wildcard matching
• Additional string functions
• And more

Example App

Example Application

Example of a very small Gelo/Lua application.

 
usage = [[
USAGE:
  getbanner.exe [hostname]
Example:
  getbanner.exe www.syhunt.com
]]
if arg[1] == nil then
 print(usage)
else
 http = GHTTPRequest:new()
 http:open('GET','http://'..arg[1]..'/')
 print(http:rcvdheader('Server'))
end
 

Download

What is Lua?

Lua is a powerful, fast, lightweight, embeddable scripting language. It is heavily used in the game industry and security tools such as Wireshark, Snort, nmap and Sandcat also make use of it.

The language combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.

More information is available at the official website at http://www.lua.org.