Installation

Mon, 07 Apr 2025 09:00:00 +0200

There are several methods to install and use goshs. Release - Download and use the release version Go - Install it using go Build Yourself - Build it yourself Kali - Use Kali repositories Docker - Use goshs with Docker Scoop - Use Scoop on Windows Homebrew - Use brew on macOS

Usage

Mon, 27 Apr 2026 00:00:00 +0000

Usage is quite simple. Explanation of the specific features can be found in the submenu. goshs v2.0.0 Usage: goshs [options] Web server options: -i, --ip IP or Interface to listen on (default: 0.0.0.0) -p, --port The port to listen on (default: 8000) -d, --dir The web root directory (default: current working path) -w, --webdav Also serve using webdav protocol (default: false) -wp, --webdav-port The port to listen on for webdav (default: 8001) -ro, --read-only Read only mode, no upload possible (default: false) -uo, --upload-only Upload only mode, no download possible (default: false) -uf, --upload-folder Specify a different upload folder (default: current working path) -nc, --no-clipboard Disable the clipboard sharing (default: false) -nd, --no-delete Disable the delete option (default: false) -si, --silent Running without dir listing (default: false) -I, --invisible Invisible mode (default: false) -c, --cli Enable cli (only with auth and tls) (default: false) -e, --embedded Show embedded files in UI (default: false) -o, --output Write output to logfile (default: false) -t, --tunnel Enable tunnel (default: false) --catcher, -rc Enable reverse shell catcher (default: false) TLS options: -s, --ssl Use TLS -ss, --self-signed Use a self-signed certificate -sk, --server-key Path to server key -sc, --server-cert Path to server certificate -p12, --pkcs12 Path to server p12 -p12np, --p12-no-pass Server p12 has empty password -sl, --lets-encrypt Use Let's Encrypt as certification service -sld, --le-domains Domain(s) to request from Let's Encrypt (comma separated list) -sle, --le-email Email to use with Let's Encrypt -slh, --le-http Port to use for Let's Encrypt HTTP Challenge (default: 80) -slt, --le-tls Port to use for Let's Encrypt TLS ALPN Challenge (default: 443) SFTP server options: -sftp Activate SFTP server capabilities (default: false) -sp, --sftp-port The port SFTP listens on (default: 2022) -skf, --sftp-keyfile Authorized_keys file for pubkey auth -shk, --sftp-host-keyfile SSH Host key file for identification SMB server options: -smb Activate SMB server capabilities (default: false) -smb-port, --smb-port The port SMB listens on (default: 445) -smb-domain, --smb-domain The domain to use for SMB authentication (default: WORKGROUP) -smb-share, --smb-share The share to use for SMB authentication (default: goshs) -smb-wordlist Wordlist file for quick hash cracking (default: none) Authentication options: -b, --basic-auth Use basic authentication (user:pass - user can be empty) -ca, --cert-auth Use certificate based authentication - provide ca certificate -H, --hash Hash a password for file based ACLs Connection restriction: -ipw, --ip-whitelist Comma separated list of IPs to whitelist -tpw, --trusted-proxy-whitelist Comma separated list of trusted proxies Collaboration options: -dns, --dns-server Enable DNS server (default: false) -dns-port, --dns-port DNS server port (default: 8053) -dns-ip, --dns-ip DNS server Reply IP (default: 127.0.0.1) -smtp, --smtp-server Enable SMTP server (default: false) -smtp-port, --smtp-port SMTP server port (default: 2525) -smtp-domain, --smtp-domain SMTP server domain (default: open relay) Webhook options: -W, --webhook Enable webhook support (default: false) -Wu, --webhook-url URL to send webhook requests to -We, --webhook-events Comma separated list of events to notify [all, upload, delete, download, view, webdav, sftp, smb, dns, smtp, verbose] (default: all) -Wp, --webhook-provider Webhook provider [Discord, Mattermost, Slack] (default: Discord) Misc options: -C --config Provide config file path (default: false) -P --print-config Print sample config to STDOUT (default: false) -u --user Drop privs to user (unix only) (default: current user) --update Update goshs to most recent version -m --mdns Disable zeroconf mDNS registration (default: false) -V --verbose Activate verbose log output (default: false) -v Print the current goshs version Usage examples: Start with default values: ./goshs Start with config file: ./goshs -C /path/to/config.json Start with webdav support: ./goshs -w Start with different port: ./goshs -p 8080 Start with self-signed cert: ./goshs -s -ss Start with let's encrypt: ./goshs -s -sl -sle your@mail.com -sld your.domain.com,your.seconddomain.com Start with custom cert: ./goshs -s -sk -sc Start with basic auth: ./goshs -b 'secret-user:$up3r$3cur3' Start with basic auth bcrypt hash: ./goshs -b 'secret-user:$2a$14$ydRJ//Ob4SctB/D7o.rvU.LmPs/vwXkeXCbtpCqzgOJDSShLgiY52' Start with basic auth empty user: ./goshs -b ':$up3r$3cur3' Start with cli enabled: ./goshs -b 'secret-user:$up3r$3cur3' -s -ss -c Start with SMB capture: ./goshs -smb -smb-domain CORP -smb-share files Start with DNS server: ./goshs -dns -dns-ip 10.10.14.1 Start with SMTP server: ./goshs -smtp -smtp-domain mail.example.com Start with reverse shell catcher: ./goshs -s -ss -b user:pass --catcher

Running as Service

Mon, 01 Jan 0001 00:00:00 +0000

You can run goshs as systemd service easily. Step 1 You need to create the config file. I suggest creating it in /etc/goshs/. sudo mkdir -p /etc/goshsNow copy over the example config as goshs.json and configure the way you like. Warning You will at least need to configure a directory to serve from. For example you could choose /var/www/html if available. You could also create this webroot with sudo mkdir -p /var/www/html and serve from there.

Welcome :: goshs Documentation

Installation

Usage

Running as Service