Go modules · proxy.golang.org
github.com/TyrusRC/assay
Reverse Shell: matched "bash -i >&" — reverse-shell shape
Why PkgRadar flagged v0.0.0-20260605114847-a79e3505e61b
| Severity | Signal | Evidence |
|---|---|---|
| high | Reverse Shell | matched "bash -i >&" — reverse-shell shape · github.com/tyrusrc/[email protected]/internal/payloads/cmdi/cmdi.go |
| high | Reverse Shell | matched "bash -i >&" — reverse-shell shape · github.com/tyrusrc/[email protected]/internal/payloads/cmdi/shellshock.go |
| high | DNS / OAST exfiltration | matched "dig $(" · github.com/tyrusrc/[email protected]/internal/payloads/cmdi/cmdi.go |
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · github.com/tyrusrc/[email protected]/internal/payloads/ssrf/ssrf.go |
| medium | Remote Payload | matched "cURL " · github.com/tyrusrc/[email protected]/cmd/assay/cmd/scan_flags.go |
| medium | Tls Verification Disabled | matched "InsecureSkipVerify: true" · github.com/tyrusrc/[email protected]/internal/detection/racecond/sync_h1.go |
| medium | Tls Verification Disabled | matched "InsecureSkipVerify: true" · github.com/tyrusrc/[email protected]/internal/detection/racecond/sync_h2.go |
| medium | Tls Verification Disabled | matched "InsecureSkipVerify: true" · github.com/tyrusrc/[email protected]/internal/detection/tls/analyzer.go |
| medium | Remote Payload | matched "curl " · github.com/tyrusrc/[email protected]/internal/payloads/arginject/detector.go |
| medium | Remote Payload | matched "curl " · github.com/tyrusrc/[email protected]/internal/payloads/cmdi/cmdi.go |
| medium | Remote Payload | matched "curl " · github.com/tyrusrc/[email protected]/internal/payloads/javareflect/javareflect.go |
| medium | Remote Payload | matched "curl " · github.com/tyrusrc/[email protected]/internal/payloads/nodejsinject/nodejsinject.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260605114847-a79e3505e61b | High risk | 207 | 2026-06-20 |
Block this in CI
pkgradar gate --ecosystem go github.com/TyrusRC/[email protected]