Go modules · proxy.golang.org
github.com/su1ph3r/bypassburrito
DNS / OAST exfiltration: matched "dig $("
Why PkgRadar flagged v1.0.1-0.20260407223935-8bbf4087991c
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "dig $(" · github.com/su1ph3r/[email protected]/internal/payloads/embedded/cmdi-blind.yaml |
| medium | Remote Payload | matched "curl " · github.com/su1ph3r/[email protected]/cmd/burrito/bypass.go |
| medium | Remote Payload | matched "Curl " · github.com/su1ph3r/[email protected]/internal/output/reporter.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.0.1-0.20260407223935-8bbf4087991c | High risk | 57 | 2026-06-15 |
v0.2.0 | High risk | 57 | 2026-06-15 |
v0.3.0 | High risk | 57 | 2026-06-15 |
v0.3.1 | High risk | 57 | 2026-06-15 |
v1.0.0 | High risk | 57 | 2026-06-15 |
Block this in CI
pkgradar gate --ecosystem go github.com/su1ph3r/[email protected]