Packages and Binaries:
goshs
SimpleHTTPServer written in Go
This tool provides a SimpleHTTPServer written in Go, enhanced with features
and security. This package contains a simple http server like the Python
SimpleHTTPServer but enhanced with a lot of helpful features and security in
mind.
Installed size: 21.57 MB
How to install: sudo apt install goshs
Dependencies:
- libc6
goshs
root@kali:~# goshs -h
goshs v2.0.8
Usage: goshs [options]
Web server options:
-i, --ip IP or Interface to listen on (default: 0.0.0.0)
-p, --port The port to listen on (default: 8000)
-d, --dir The web root directory (default: current working path)
-w, --webdav Also serve using webdav protocol (default: false)
-wp, --webdav-port The port to listen on for webdav (default: 8001)
-ro, --read-only Read only mode, no upload possible (default: false)
-uo, --upload-only Upload only mode, no download possible (default: false)
-uf, --upload-folder Specify a different upload folder (default: current working path)
-mu, --max-upload Maximum upload size in bytes, 0=unlimited (default: 0)
-nc, --no-clipboard Disable the clipboard sharing (default: false)
-nd, --no-delete Disable the delete option (default: false)
-si, --silent Running without dir listing (default: false)
-I, --invisible Invisible mode (default: false)
-c, --cli Enable cli (only with auth and tls) (default: false)
--catcher, -rc Enable reverse shell catcher (default: false)
-e, --embedded Show embedded files in UI (default: false)
-o, --output Write output to logfile (default: false)
-t, --tunnel Enable tunnel (default: false)
TLS options:
-s, --ssl Use TLS
-ss, --self-signed Use a self-signed certificate
-sk, --server-key Path to server key
-sc, --server-cert Path to server certificate
-p12, --pkcs12 Path to server p12
-p12np, --p12-no-pass Server p12 has empty password
-sl, --lets-encrypt Use Let's Encrypt as certification service
-sld, --le-domains Domain(s) to request from Let's Encrypt (comma separated list)
-sle, --le-email Email to use with Let's Encrypt
-slh, --le-http Port to use for Let's Encrypt HTTP Challenge (default: 80)
-slt, --le-tls Port to use for Let's Encrypt TLS ALPN Challenge (default: 443)
SFTP server options:
-sftp Activate SFTP server capabilities (default: false)
-sp, --sftp-port The port SFTP listens on (default: 2022)
-skf, --sftp-keyfile Authorized_keys file for pubkey auth
-shk, --sftp-host-keyfile SSH Host key file for identification
SMB server options:
-smb Activate SMB server capabilities (default: false)
-smb-port, --smb-port The port SMB listens on (default: 445)
-smb-domain, --smb-domain The domain to use for SMB authentication (default: WORKGROUP)
-smb-share, --smb-share The share to use for SMB authentication (default: goshs)
-smb-wordlist Wordlist file for quick hash cracking (default: none)
LDAP server options:
-ldap, --ldap-server Activate LDAP credential capture server (default: false)
-ldap-port The port LDAP listens on (default: 389)
-ldap-jndi Enable dynamic JNDI mode — baseDN in the search becomes the
factory class name, fetched from the goshs HTTP server
-ldap-jndi-base Override codeBase URL for JNDI payloads (default: auto)
-ldap-wordlist Wordlist file for quick LDAP NTLM hash cracking
Use -s -ss or -s -sc/-sk to enable LDAPS (TLS) on default port 636
Authentication options:
-b, --basic-auth Use basic authentication (user:pass - user can be empty)
-ca, --cert-auth Use certificate based authentication - provide ca certificate
-H, --hash Hash a password for file based ACLs
Connection restriction:
-ipw, --ip-whitelist Comma separated list of IPs to whitelist
-tpw, --trusted-proxy-whitelist Comma separated list of trusted proxies
Collaboration options:
-dns, --dns-server Enable DNS server (default: false)
-dns-port, --dns-port DNS server port (default: 8053)
-dns-ip, --dns-ip DNS server Reply IP (default: 127.0.0.1)
-smtp, --smtp-server Enable SMTP server (default: false)
-smtp-port, --smtp-port SMTP server port (default: 2525)
-smtp-domain, --smtp-domain SMTP server domain (default: open relay)
Webhook options:
-W, --webhook Enable webhook support (default: false)
-Wu, --webhook-url URL to send webhook requests to
-We, --webhook-events Comma separated list of events to notify
[all, upload, delete, download, view, webdav,
sftp, smb, dns, smtp, redirect, verbose] (default: all)
-Wp, --webhook-provider Webhook provider
[Discord, Mattermost, Slack] (default: Discord)
Misc options:
-C --config Provide config file path (default: false)
-P --print-config Print sample config to STDOUT (default: false)
-u --user Drop privs to user (unix only) (default: current user)
--update Update goshs to most recent version
-m --mdns Enable zeroconf mDNS registration (default: false)
-V --verbose Activate verbose log output (default: false)
-v Print the current goshs version
--completion Install shell tab completion (bash|fish|zsh)
Usage examples:
Start with default values: ./goshs
Start with config file: ./goshs -C /path/to/config.yaml
Start with wevdav support: ./goshs -w
Start with different port: ./goshs -p 8080
Start with self-signed cert: ./goshs -s -ss
Start with let's encrypt: ./goshs -s -sl -sle [email protected] -sld your.domain.com,your.seconddomain.com
Start with custom cert: ./goshs -s -sk <path to key> -sc <path to cert>
Start with basic auth: ./goshs -b 'secret-user:$up3r$3cur3'
Start with basic auth bcrypt hash: ./goshs -b 'secret-user:$2a$14$ydRJ//Ob4SctB/D7o.rvU.LmPs/vwXkeXCbtpCqzgOJDSShLgiY52'
Start with basic auth empty user: ./goshs -b ':$up3r$3cur3'
Start with cli enabled: ./goshs -b 'secret-user:$up3r$3cur3' -s -ss -c
Updated on: 2026-May-25