Detects vulnerable GoAnywhere MFT instances by extracting version numbers from the login page and matching against affected version ranges.
- Download Nuclei from here
- Copy the template to your local system
- Run the following command:
nuclei -u https://yourHost.com -t template.yaml
- https://www.fortra.com/security/advisories/product-security/fi-2025-012
- https://www.rapid7.com/blog/post/etr-cve-2025-10035-critical-unauthenticated-rce-in-goanywhere-mft/
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
Feel free to reach out via Signal if you have any questions.