Collaboration / CTF

goshs includes a set of server capabilities tailored for penetration testing, red team operations, and CTF challenges. These features let you receive and inspect traffic from targets — DNS queries, emails, SMB authentication attempts, and HTTP redirects — all from within the same binary.

• SMB Server — capture NTLM hashes and optionally crack them against a wordlist
• DNS Server — log all incoming DNS lookups and reply with a configurable IP
• SMTP Server — receive emails and attachments sent to your server
• Redirect Endpoint — serve HTTP 3xx redirects with custom headers

Domain setup

To receive real-world DNS callbacks and emails you need a registered domain with a few DNS records in place. The setup below uses Namecheap as an example, but the record types are the same with any registrar.

Assuming your domain is your-domain.com and your server’s public IP is 1.2.3.4, create the following records:

What each record does

A @ → 1.2.3.4 — Makes your-domain.com resolve to your server. This is the address SMTP senders will connect to when delivering mail to @your-domain.com.

A dns → 1.2.3.4 — Makes dns.your-domain.com itself resolve to your server. This is the glue record required so that resolvers can find the nameserver declared in the NS record below.

NS dns → dns.your-domain.com — Delegates the entire dns.your-domain.com subdomain to your server as the authoritative nameserver. Any DNS lookup for *.dns.your-domain.com will be forwarded directly to goshs, making it ideal for out-of-band callback detection (SSRF, XXE, blind injection, etc.).

Starting goshs with the correct settings

Once the records are in place, start goshs bound to port 53 for DNS and port 25 for SMTP, using your domain:

goshs -dns -dns-port 53 -dns-ip 1.2.3.4 -smtp -smtp-port 25 -smtp-domain your-domain.com

Your callback domain for DNS-based detection is then <unique-id>.dns.your-domain.com and your SMTP domain is your-domain.com.