From 31af1f4423a3fe7a6a9626ab36f63e888335b2f4 Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Tue, 21 Apr 2026 16:11:23 +0200 Subject: [PATCH] fileserver: CLI flags, SSL fix --- fileserver.py | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/fileserver.py b/fileserver.py index da869c4..53db2ea 100755 --- a/fileserver.py +++ b/fileserver.py @@ -152,6 +152,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler): class HttpFileServer(HTTPServer): def __init__(self, addr, port): super().__init__((addr, port), FileServerRequestHandler) + self.ssl_context = None self.logRequests = False self.routes = { } self.dumpRequests = [] @@ -160,7 +161,6 @@ class HttpFileServer(HTTPServer): self.listen_thread = None def cleanPath(self, path): - if "?" in path: path = path[0:path.find("?")] @@ -228,27 +228,18 @@ class HttpFileServer(HTTPServer): def enableLogging(self): self.logRequests = True - def enableSSL(self, keyFile="private.key", certFile="server.crt"): + def enableSSL(self, private_key="private.key", certificate="server.crt"): - if not os.path.isfile(keyFile): + if not os.path.isfile(private_key): print("Generating private key and certificate…") - os.system("openssl req -new -x509 -keyout private.key -out server.crt -days 365 -nodes") - elif not os.path.isfile(certFile): + os.system(f"openssl req -new -x509 -keyout {private_key} -out {certificate} -days 365 -nodes") + elif not os.path.isfile(certificate): print("Generating certificate…") - os.system("openssl req -new -x509 -keyin private.key -out server.crt -days 365 -nodes") + os.system(f"openssl req -new -x509 -keyin {private_key} -out {certificate} -days 365 -nodes") - self.socket = ssl.wrap_socket(self.socket, - server_side=True, - certfile=certFile, - keyfile=keyFile, - ssl_version=ssl.PROTOCOL_TLS, - cert_reqs=ssl.CERT_NONE) - - # try: - # ssl._create_default_https_context = ssl._create_unverified_context - # except AttributeError: - # print("Legacy Python that doesn't verify HTTPS certificates by default") - # pass + self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + self.ssl_context.load_cert_chain(certificate, private_key) + self.socket = self.ssl_context.wrap_socket(self.socket, server_side=True) def startBackground(self): self.listen_thread = threading.Thread(target=self.serve_forever) @@ -334,11 +325,25 @@ if __name__ == "__main__": help="The private key to use in combination with --ssl, default: private.key" ) + parser.add_argument( + "-v", + "--verbose", + action="store_true", + default=False, + help="Verbose mode" + ) + args = parser.parse_args() file_server = HttpFileServer(args.bind_addr, args.port) ip_address = util.get_address() + if args.ssl: + file_server.enableSSL(args.ssl_key, args.ssl_cert) + + if args.verbose: + file_server.enableLogging() + if args.action == "shell": payload_type = args.payload if args.payload else "bash" shell_payload = rev_shell.generate_payload(args.payload, ip_address, 4444) @@ -364,7 +369,4 @@ if __name__ == "__main__": print("Serve files in current directory using:") print(file_server.get_full_url("/", ip_addr=ip_address)) - if args.ssl: - file_server.enableSSL(args.ssl_key, args.ssl_cert) - file_server.serve_forever()