fileserver: CLI flags, SSL fix

fileserver.py

@@ -152,6 +152,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
 class HttpFileServer(HTTPServer):
     def __init__(self, addr, port):
         super().__init__((addr, port), FileServerRequestHandler)
+        self.ssl_context = None
         self.logRequests = False
         self.routes = { }
         self.dumpRequests = []
@@ -160,7 +161,6 @@ class HttpFileServer(HTTPServer):
         self.listen_thread = None
 
     def cleanPath(self, path):
-
         if "?" in path:
             path = path[0:path.find("?")]
 
@@ -228,27 +228,18 @@ class HttpFileServer(HTTPServer):
     def enableLogging(self):
         self.logRequests = True
 
-    def enableSSL(self, keyFile="private.key", certFile="server.crt"):
+    def enableSSL(self, private_key="private.key", certificate="server.crt"):
 
-        if not os.path.isfile(keyFile):
+        if not os.path.isfile(private_key):
             print("Generating private key and certificate…")
-            os.system("openssl req -new -x509 -keyout private.key -out server.crt -days 365 -nodes")
+            os.system(f"openssl req -new -x509 -keyout {private_key} -out {certificate} -days 365 -nodes")
-        elif not os.path.isfile(certFile):
+        elif not os.path.isfile(certificate):
             print("Generating certificate…")
-            os.system("openssl req -new -x509 -keyin private.key -out server.crt -days 365 -nodes")
+            os.system(f"openssl req -new -x509 -keyin {private_key} -out {certificate} -days 365 -nodes")
 
-        self.socket = ssl.wrap_socket(self.socket,
+        self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-            server_side=True,
+        self.ssl_context.load_cert_chain(certificate, private_key)
-            certfile=certFile,
+        self.socket = self.ssl_context.wrap_socket(self.socket, server_side=True)
-            keyfile=keyFile,
-            ssl_version=ssl.PROTOCOL_TLS,
-            cert_reqs=ssl.CERT_NONE)
-
-        # try:
-        #     ssl._create_default_https_context = ssl._create_unverified_context
-        # except AttributeError:
-        #     print("Legacy Python that doesn't verify HTTPS certificates by default")
-        #     pass
 
     def startBackground(self):
         self.listen_thread = threading.Thread(target=self.serve_forever)
@@ -334,11 +325,25 @@ if __name__ == "__main__":
         help="The private key to use in combination with --ssl, default: private.key"
     )
 
+    parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        default=False,
+        help="Verbose mode"
+    )
+
     args = parser.parse_args()
 
     file_server = HttpFileServer(args.bind_addr, args.port)
     ip_address = util.get_address()
 
+    if args.ssl:
+        file_server.enableSSL(args.ssl_key, args.ssl_cert)
+
+    if args.verbose:
+        file_server.enableLogging()
+
     if args.action == "shell":
         payload_type = args.payload if args.payload else "bash"
         shell_payload = rev_shell.generate_payload(args.payload, ip_address, 4444)
@@ -364,7 +369,4 @@ if __name__ == "__main__":
         print("Serve files in current directory using:")
         print(file_server.get_full_url("/", ip_addr=ip_address))
 
-    if args.ssl:
-        file_server.enableSSL(args.ssl_key, args.ssl_cert)
-
     file_server.serve_forever()