Skip to content

Commit

Permalink
MODULE - readfile : keep a backup of the files
Browse files Browse the repository at this point in the history
  • Loading branch information
swisskyrepo committed Oct 18, 2018
1 parent baac471 commit 08333df
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 5 deletions.
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ I <3 pull requests :)
Feel free to add any feature listed below or a new service.

- aws and other cloud providers - extract sensitive data from http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy and more
- sockserver - SSRF SOCK proxy server - https://github.com/iamultra/ssrfsocks
- handle request with file in requester
- requester injection point in file (if param = None, check SSRFMAP in reqFile and replace with the payload)
- add https://github.com/cujanovic/SSRF-Testing ip.py into the ip generator from core.utils
Expand Down
21 changes: 17 additions & 4 deletions modules/readfiles.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from core.utils import *
import logging
import os

name = "readfiles"
description = "Read files from the target"
Expand All @@ -16,10 +17,22 @@ def __init__(self, requester, args):
if r != None:
default = r.text

# Create directory to store files
directory = requester.host
if not os.path.exists(directory):
os.makedirs(directory)

for f in self.files:
r = requester.do_request(args.param, wrapper_file(f))
logging.info("\033[32mReading file\033[0m : {}".format(f))

# Display diff between default and ssrf request
diff = diff_text(r.text, default)
print(diff)
if diff != "":

# Display diff between default and ssrf request
logging.info("\033[32mReading file\033[0m : {}".format(f))
print(diff)

# Write diff to a file
filename = f.replace('\\','_').replace('/','_')
logging.info("\033[32mWriting file\033[0m : {} to {}".format(f, directory + "/" + filename))
with open(directory + "/" + filename, 'w') as f:
f.write(diff)

0 comments on commit 08333df

Please sign in to comment.