kgretzky / pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
https://breakdev.org/pwndrop
GNU General Public License v3.0
2.02k stars 259 forks source link

add some new features #36

Open physics-sec opened 3 years ago

physics-sec commented 3 years ago

Hey there! I have been using pwndrop for a while and it is really really great, I added some new features that I think are useful on some scenarios.

added:

Note: I only update how many times a file has been downloaded while using HTTP.

The new configuration file options are:

[pwndrop]
downloads_dir = "/my/payload/folder"        # directory path where files will be hosted by default, leave empty for ramdom
logfile = "/home/user/pwndrop.log"          # file where logs will be written, leave empty to only use stdout
trust_x_forwarded_for = true                # decides if pwndrop uses the X-Forwarded-For/X-Forwarded-Host HTTP headers to determine the remote address of a request. Use this option if pwndrop is behind an HTTP redirector.

I have also updated the GUI to include the Black/White listed IPs or IP ranges and how many times a payload can be downloaded.

Hope you will consider including these changes.

physics-sec commented 3 years ago

Add some screenshots to show de GUI: Global settings, here you can define individual IPs or ranges. A common use is to only allow the public IP of the company you are pentesting. Screenshot from 2021-07-12 20-18-26

File config, here you can define how many times can this payload be downloaded. Screenshot from 2021-07-12 20-18-50

The file view, showing the downloads left, once they reach 0, the file is disabled. Screenshot from 2021-07-12 20-18-54

B1t0n commented 3 years ago

Great stuff! Do you think that it can get merged with this commit as well? I want to use these features as well https://github.com/kgretzky/pwndrop/pull/28

physics-sec commented 3 years ago

Saw your PR, the ability to add files programmatically is super powerful, great work! Take into account that you can just use a custom build and have both changes included. weather this gets merged or not depends on @kgretzky 😄

lucawen commented 1 year ago

Maybe we can keep working on in on this fork: https://github.com/SygniaLabs/pwndrop what you think ?