Add files via upload

gh0x0st · web-flow · commit fc98e3e5cf98 · 2023-09-26T14:29:00.000-04:00
diff --git a/README.md b/README.md
@@ -0,0 +1,79 @@
+# Raven
+
+Raven is a Python tool that extends the capabilities of the `http.server` Python module by offering a self-contained file upload web server. While the common practice is to use `python3 -m http.server 80` to serve files for remote client downloads, Raven addresses the need for a similar solution when you need the ability to receive files from remote clients. This becomes especially valuable in scenarios such as penetration testing and incident response procedures when protocols such as SMB may not be a viable option.
+
+### Key Features
+
+While the majority of the hard work is already being handled by the http.server module, it presents us with an opportunity to implement additional security and ease of use features without overcomplicating the overall implementation. These features currently include:
+
+- **IP Access Restrictions**: Optionally grants the ability to restrict access based on client IP addresses. You can define this access via a single IP, a comma-delimited list or by using CIDR notation.
+
+- **Organized Uploads**: Optionally organizes uploaded files into subfolders based on the remote client's IP address in a named or current working directory. Otherwise the default behavior will upload files in the current working directory.
+
+- **File Sanitation**: Sanitizes the name of each uploaded file prior to being saved to disk to help prevent potential abuse.
+
+- **Clobbering**: Verifies that the file does not already exist before it's written to disk. If it already exists, an incrementing number is appended to the filename to prevent clashes and ensure no data is overwritten.
+
+- **Detailed Logging**: Raven provides detailed logging of file uploads and interaction with the http server, including the status codes sent back to a client, its IP address, timestamp, and the saved file's location in the event a file is uploaded.
+
+## Usage
+
+Raven is straightforward to use and includes simple command-line arguments to manage the included feature sets:
+
+```bash
+python3 raven.py <listening_ip> <listening_port> [--allowed-ip <allowed_client_ip>] [--upload-folder <folder>] [--organize-uploads]
+```
+
+* <listening_ip>: The IP address for our http handler to listen on
+* <listening_port>: The port for our http handler to listen on
+* --allowed-ip <allowed_client_ip>:Restrict access to our http handler by IP address (optional)
+* --upload-folder <folder>: "Designate the directory to save uploaded files to (default: current working directory)
+* --organize-uploads: Organize file uploads into subfolders by remote client IP
+
+## Installation
+
+Install from GitHub
+
+1. Clone the Repository
+
+   ```bash
+   git clone https://github.com/gh0x0st/raven.git
+   cd raven
+   ```
+   
+2. Install using pip3
+
+   ```bash
+   pip3 install .
+   ```
+
+3. Add /home/USER/./local/bin to your PATH environment variable
+
+   ```bash
+   echo 'export PATH="/home/kali/.local/bin:$PATH"' >> ~/.zshrc
+   source ~/.zshrc
+   ```
+
+## Examples
+
+Start the HTTP server on all available network interfaces, listening on port 443:
+
+`raven 0.0.0.0 443`
+
+Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443 and restrict access to 192.168.0.4:
+
+`raven 192.168.0.12 443 --allowed-ip 192.168.0.4`
+
+Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443, restrict access to 192.168.0.4 and save uploaded files to /tmp:
+
+`raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-folder /tmp`
+
+Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443, restrict access to 192.168.0.4 and save uploaded files to /tmp organized by remote client ip:
+
+`raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-folder /tmp --organize-uploads`
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+
diff --git a/raven.py b/raven.py
@@ -0,0 +1,6 @@
+#!/usr/bin/env python3
+
+from raven.__main__ import main
+
+if __name__ == '__main__':
+    main()
diff --git a/raven/__init__.py b/raven/__init__.py
@@ -0,0 +1 @@
+
diff --git a/raven/__main__.py b/raven/__main__.py
@@ -0,0 +1,243 @@
+#!/usr/bin/env python3
+
+import argparse
+import errno
+import os
+import re
+import sys
+import http.server
+import socketserver
+from datetime import datetime
+from ipaddress import ip_network, ip_address
+
+
+# Instantiate our FileUploadHandler class
+class FileUploadHandler(http.server.SimpleHTTPRequestHandler):
+    def __init__(self, *args, **kwargs):
+        self.upload_folder = kwargs.pop('upload_folder', None)
+        self.allowed_ip = kwargs.pop('allowed_ip', None)
+        self.organize_uploads = kwargs.pop('organize_uploads', False)
+        super().__init__(*args, **kwargs)
+
+    # Definer our handler method for restricting access by client ip
+    def restrict_access(self):
+        if not self.allowed_ip:
+            # No IP restriction, allow access
+            return True  
+        
+        # Obtain client ip
+        client_ip = ip_address(self.client_address[0])
+
+        # Parse through each entry in allowed_ips
+        allowed_ips = self.allowed_ip.split(',')
+        for ip in allowed_ips:
+            ip = ip.strip()     
+            # Check if the entry is in CIDR notation
+            if '/' in ip:
+                try:
+                    network = ip_network(ip, strict=False)
+                    if client_ip in network:
+                        return True
+                except ValueError:
+                    pass
+            elif client_ip == ip_address(ip):
+                return True
+            
+        # If none of the addresses check out, send a 403
+        self.send_response(403)
+        self.end_headers()
+        return False
+
+    # Define our GET handler method
+    def do_GET(self):
+        if self.path == '/':
+            # Check access restrictions
+            if not self.restrict_access():  
+                return
+
+            # Send HTTP response status code 200 back to the client
+            self.send_response(200)
+            self.send_header('Content-type', 'text/html')
+            self.end_headers()
+            self.wfile.write(b"""
+            <!DOCTYPE html>
+            <html>
+            <head>
+                <title>Raven File Upload</title>
+            </head>
+            <body>
+                <form method="POST" enctype="multipart/form-data">
+                    <input type="file" name="file">
+                    <input type="submit" value="Upload">
+                </form>
+            </body>
+            </html>
+            """)
+
+    # Define our POST handler method
+    def do_POST(self):
+        if self.path == '/':
+            # Check access restrictions
+            if not self.restrict_access():  
+                return
+
+            # Inspect incoming multipart/form-data content
+            content_type = self.headers['Content-Type']
+            if content_type.startswith('multipart/form-data'):
+                try:
+                    # Extract and parse multipart/form-data content
+                    content_length = int(self.headers['Content-Length'])
+                    form_data = self.rfile.read(content_length)
+
+                    # Extract the boundary from the content type header
+                    boundary = content_type.split('; ')[1].split('=')[1]
+
+                    # Split the form data using the boundary
+                    parts = form_data.split(b'--' + boundary.encode())
+
+                    for part in parts:
+                        if b'filename="' in part:
+                            # Extract filename from Content-Disposition header
+                            headers, data = part.split(b'\r\n\r\n', 1)
+                            content_disposition = headers.decode()
+                            filename = re.search(r'filename="(.+)"', content_disposition).group(1)
+
+                            # Sanitize the filename
+                            filename = sanitize_filename(filename)
+
+                            # Organize uploads into subfolders by remote client IP
+                            if self.organize_uploads and self.client_address:
+                                client_ip = self.client_address[0]
+                                upload_folder = os.path.join(self.upload_folder, client_ip)
+                                os.makedirs(upload_folder, exist_ok=True)
+                                file_path = os.path.join(upload_folder, filename)
+                            else:
+                                upload_folder = self.upload_folder  # Use the original upload folder
+                                file_path = os.path.join(upload_folder, filename)
+
+                            # Generate a unique filename in case the file already exists
+                            file_path = prevent_clobber(upload_folder, filename)
+
+                            # Save the uploaded file in binary mode
+                            with open(file_path, 'wb') as f:
+                                f.write(data)
+
+                            # Send HTTP response status code 200 back to the client
+                            self.send_response(200)
+                            self.end_headers()
+                            self.wfile.write(b"""
+                            <!DOCTYPE html>
+                            <html>
+                            <head>
+                                <meta http-equiv="refresh" content="3;url=/">
+                            </head>
+                            <body>
+                                <p>File uploaded successfully. Redirecting in 3 seconds...</p>
+                            </body>
+                            </html>
+                            """)
+
+                            # Print the path where the uploaded file was saved
+                            now = datetime.now().strftime("%d/%b/%Y %H:%M:%S")
+                            print(f"{self.client_address[0]} - - [{now}] \"File saved {file_path}\"")
+                            return
+                except Exception as e:
+                    print(f"Error processing the uploaded file: {str(e)}")
+
+            # Send HTTP response status code 400 back to the client
+            self.send_response(400)
+            self.end_headers()
+            self.wfile.write(b'No file uploaded.')
+
+
+# Normalizes the filename, then remove any characters that are not letters, numbers, underscores, dots, or hyphens
+def sanitize_filename(filename):
+    pass1 = os.path.normpath(filename)
+    final = re.sub(r'[^\w.-]', '_', pass1)
+    return final
+
+
+# Appends a file name with an incrementing number if it happens to exist already
+def prevent_clobber(upload_folder, filename):
+    file_path = os.path.join(upload_folder, filename)
+    counter = 1
+
+    while os.path.exists(file_path):
+        base_name, file_extension = os.path.splitext(filename)
+        new_filename = f"{base_name}_{counter}{file_extension}"
+        file_path = os.path.join(upload_folder, new_filename)
+        counter += 1
+
+    return file_path
+
+
+def main():
+    # Build the parser
+    parser = argparse.ArgumentParser(
+        description="A lightweight file upload service used for penetration testing and incident response.",
+        usage="python3 raven.py <listening_ip> <listening_port> [--allowed-ip <allowed_client_ip>] [--upload-folder <upload_directory>] [--organize-uploads]"
+    )
+
+    # Configure our arguments
+    parser.add_argument("host", help="The IP address for our http handler to listen on")
+    parser.add_argument("port", type=int, help="The port for our http handler to listen on")
+    parser.add_argument("--allowed-ip", help="Restrict access to our http handler by IP address (optional)")
+    parser.add_argument("--upload-folder", default=os.getcwd(), help="Designate the directory to save uploaded files to (default: current working directory)")
+    parser.add_argument("--organize-uploads", action="store_true", help="Organize file uploads into subfolders by remote client IP")
+
+    # Parse the command-line arguments
+    args = parser.parse_args()
+
+    # Check if no arguments were provided
+    if len(sys.argv) == 1:
+        parser.print_help()
+        sys.exit(1)
+
+    # Initializing variables
+    host = args.host
+    port = args.port
+    allowed_ip = args.allowed_ip
+    upload_folder = args.upload_folder
+    organize_uploads = args.organize_uploads
+    server = None
+
+    try:
+        # Check if the specified upload folder exists, if not try to create it
+        if not os.path.exists(upload_folder):
+            os.makedirs(upload_folder)
+
+        # Create our HTTP request handler with the new parameter
+        server = socketserver.TCPServer((host, port), lambda *args, **kwargs: FileUploadHandler(*args, **kwargs, upload_folder=upload_folder, allowed_ip=allowed_ip, organize_uploads=organize_uploads))
+
+        # Output HTTP request handler details
+        print(f"[*] Serving HTTP on {host} port {port} (http://{host}:{port}/)")
+
+        # Output additional details
+        if allowed_ip:
+            print(f"[*] Listener access is restricted to {allowed_ip}")
+        else:
+            print(f"[*] Listener access is unrestricted")
+
+        if organize_uploads:
+            print(f"[*] Uploads will be organized by client IP in {upload_folder}")
+        else:
+            print(f"[*] Uploads will be saved in {upload_folder}")
+
+        # Start our HTTP request handler
+        server.serve_forever()
+    except KeyboardInterrupt:
+        print("\nKeyboard interrupt received, exiting.")
+    except OSError as ose:
+        if ose.errno == errno.EADDRNOTAVAIL:
+            print(f"[!] The IP address '{host}' does not appear to be available on this system")
+        else:
+            print(f"[!] {str(ose)}")
+    except Exception as ex:
+           print(f"[!] {str(ex)}") 
+    finally:
+        if server:
+            server.server_close()
+
+
+if __name__ == '__main__':
+    main()
diff --git a/setup.py b/setup.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+from setuptools import setup, find_packages
+
+setup(
+    name='raven',
+    version='1.0.0',
+    url='https://github.com/gh0x0st/raven',
+    author='Tristram',
+    author_email="discord:blueteamer",
+    description='A lightweight file upload service used for penetration testing and incident response.',
+    long_description=open('README.md').read(),
+    long_description_content_type='text/markdown',
+    license="MIT",
+    keywords=['file upload', 'penetration testing', 'HTTP server', 'SimpleHTTPServer'],
+    packages=find_packages(),
+    install_requires=[],
+    entry_points={
+        'console_scripts': ['raven = raven.__main__:main'],
+    },
+    classifiers=[
+        "Development Status :: 3 - Alpha",
+        "License :: OSI Approved :: MIT License",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.6",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Operating System :: OS Independent",
+        "Intended Audience :: System Administrators",
+        "Intended Audience :: Security",
+        "Topic :: Utilities",
+        "Topic :: Security",
+        "Topic :: Security :: Penetration Testing",
+        "Topic :: System :: Networking",
+        "Topic :: System :: Systems Administration",
+    ],
+    python_requires='>=3.6',
+)
