Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features.

Usage

Help

$ ./webserver -helpweb subcommand  -bind string    	Bind Port (default "8080")  -certificate string    	HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365  -gzip    	Enables gzip/zlib compression (default true)  -help    	Print usage  -key string    	HTTPS Key : openssl genrsa -out server.key 2048  -password string    	Password for basic auth, default: notsecure (default "notsecure")  -private string    	Private folder with basic auth, default /tmp/SimpleHTTPServer-golang/src/bin/private (default "private")  -root string    	Root folder (default "/tmp/SimpleHTTPServer-golang/src/bin")  -tls    	Enables HTTPS  -username string    	Username for basic auth, default: admin (default "admin")run subcommandUsage:./webserver-l   inux-amd64 run <binary> <args>Packaged Binaries:

Web server over HTTP

$ ./webserverSharing /tmp/ on 8080 ...Sharing /tmp/private on 8080 ...

Web server over HTTPS

$ openssl genrsa -out server.key 2048Generating RSA private key, 2048 bit long modulus (2 primes)..........................................+++++.................................................................................................................+++++e is 65537 (0x010001)$ openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section)    []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:$ ./webserver web -tls -key server.key -cert server.crtSharing /tmp/ on 8080 ...Sharing /tmp/private on 8080 ...

Web server using private directory and root directory

Private folder on same directory

$ ./webserver-linux-amd64 web -private ThePrivateFolder -username nodauf -password nodaufSharing /tmp/ on 8080 ...Sharing /tmp/ThePrivateFolder on 8080 ...

Different path for root and private directory

$ ./webserver-linux-amd64 web -private /tmp/private -root /home/nodauf -username nodauf -password nodaufSharing /home/nodauf on 8080 ...Sharing /tmp/private on 8080 ...

Embedded binary (only on Windows)

List the embedded binaries:

C:\Users\Nodauf>.\webserver.exe run  You must specify a binary to run  -args string        Arguments for the binary  -binary string        Binary to execute  -help        Print usage  -list        List the embedded filesPackaged Binaries:Invoke-PowerShellTcp.ps1mimikatz.exephp-reverse-shell.phpplink.exe

Run binary with arguments:

C:\Users\Nodauf>.\webserver.exe run -binary mimikatz.exe -args "privilege::debug sekurlsa::logonpasswords"....

Running binary this way could help bypassing AV protections. Sometimes the arguments sent to the binary may be catch by the AV, if possible use the interactive CLI of the binary (like mimikatz) or recompile the binary to change the arguments name.

Features

• HTTPS
• Directory listing
• Define a private folder with basic authentication
• Upload file
• Download file as an encrypted zip (password: infected)
• Download folder with a zip
• Embedded files
• Run embedded binary written in C# (only available on Windows)
• Create a folder from the browser
• Ability to execute embedded binary

Todo

• Add feature for search and replace in embedded files (for fill the IP address for example)
• JS/CSS menu to give command line in powershell, some gtfobins, curl, wget to download and execute