zeppelin

command module

v0.2.1 Latest Latest Go to latest Published: Aug 14, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hcninja/zeppelin

Links

Open Source Insights

README ¶

Zeppelin

Zeppelin is a tiny web server for uploading and downloading files able to run on close to any system without dependencies and with some extra pentester toys.

Build:

For compiling zeppelin you need to have a working go instalation, please visit golang.org for detailed instructions on how to do this.

After, its as easy as issuing the following commands:

git clone https://github.com/hcninja/zeppelin.git
cd zeppelin
go build

Or just download the latest release for your architecture directly from releases.

Usage:

With ./zeppelin -h you will get the available flags.

Usage of ./zeppelin:
  -host string
    	Server host (default "127.0.0.1")
  -nocmd
    	Disables CMD endpoints
  -noupload
    	Disables the upload endpoint
  -path string
    	Path to serve and upload files to (default "./")
  -port string
    	Server port (default "8080")
  -tls
    	Enables TLS. Cert and key must be in root 'cert.pem and key.pem'
  -unsafe
    	Removes the file upload limit of 8MB

The standard running mode, is to serve the path where zeppelin is running on. For serving the /etc directory on all interfaces on port 8443 you can use ./zeppelin -host 0.0.0.0 -pots 8443 -path /etc.

Generating a testing self-signed certificate

In order to enable TLS on Zeppelin you must provide a certificate and a key in pem format, Zeppelin will search for this two files under the name "cert.pem" and "key.pem".

If you have no available certificate (you can use a Let's Encrypt one for free), you can generate a self-signed certificate with openssl:

openssl req -x509 -out cert.pem -keyout key.pem \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:127.0.0.1\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

ToDo:

Navigate the served directory
File upload
HTTPS
System command execution
File navigator and uploader authentication
Web interface for logging request with headers
Process injection/migration

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL