Skip to content

Releases: gh0x0st/raven

v1.0.1

28 Sep 20:11
@gh0x0st gh0x0st
v1.0.1
35e8085
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.1 Latest
Latest

Release Notes - Version 1.0.1 (2023-09-28)

Overview

Version 1.0.1 brings several improvements, including code refactoring and documentation enhancements.

Refactor

  • Improve code comments for enhanced clarity and readability.
  • Remove unnecessary debug code.

Documentation

  • Add a new section to the README.md with detailed examples for scripted uploads using Python and PowerShell.

Full Changelog

For a detailed list of all changes and commits made in this release, please refer to the CHANGELOG.

Assets 2
Loading

v1.0.0

26 Sep 18:30
@gh0x0st gh0x0st
v1.0.0
fc98e3e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0

Release Notes - Version 1.0.0 (2023-09-26)

Raven is a Python tool that extends the capabilities of the http.server Python module by offering a self-contained file upload web server. While the common practice is to use python3 -m http.server 80 to serve files for remote client downloads, Raven addresses the need for a similar solution when you need the ability to receive files from remote clients. This becomes especially valuable in scenarios such as penetration testing and incident response procedures when protocols such as SMB may not be a viable option.

Key Features

While the majority of the hard work is already being handled by the http.server module, it presents us with an opportunity to implement additional security and ease of use features without overcomplicating the overall implementation. These features currently include:

  • IP Access Restrictions: Optionally grants the ability to restrict access based on client IP addresses. You can define this access via a single IP, a comma-delimited list or by using CIDR notation.

  • Organized Uploads: Optionally organizes uploaded files into subfolders based on the remote client's IP address in a named or current working directory. Otherwise the default behavior will upload files in the current working directory.

  • File Sanitation: Sanitizes the name of each uploaded file prior to being saved to disk to help prevent potential abuse.

  • Clobbering: Verifies that the file does not already exist before it's written to disk. If it already exists, an incrementing number is appended to the filename to prevent clashes and ensure no data is overwritten.

  • Detailed Logging: Raven provides detailed logging of file uploads and interaction with the http server, including the status codes sent back to a client, its IP address, timestamp, and the saved file's location in the event a file is uploaded.

Usage

Raven is straightforward to use and includes simple command-line arguments to manage the included feature sets:

python3 raven.py <listening_ip> <listening_port> [--allowed-ip <allowed_client_ip>] [--upload-folder <folder>] [--organize-uploads]
  • <listening_ip>: The IP address for our http handler to listen on
  • <listening_port>: The port for our http handler to listen on
  • --allowed-ip <allowed_client_ip>:Restrict access to our http handler by IP address (optional)
  • --upload-folder : "Designate the directory to save uploaded files to (default: current working directory)
  • --organize-uploads: Organize file uploads into subfolders by remote client IP

Installation

Install from GitHub

  1. Clone the Repository

    git clone https://github.com/gh0x0st/raven.git
cd raven

  2. Install using pip3

    pip3 install .

  3. Add /home/USER/./local/bin to your PATH environment variable

    echo 'export PATH="/home/kali/.local/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

Examples

Start the HTTP server on all available network interfaces, listening on port 443:

raven 0.0.0.0 443

Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443 and restrict access to 192.168.0.4:

raven 192.168.0.12 443 --allowed-ip 192.168.0.4

Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443, restrict access to 192.168.0.4 and save uploaded files to /tmp:

raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-folder /tmp

Start the HTTP server on all on a specific interface (192.168.0.12), listening on port 443, restrict access to 192.168.0.4 and save uploaded files to /tmp organized by remote client ip:

raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-folder /tmp --organize-uploads

License

This project is licensed under the MIT License - see the LICENSE file for details.

Assets 2
Loading