Swego : Swiss Army Knife Webserver In Golang

Swego is a swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features.

Usage

Run the binary

If you don’t want to build it, binaries are availables on https://github.com/nodauf/Swego/releases

Otherwise, build-essential should be installed and GOPATH configured:

git clone https://github.com/nodauf/Swego.git
cd Swego/src
make compileLinux # Or make compileWindows

Help

$ ./webserver -help
web subcommand
-bind string
Bind Port (default “8080”)
-certificate string
HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365
-gzip
Enables gzip/zlib compression (default true)
-help
Print usage
-key string
HTTPS Key : openssl genrsa -out server.key 2048
-password string
Password for basic auth, default: notsecure (default “notsecure”)
-private string
Private folder with basic auth, default /tmp/SimpleHTTPServer-golang/src/bin/private (default “private”)
-root string
Root folder (default “/tmp/SimpleHTTPServer-golang/src/bin”)
-tls
Enables HTTPS
-username string
Username for basic auth, default: admin (default “admin”)

run subcommand
Usage:
./webserver-linux-amd64 run

Packaged Binaries:

Web server over HTTP

$ ./webserver
Sharing /tmp/ on 8080 …
Sharing /tmp/private on 8080 …

Web server over HTTPS

$ openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
……………………………………+++++
…………………………………………………………………………………………………..+++++
e is 65537 (0x010001)

$ openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
———-
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

$ ./webserver web -tls -key server.key -cert server.crt
Sharing /tmp/ on 8080 …
Sharing /tmp/private on 8080 …

Web server using private directory and root directory

  • Private folder on same directory

$ ./webserver-linux-amd64 web -private ThePrivateFolder -username nodauf -password nodauf
Sharing /tmp/ on 8080 …
Sharing /tmp/ThePrivateFolder on 8080 …

  • Different path for root and private directory

$ ./webserver-linux-amd64 web -private /tmp/private -root /home/nodauf -username nodauf -password nodauf
Sharing /home/nodauf on 8080 …
Sharing /tmp/private on 8080 …

Embedded binary (only on Windows)

  • List the embedded binaries:

C:\Users\Nodauf>.\webserver.exe run
You must specify a binary to run
-args string
Arguments for the binary
-binary string
Binary to execute
-help
Print usage
-list
List the embedded files

Packaged Binaries:
Invoke-PowerShellTcp.ps1
mimikatz.exe
php-reverse-shell.php
plink.exe

  • Run binary with arguments:

C:\Users\Nodauf>.\webserver.exe run -binary mimikatz.exe -args “privilege::debug sekurlsa::logonpasswords”
….

Running binary this way could help bypassing AV protections. Sometimes the arguments sent to the binary may be catch by the AV, if possible use the interactive CLI of the binary (like mimikatz) or recompile the binary to change the arguments name.

Features

  • HTTPS
  • Directory listing
  • Define a private folder with basic authentication
  • Upload multiple files
  • Download file as an encrypted zip (password: infected)
  • Download folder with a zip
  • Embedded files
  • Run embedded binary written in C# (only available on Windows)
  • Create a folder from the browser
  • Ability to execute embedded binary
  • Feature for search and replace (for fill the IP address in reverse shell for example)
  • Generate oneliners to download and execute a file

Todo

  • JS/CSS menu to give command line in powershell, some lolbins, curl, wget to download and execute
  • Config file for the search and replace (Useful for default config) and other features
  • Use regex for search and replace
  • Using virtual file system to manage embedded files
Download
R K

Share
Published by
R K
Tags: GolangSwegoSwiss Army Knifewebserver
4 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

1 day ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

1 day ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

1 day ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

1 day ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago