基础设施推荐：HTTP上传下载服务器

1、扫描工具的测试，记录请求记录。2、托管远程下载服务，下载测试工具、shellcode等数据。3、托管远程上传服务器，回传测试数据。

1、能够添加授权功能，防止未授权访问导致数据泄漏。2、能够支持Curl、Wget等常见工具的上传和下载。3、默认不开启目录浏览功能，防止绕过授权后，目录下所有数据泄漏。

4、打包运行、没有依赖、稳定运行，不容易崩溃。5、支持中断继续上传、中断继续下载等功能。6、能够兼容curl、wget程序的上传下载功能。

# Python >= 2.4python -m SimpleHTTPServer 8000# Python 3.xpython -m http.server 8000

import osimport timefrom flask import Flask, request, send_fileROOT_PATH = os.path.abspath(os.path.dirname(__file__))BASE_PATH = Nonebasic_path = BASE_PATH if BASE_PATH else ROOT_PATHupload_path = os.path.join(basic_path, 'uploads')download_path = os.path.join(basic_path, 'download')AUTH_PARAM = "auth"  # 自定义认证参数AUTH_CUSTOMS = "passpass"  # 自定义认证参数值AUTH_DEFAULT = time.strftime("%Y%m%d%H")app = Flask(__name__)def auth_check(request_context):    request_auth_info = str(request_context.args.get(AUTH_PARAM))    print(f"auth_info: {request_auth_info} <-> AUTH_PARAM:{AUTH_PARAM} <-> AUTH_VALUE:{AUTH_CUSTOMS} <-> AUTH_DEFAULT:{AUTH_DEFAULT}")    return request_auth_info == AUTH_DEFAULT if AUTH_CUSTOMS is None else request_auth_info == AUTH_CUSTOMS@app.route("/download/<filename>", methods=["GET"])def download_file(filename):    try:        # 获取查询参数        if not auth_check(request):            return "Unauthorized", 401        # Download ing        if not os.path.exists(download_path):            os.makedirs(download_path)        file_path = os.path.join(download_path, filename)        return send_file(file_path, as_attachment=True)    except Exception as e:        # return str(e)        return "error"@app.route('/upload', methods=["GET","POST"])def upload_file():    try:        if not auth_check(request):            return "Unauthorized", 401        # Download ing        if not os.path.exists(upload_path):            os.makedirs(upload_path)        if 'file' not in request.files:            return "No file part"        file = request.files['file']        if file.filename == '':            return "No selected file"        if file:            filename = os.path.join(upload_path, file.filename)            file.save(f"{filename}.{time.time()}")            return "File Uploaded success!"        else:            return "File Uploaded failure!"    except Exception as e:        # return str(e)        return "error"if __name__ == "__main__":    app.run(host="0.0.0.0", port=8888)

# curl 下载curl http://127.0.0.1/download/xxx?auth=passpass -o xxx# 上传curl -X POST -F '[email protected]' http://example.com/upload?auth=passpasscurl -F "[email protected]" http://example.com/upload?auth=passpass

1、完美支持Curl、wget等常见工具的断点上传和断点下载。2、-auth参数 支持http base 认证3、-deny参数 支持关闭目录浏览功能

# 项目地址jan-bar/UpDownFile: 简易上传下载文件服务器https://github.com/jan-bar/UpDownFile# 安装go install github.com/jan-bar/UpDownFile@latest# 编译 需要Go 1.22build.bat

# 启动服务upDownFile.exe -s :8080 # 启动认证服务 且关闭目录浏览 (建议)upDownFile.exe -s :8080 -auth "user:pass" -deny# 下载文件# upDownFile cli 下载upDownFile cli -c -auth "user:pass" -o example.txt "http://xxx/example.txt"# curl等程序下载wget --user "user" --password "pass" --content-disposition "http://xxxx/example.txt"curl -u "user:pass" -C - -OJ "http://xxxx/example.txt"# 上传文件# upDownFile.exe cli 上传upDownFile.exe cli -c -auth "user:pass" -d @example.txt "http://xxxx/example.txt" # curl等程序上传 curl -u "user:pass" -C - -T example.txt "https://xxxx/example.txt"