Skip to content

Yuvvi01/SecExchange

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SecExchange
SecExchange
 
 

Repository files navigation

SecExchange

SecExchange is a versatile script designed to streamline file exchanges between target and attack machines during penetration testing engagements. It operates on the HTTP client-server model and features built-in basic authentication.

Features

HTTP Client-Server Model: SecExchange employs the HTTP protocol for seamless file transfers, ensuring compatibility across diverse network environments.

Built-in Basic Authentication: Enhancing security, SecExchange offers an optional password-based authentication mechanism. This safeguard ensures authorized users are the only ones allowed to upload or download files from the server. Please note that passwords are base64 encoded, and the communication does not employ encryption.

File Listing: The script enables the listing of all files and directories on the host. This functionality simplifies the process of locating and downloading desired files.

File Upload and Download: The script provides user-friendly features for uploading and downloading files between the client and server.

Usage

To launch the server:

./SecExchange server -a

To use the client:

./SecExchange client -s [server address] -p [port number] -ls [optional directory] -a

Installation

For Debian-based systems, make the script executable and move it to your PATH. Navigate to the script's directory and execute:

chmod +x SecExchange
sudo mv SecExchange /usr/local/bin

This enables running SecExchange from any location.

Additionally, you can fetch a copy of the script from the SecExchange server using tools like curl, wget, or PowerShell from the path http://[server address]/SecExchange, even if SecExchange isn't hosted in your server's directory.

Examples

List files on the server:

./SecExchange client -s 192.168.1.3 -ls -a

Upload a file to the server:

./SecExchange client -s 192.168.1.3 -u test2 -a

Download a file from the server:

./SecExchange client -s 192.168.1.3 -d test1 -a

Important Note

This script is intended solely for testing and development purposes. The server should be active for a brief period only during file transfers, and passwords should be unique for each use. Keep in mind that SecExchange does not use encrypted communication; passwords are base64 encoded. Use this tool responsibly within your penetration testing engagements.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages