SimpleHTTPserver
Go alternative of python SimpleHTTPServer
Features • Usage • Installation • Run SimpleHTTPserver • Join Discord
SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with in addition a fully customizable TCP server, both supporting TLS.
Features
- HTTP/S Web Server
- File Server with arbitrary directory support
- HTTP request/response dump
- Configurable ip address and listening port
- Configurable HTTP/TCP server with customizable response via YAML template
Installing SimpleHTTPserver
SimpleHTTPserver requires go1.17+ to install successfully. Run the following command to get the repo -
go install -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest
Usage
simplehttpserver -h
This will display help for the tool. Here are all the switches it supports.
Flag | Description | Example |
---|---|---|
-listen |
Configure listening ip:port (default 127.0.0.1:8000) | simplehttpserver -listen 127.0.0.1:8000 |
-path |
Fileserver folder (default current directory) | simplehttpserver -path /var/docs |
-verbose |
Verbose (dump request/response, default false) | simplehttpserver -verbose |
-tcp |
TCP server (default 127.0.0.1:8000) | simplehttpserver -tcp 127.0.0.1:8000 |
-tls |
Enable TLS for TCP server | simplehttpserver -tls |
-rules |
File containing yaml rules | simplehttpserver -rules rule.yaml |
-upload |
Enable file upload in case of http server | simplehttpserver -upload |
-max-file-size |
Max Upload File Size (default 50 MB) | simplehttpserver -max-file-size 100 |
-sandbox |
Enable sandbox mode | simplehttpserver -sandbox |
-https |
Enable HTTPS in case of http server | simplehttpserver -https |
-http1 |
Enable only HTTP1 | simplehttpserver -http1 |
-cert |
HTTPS/TLS certificate (self generated if not specified) | simplehttpserver -cert cert.pem |
-key |
HTTPS/TLS certificate private key | simplehttpserver -key cert.key |
-domain |
Domain name to use for the self-generated certificate | simplehttpserver -domain projectdiscovery.io |
-cors |
Enable cross-origin resource sharing (CORS) | simplehttpserver -cors |
-basic-auth |
Basic auth (username:password) | simplehttpserver -basic-auth user:password |
-realm |
Basic auth message | simplehttpserver -realm "insert the credentials" |
-version |
Show version | simplehttpserver -version |
-silent |
Show only results | simplehttpserver -silent |
-py |
Emulate Python Style | simplehttpserver -py |
-header |
HTTP response header (can be used multiple times) | simplehttpserver -header 'X-Powered-By: Go' |
Running simplehttpserver in the current folder
This will run the tool exposing the current directory on port 8000
simplehttpserver
2021/01/11 21:40:48 Serving . on http://0.0.0.0:8000/...
2021/01/11 21:41:15 [::1]:50181 "GET / HTTP/1.1" 200 383
2021/01/11 21:41:15 [::1]:50181 "GET /favicon.ico HTTP/1.1" 404 19
Running simplehttpserver in the current folder with HTTPS
This will run the tool exposing the current directory on port 8000 over HTTPS with user provided certificate:
simplehttpserver -https -cert cert.pen -key cert.key
2021/01/11 21:40:48 Serving . on http://0.0.0.0:8000/...
2021/01/11 21:41:15 [::1]:50181 "GET / HTTP/1.1" 200 383
2021/01/11 21:41:15 [::1]:50181 "GET /favicon.ico HTTP/1.1" 404 19
Instead, to run with self-signed certificate and specific domain name:
simplehttpserver -https -domain localhost
2021/01/11 21:40:48 Serving . on http://0.0.0.0:8000/...
2021/01/11 21:41:15 [::1]:50181 "GET / HTTP/1.1" 200 383
2021/01/11 21:41:15 [::1]:50181 "GET /favicon.ico HTTP/1.1" 404 19
Running simplehttpserver with basic auth and file upload
This will run the tool and will request the user to enter username and password before authorizing file uploads
simplehttpserver -basic-auth root:root -upload
2021/01/11 21:40:48 Serving . on http://0.0.0.0:8000/...
To upload files use the following curl request with basic auth header:
curl -v --user 'root:root' --upload-file file.txt http://localhost:8000/file.txt
Running TCP server with custom responses
This will run the tool as TLS TCP server and enable custom responses based on YAML templates:
simplehttpserver -rules rules.yaml -tcp -tls -domain localhost
The rules are written as follows:
rules:
- match: regex-match
match-contains: literal-match
name: rule-name
response: response data
For example to handle two different paths simulating an HTTP server or SMTP commands:
rules:
# HTTP Requests
- match: GET /path1
name: redirect
response: |
HTTP/1.0 200 OK
Server: httpd/2.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Date: Fri, 16 Apr 2021 14:30:32 GMT
Content-Type: text/html
Connection: close
<HTML><HEAD><script>top.location.href='/Main_Login.asp';</script>
</HEAD></HTML>
- match: GET /path2
name: "404"
response: |
HTTP/1.0 404 OK
Server: httpd/2.0
<HTML><HEAD></HEAD><BODY>Not found</BODY></HTML>
# SMTP Commands
- match: "EHLO example.com"
name: smtp
response: |
250-localhost Nice to meet you, [127.0.0.1]
250-PIPELINING
250-8BITMIME
250-SMTPUTF8
250-AUTH LOGIN PLAIN
250 STARTTLS
- match: "MAIL FROM: <[email protected]>"
response: 250 Accepted
- match: "RCPT TO: <[email protected]>"
response: 250 Accepted
- match-contains: !!binary |
MAwCAQFgBwIBAwQAgAA=
name: "ldap"
# Request: 300c 0201 0160 0702 0103 0400 8000 0....`........
# Response: 300c 0201 0161 070a 0100 0400 0400 0....a........
response: !!binary |
MAwCAQFhBwoBAAQABAA=
Note
- This project is intended for development purposes only; it should not be used in production.
Thanks
SimpleHTTPserver is made with 🖤 by the projectdiscovery team.