A flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads.
git clone https://github.com/outflanknl/RedFile
cd RedFile
docker-compose up
(or add -d to run without logging to console)
get a browser and point to:
This will launch module 'agent', the code for that module can be found on
This example returns the request information and the agent information in a json. note the 'agent' field coming from the incoming function call, all other details can be obtained from the flask request object
happy coding
have a look at the dstart module:
This will serve a payload X times at the start of the day and thereafter serve empty.txt
This allows for a stealhy persistence.
Not that at the end of the init function a request call can be made to another webserver for logging purposes.
Storage of the state is done in data.shelve
keyer will serve unique contect for a certain key. The key is a string appended with an md5 of "that first half string + a secret". this means new keys can be generated on the fly and will be valid as often ad you want.
Now next level, if you can build a payload that will include the username in the call have a look at:
You will see that john.txt and alice.txt get served once, notextist.txt isn't available so error.txt will be served once there. All calls after that point will serve 'default.txt'.
Consider a cronjob that deletes data.shelve every night to have a select group of users being served a payload once a day :)
ofcourse, this is proof of concept code. Consider using a proxy like haproxy to rewrite calls and have them end up at the correct module, also consider building encryption of obfuscation on the url and parameter.