{"id":25733684,"url":"https://github.com/sdebby/webserverx","last_synced_at":"2025-09-19T20:55:57.664Z","repository":{"id":279465206,"uuid":"938909557","full_name":"sdebby/WebServerX","owner":"sdebby","description":"A secure personal web download server","archived":false,"fork":false,"pushed_at":"2025-02-25T17:37:36.000Z","size":172,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-25T18:35:34.261Z","etag":null,"topics":["cybersecurity","html","https","network","python","server"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sdebby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-25T17:32:24.000Z","updated_at":"2025-02-25T17:40:43.000Z","dependencies_parsed_at":"2025-02-25T18:35:57.799Z","dependency_job_id":"6d9d953b-df7b-4c25-acd1-a22a28845e43","html_url":"https://github.com/sdebby/WebServerX","commit_stats":null,"previous_names":["sdebby/webserverx"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sdebby/WebServerX","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdebby%2FWebServerX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdebby%2FWebServerX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdebby%2FWebServerX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdebby%2FWebServerX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sdebby","download_url":"https://codeload.github.com/sdebby/WebServerX/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdebby%2FWebServerX/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275998907,"owners_count":25567401,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-19T02:00:09.700Z","response_time":108,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","html","https","network","python","server"],"created_at":"2025-02-26T04:22:25.709Z","updated_at":"2025-09-19T20:55:57.621Z","avatar_url":"https://github.com/sdebby.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Personal python Web Server\n\n## Overview\nThis project started when a friend asked me to share a large file (17 GB) with him. The available options were not suitable:\n1. Email - *Email has size limitations*\n2. Split and send via email - *Would require splitting into 680 separate emails*\n3. Upload to Google Drive/Dropbox - *Requires a paid account*\n4. Share via torrent - *Too complicated for my friend and not working*\n\n**Solution**\nCreate a secure file download web server and host it on my Raspberry Pi internally!\n\n## MRD (Marketing requirement)\n- A secure file download server.\n- Easy to access with no additional software.\n- Server will be online for a period of time.\n\n## Technical\n\n### How to use\n* Creating a python secure web server, that display 2 HTML pages : login and files.  \n* Configure the server by creating a certificate and placing it in `certs` folder and a public and privet key.  \n* Put your shared files in the `files` folder.\n* Send the public key to the client .\n* Run the server with (or without) time limitation.\n* Configure your router to route incoming port to your host IP\n* On client connecting to the server IP address (on port 4433) the browser will display a \"not secure page\" this is due to the fact that the HTTPS certificate is self singed.\n* The client then need to attach the provided public key file.\n* After verification, the files page is sown to enable the client downloading. \n\n### Libraries\nusing the following libraries:\n```\nflask\nwerkzeug\npyOpenSSL\ncryptography\n```\n\nTo install run `pip install -r requirements.txt`\n\n### Arguments\n* To create a certificate (need OpenSSL to be installed)  \n`python WebServer.py -c `\n\n* To create a public and privet keys  \n`python WebServer.py -k `\n\n* To verify a public and privet keys  \n`python WebServer.py -k `\n\n* To run server with lime limit of 5 hours  \n`python WebServer.py -r 5`\n\n* Just run server for unlimited time  \n`python WebServer.py`\n\n### SSL certificate:\nRun this to create a certificate using a command line \n```bash\ncd certs\nopenssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365\n```\n**Note**: Since this uses self-signed certificates, browsers will show a security warning. You can use a proper certificates from a trusted Certificate Authority (like [Lets Encrypt](https://letsencrypt.org/)), Another option is to install the certificate into your OS system.\n\n## Security measures implemented in the code\n* Authentication - use a public key instead of user+password, public+privet keys can be replaced at any time.\n* Input validation - validate privet key structure \n* Self certificate HTTPS - prevents packet sniffing and men in the middle attacks.\n* Session time limit - Limits user time on page\n* Time base server - server will be online for limited time\n* Security headers like : SAME ORIGIN enabled, HTTPS enforce, XSS filtering, MIME sniffing prevention\n* Brut-force protection - lock down period after failed attempts from same IP  \n* Path Traversal Protection - ensuring that file paths are within the allowed directory to prevent path traversal attacks\n\n## Skill set\n* HTML\n* HTTPS\n* CSS\n* Python\n* Cyber-Security\n\n## Feedback\nIf you have any feedback, please reach out at shmulik.debby@gmail.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdebby%2Fwebserverx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsdebby%2Fwebserverx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdebby%2Fwebserverx/lists"}