https://github.com/amadeusitgroup/exploit-server

A lightweight pentesting tool for logging and crafting HTTP requests, designed for internal deployment in Kubernetes and Openshift clusters.
https://github.com/amadeusitgroup/exploit-server

crafted-responses openshift pentest requestlogger

Last synced: 8 months ago
JSON representation

A lightweight pentesting tool for logging and crafting HTTP requests, designed for internal deployment in Kubernetes and Openshift clusters.

• Host: GitHub
• URL: https://github.com/amadeusitgroup/exploit-server
• Owner: AmadeusITGroup
• License: apache-2.0
• Created: 2025-03-10T16:32:58.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-06-16T23:05:14.000Z (12 months ago)
• Last Synced: 2025-06-17T00:19:31.451Z (12 months ago)
• Topics: crafted-responses, openshift, pentest, requestlogger
• Language: EJS
• Homepage:
• Size: 410 KB
• Stars: 4
• Watchers: 2
• Forks: 1
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
Exploit Server

===============

## Usage

This is a combination of RequestBin, BurpCollaborator and PortSwigger Exploit server lab. It aims to be a light weight application to be deployed internally for pentesters.

In the **/logs** page you can find the logs of all the requests made to the

server except those made to the **/logs** page and the **/craft** page.

The logs can be foung in JSON format to be exported by doing a GET request to

**/api/logs**

Example:

![image](./a_ciphered_request.png "An example")

![image](./a_deciphered_request.png "An example")

In the **/craft** page you can craft responses to GET requests at a specific URL.

You can even specify the Content Type of the response.

For example for the crafted response in the below image, when you do a GET

to **/test** you will get an empty JSON as a response.

![image](./a_crafted_response.png "An example")

## Build and development

You can run it locally on localhost with npm to test for functionality.

All you need to do is:

```

npm install

EXPLOIT_SERVER_KEY=mushokutensei npm start

```

EXPLOIT_SERVER_KEY is the password that we will generate a symmetric key from that will be used to encrypt the logs.

In `test/requester.sh` there is a small script that will assess the performance by sending a lot of request to the exploit server locally.

## Deployment

It was designed to be deployed internally in a Kubernetes or Openshift Cluster to aid internal pentest engagement.

A Docker image is available.

```

docker run -it -e "EXPLOIT_SERVER_KEY=mushokutensei" -p 3000:3000 h4r0r/exploit-server:1.0

```