pwndrop (LinuxServer.io)
Host and share red team payloads securely over HTTP and WebDAV. Disguise files with facades, spoof extensions, and manage access through a hidden admin panel.
Deploying a custom file server for red teaming engagements is often a tedious process. This self-hosted file sharing service eliminates the hassle of configuring web servers and writing complex rewrite rules. Designed specifically for security professionals, it allows you to easily upload and manage files through a responsive, drag-and-drop web interface.
Key capabilities include:
- Multi-protocol sharing: Serve your files seamlessly over HTTP, HTTPS, and WebDAV, making it ideal for pulling second-stage payloads.
- Facade files: Protect your payloads from online scanners by serving a clean, legitimate file until you are ready to deliver the actual payload.
- URL spoofing and redirection: Create custom URL paths without physical directories and set up automatic redirects to spoof file extensions.
- Hidden admin panel: Keep your infrastructure secure with a password-protected admin interface that remains completely hidden from unauthorized visitors.
The entire platform operates as a single executable with zero dependencies, automatically provisioning TLS certificates via Let's Encrypt for secure deployment.
Directory Structure
pwndrop-linuxserver-io
config
data
.env
docker-compose.yml
docker-compose.yml
services:
pwndrop:
image: lscr.io/linuxserver/pwndrop:latest
container_name: pwndrop
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SECRET_PATH=${SECRET_PATH}
volumes:
- ./config:/config
- ./data:/var/www/pwndrop/data
ports:
- 8080:8080
restart: unless-stopped.env
SECRET_PATH=/pwndropCategories:
Ad
Similar to pwndrop (LinuxServer.io)