reddit hackernews mail facebook facebook linkedin
pwndrop

pwndrop

Self-deployable file hosting service allowing to easily upload and share payloads over HTTP and WebD.

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.

Features:
- Upload and immediately share multiple files using your own private VPS, using drag & drop.
- Decide to make files available or unavailable for download with a single click.
- Set up custom download URLs, for shared files, without playing with directory structure.
- Set up facade files, which will be served instead of the original file whenever you feel like it.
- Set up automatic redirects to spoof the file's extension in a shared link.
- Change MIME type of the served file to change browser's behavior when a download link is clicked.
- Serve files over HTTP, HTTPS and WebDAV.
- Install and setup everything using a bash oneliner.
- Set up pwndrop to work as a nameserver and respond with a valid DNS A record to any sub-domain you choose.
- Protect your admin panel behind a custom secret URL path and log in securely with your own username and password.
- Never worry about setting up HTTPS certificates as pwndrop does everything for you in the background (including auto-renewals).

Its main goal is to make file sharing as easy and intuitive as possible, while implementing extra features to aid in red team assessments.

Frontend of pwndrop is developed in pure Vue.js + Bootstrap with no npm or webpack dependencies. The backend serves REST API and manages a local database, powered by GO language.