Serve local payload directories and generate transfer-ready HTTP or SMB targets.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for CameronCandau from gravatar.com CameronCandau

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (GPL #TODO)
  • Author: Cameron Candau
  • Tags payloads , http , smb , pentest , oscp
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

payload-server

payload-server is a CLI for serving a local payload directory over HTTP or SMB and generating copyable transfer targets during pentest and red-team workflow.

It is designed to pair cleanly with locker sync from artifact-catalog:

locker sync
payload-server linux
payload-server windows 8000 443

By default it serves ~/tools/payloads:

~/tools/payloads/
├── linux/
└── windows/
    ├── bin/
    ├── scripts/
    └── webshells/

Install

Preferred:

pipx install payload-server

For local development:

python3 -m venv .venv
. .venv/bin/activate
python3 -m pip install -e .

Usage

Use payload-server when you want to:

  • serve a local payload directory over HTTP
  • optionally expose the same directory over SMB
  • save the active serving context for follow-on commands
  • select a currently served file and copy its HTTP URL, SMB path, or local path

Serve Linux payloads over HTTP:

payload-server linux

Serve Windows payloads and write a staged ConPtyShell launcher:

payload-server windows 8000 443

Use SMB instead of HTTP:

payload-server windows --smb

Reuse the active serving context:

payload-server status
payload-server pick http
payload-server pick smb   # requires an active state started with --smb
payload-server pick local
payload-server pick ask

Behavior

  • Detects tun0, tun1, wg0, tap0, then eth0 for LHOST
  • Writes serving state to ~/.local/state/payload-server/state.json
  • Uses a fuzzy built-in HTTP server by default
  • Supports --updog and --plain-http as alternate HTTP backends
  • Uses impacket-smbserver or smbserver.py when --smb is enabled

Optional Runtime Tools

Some features depend on tools that are discovered at runtime instead of being hard install requirements:

  • rofi for interactive picking
  • wl-copy, xclip, or xsel for clipboard copy
  • tree for compact directory previews
  • updog for the alternate upload-capable HTTP backend
  • impacket-smbserver or smbserver.py for SMB serving
  • ip for interface and route based LHOST detection

If those tools are absent, the related feature fails with a direct error message while the rest of the CLI remains usable.

Relationship To artifact-catalog

payload-server does not ship payloads. It serves a user-managed local directory. The intended workflow is:

  1. Curate and publish with artifact-catalog
  2. Sync the approved mirror locally with locker sync
  3. Serve the synced directory with payload-server

Tests

python3 -m unittest discover -s tests
python3 -m compileall src tests

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for CameronCandau from gravatar.com CameronCandau

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (GPL #TODO)
  • Author: Cameron Candau
  • Tags payloads , http , smb , pentest , oscp
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

payload_server-0.1.2.tar.gz (11.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

payload_server-0.1.2-py3-none-any.whl (9.6 kB view details)

Uploaded Python 3

File details

Details for the file payload_server-0.1.2.tar.gz.

File metadata

  • Download URL: payload_server-0.1.2.tar.gz
  • Upload date:
  • Size: 11.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for payload_server-0.1.2.tar.gz
Algorithm Hash digest
SHA256 8ca91c6fa7db68daec140fe8800b38dac46f57571d8977748d35e0f4f599bd68
MD5 2745c940f0eccb21eb437b2a9ec01b70
BLAKE2b-256 7229bb4599508f86ef053784fa682f0f8c340d26ee687f0d86c7ff6c6954fd21

See more details on using hashes here.

Provenance

The following attestation bundles were made for payload_server-0.1.2.tar.gz:

Publisher: publish-pypi.yml on CameronCandau/Payload-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file payload_server-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: payload_server-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 9.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for payload_server-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 90cec56b296845224b06e6f9f2bedfca6bb1a470d35697026727863c1e3599d6
MD5 4e81debfe775551fd495813bfb8e2960
BLAKE2b-256 2bd7a1e63615d96dbb17c010fa9d1540561e66f57fdfb9068b30cf285f45940d

See more details on using hashes here.

Provenance

The following attestation bundles were made for payload_server-0.1.2-py3-none-any.whl:

Publisher: publish-pypi.yml on CameronCandau/Payload-Server

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page