Developers always need to test code once in a while and there is a way to quickly launch a web server from your current working directory without the need of transferring or uploading your files somewhere else. This can be done in a Linux or MacOS environment and you don't have to install or run a full-blown web server to do this.
There are two ways to deploy the test server:
- Using PHP: (Considering that you already have PHP installed)
php -S localhost:[port] -t /path/to/web/dir
This command enables you to launch a temporary web server from any directory on your machine using php's built in web server. Just make sure you have an index.php or index.html inside that directory. You may type "php -h" to view the description of the options. If you chose port 80, you can then access your content by typing "http://localhost" on your web browser. Read all about it here.
- Using Python:
python -m SimpleHTTPServer [port]
Or if you're using Python 3:
python3 -m http.server [port]
These Python commands makes your current directory accessible using HTTP.
For more information click here.
This technique is also useful when you need to quickly share files on your network. For example, I am currently in my Documents folder and it contains the following files:
[email protected]:~/Documents# ls -al drwxr-xr-x 2 root root 4096 Feb 6 22:38 . drwxr-xr-x 34 root root 4096 Feb 4 18:52 .. -rw-r--r-- 1 root root 17 Feb 6 22:38 file2.zip -rw-r--r-- 1 root root 20 Feb 6 22:37 file.zip
My IP address is: 192.168.1.3
[email protected]:~/Documents# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.3 netmask 255.255.255.0 broadcast 192.168.1.255
If I want to share file.zip to someone on my network, I could just enter the following command:
[email protected]:~/Documents# php -S localhost:80 PHP 7.3.1-1 Development Server started at Wed Feb 6 22:46:52 2019 Listening on http://localhost:80 Document root is /root/Documents Press Ctrl-C to quit.
(I didn't include the absolute path to the file since what I intend to share is in my current working directory)
For the receiver to download the file, he/she just have to type this on his/her browser's address bar:
It is up to you on how you utilize this very handy tool. I find it very useful in penetration testing specially when you need to quickly host a file containing a payload during PoC demonstrations.
But be remined of this which I took from the PHP Manual:
Warning: This web server was designed to aid application development. It may also be useful for testing purposes or for application demonstrations that are run in controlled environments. It is not intended to be a full-featured web server. It should not be used on a public network.
Therefore, don't use it as your Production Server.