System Serviceshttp serverwebdavsftptlsauthenticationwebhook

goshs

goshs is a SimpleHTTPServer written in Go, enhanced with features and security. It provides a simple HTTP server like Python's SimpleHTTPServer but with added helpful features and security measures.

Description

goshs serves as an enhanced web server for sharing files securely over HTTP, WebDAV, or SFTP protocols. It supports various authentication methods, TLS encryption, and webhook notifications, making it suitable for controlled file sharing in testing or operational environments.

Use cases include quickly setting up a read-only file server, enabling uploads with restrictions, or integrating with services like Let's Encrypt for HTTPS. Security features like IP whitelisting, basic auth, and certificate-based access ensure controlled access.

The tool is designed with cybersecurity in mind, offering options for read-only mode, upload-only mode, and integration with external notification systems for monitoring server events.

How It Works

goshs operates as a Go-based HTTP server listening on specified IP and port, serving files from a web root directory. It supports WebDAV for file management, SFTP for secure file transfer using SSH keys, and TLS via self-signed certs, custom certificates, PKCS12, or Let's Encrypt. Authentication includes basic auth and cert-based methods; restrictions via IP whitelists and proxies. Webhooks send event notifications (upload, delete, etc.) to providers like Discord. Configurable via CLI flags or YAML file.

Installation

bash

sudo apt install goshs

Flags

-i, --ipIP or Interface to listen on (default: 0.0.0.0)

-p, --portThe port to listen on (default: 8000)

-d, --dirThe web root directory (default: current working path)

-w, --webdavAlso serve using webdav protocol (default: false)

-wp, --webdav-portThe port to listen on for webdav (default: 8001)

-ro, --read-onlyRead only mode, no upload possible (default: false)

-uo, --upload-onlyUpload only mode, no download possible (default: false)

-uf, --upload-folderSpecify a different upload folder (default: current working path)

-s, --sslUse TLS

-ss, --self-signedUse a self-signed certificate

-sk, --server-keyPath to server key

-sc, --server-certPath to server certificate

-p12, --pkcs12Path to server p12

-p12np, --p12-no-passServer p12 has empty password

-sl, --lets-encryptUse Let's Encrypt as certification service

-sld, --le-domainsDomain(s) to request from Let's Encrypt (comma separated list)

-sftpActivate SFTP server capabilities (default: false)

-sp, --sftp-portThe port SFTP listens on (default: 2022)

-skf, --sftp-keyfileAuthorized_keys file for pubkey auth

-shk, --sftp-host-keyfileSSH Host key file for identification

-b, --basic-authUse basic authentication (user:pass - user can be empty)

-ca, --cert-authUse certificate based authentication - provide ca certificate

-H, --hashHash a password for file based ACLs

-ipw, --ip-whitelistComma separated list of IPs to whitelist

-tpw, --trusted-proxy-whitelistComma separated list of trusted proxies

-W, --webhookEnable webhook support (default: false)

-Wu, --webhook-urlURL to send webhook requests to

-We, --webhook-eventsComma separated list of events to notify [all, upload, delete, download, view, webdav, sftp, verbose] (default: all)

-Wp, --webhook-providerWebhook provider [Discord, Mattermost, Slack] (default: Discord)

-C, --configProvide config file path (default: false)

-P, --print-configPrint sample config to STDOUT (default: false)

-u, --userDrop privs to user (unix only) (default: current user)

--updateUpdate goshs to most recent version

-m, --mdnsDisable zeroconf mDNS registration (default: false)

-V, --verboseActivate verbose log output (default: false)

-vPrint the current goshs version

Examples

Start with default values

./goshs

Start with config file

./goshs -C /path/to/config.yaml

Start with webdav support

./goshs -w

Start with different port

./goshs -p 8080

Start with self-signed cert

./goshs -s -ss

Start with let's encrypt

./goshs -s -sl -sle user@example.com -sld your.domain.com,your.seconddomain.com

Start with custom cert

./goshs -s -sk <path to key> -sc <path to cert>

Start with basic auth

./goshs -b 'secret-user:$up3r$3cur3'

Updated 2026-04-16kali.org ↗