Post Exploitationhttpfile uploadserverpenetration testingincident response

Raven

Raven is a Python tool that extends the http.server module to provide a self-contained file upload web server. It enables receiving files from remote clients, useful when protocols like SMB are not viable.

Description

Raven addresses the need for a lightweight file upload service in penetration testing and incident response scenarios. While python3 -m http.server is commonly used for serving files for remote downloads, Raven provides the complementary functionality for receiving uploads from remote clients.

This becomes especially valuable when alternative protocols such as SMB are not available or practical. The tool offers a simple HTTP handler that can be configured to listen on specific interfaces and ports, with options for access control and file organization.

Raven is designed for quick deployment in operational contexts where file transfer capabilities are required without complex setup.

How It Works

Raven operates as an HTTP server extending Python's http.server module, specifically handling file uploads via HTTP POST requests. It listens on a specified IP (lhost) and port (lport), accepts uploads to a designated directory, and supports IP restrictions and client-based organization into subfolders. Files are saved to the upload directory or current working directory by default.

Installation

bash

sudo apt install raven

Flags

--allowed-ip <allowed_client_ip>Restrict access to our HTTP handler by IP address (optional)

--upload-dir <upload_directory>Designate the directory to save uploaded files to (default: current working directory)

--organize-uploadsOrganize file uploads into subfolders by remote client

Examples

Start the HTTP server on all available network interfaces, listening on port 443

raven 0.0.0.0 443

Bind the HTTP server to a specific address (192.168.0.12), listening on port 443, and restrict access to 192.168.0.4

raven 192.168.0.12 443 --allowed-ip 192.168.0.4

Bind the HTTP server to a specific address (192.168.0.12), listening on port 443, restrict access to 192.168.0.4, and save uploaded files to /tmp

raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-dir /tmp

Bind the HTTP server to a specific address (192.168.0.12), listening on port 443, restrict access to 192.168.0.4, and save uploaded files to /tmp organized by remote client IP

raven 192.168.0.12 443 --allowed-ip 192.168.0.4 --upload-dir /tmp --organize-uploads

Start the HTTP server listening on all interfaces on default port 8080

raven

Start the HTTP server on all interfaces on default port 8080 explicitly

raven 0.0.0.0 8080

Updated 2026-04-16kali.org ↗