Upgopher, A Lightweight and Efficient File Server

Upgopher Logo

Why Upgopher?

Traditional file management solutions often rely on Python scripts, especially due to the ease of setting up an HTTP server with python3 -m http.server. However, this approach has several significant limitations:

  • No Authentication: Python’s basic server lacks authentication options, making it insecure if access needs to be restricted to certain users.
  • Limited Browsing and Management: It does not allow file uploads, lacks effective subfolder browsing, and does not offer options beyond serving files.
  • Lack of Security: Without native HTTPS support, traffic is not encrypted, exposing data to unnecessary risks.

Upgopher addresses these issues by being developed in Go, producing standalone binaries that run without external dependencies. This enables direct deployment on any Go-compatible platform, adding essential functionalities that simplify file sharing and management.

Upgopher for Pentesters and Security

One of the key motivations behind creating Upgopher was to streamline file transfer in specific contexts, such as during security audits. Pentesters, in particular, often need tools that facilitate quick file transfers, both for uploading payloads to remote systems and for effective exfiltration of information.

For instance, imagine you need to upload a file to a server you’ve just gained access to, but you want to avoid complicated dependencies or compatibility issues on a specific operating system. With Upgopher, you can compile the appropriate binary for that machine and execute it, enabling quick, hassle-free file transfers.

Another common situation for pentesters is the need to download information gathered during the exploitation phase. Upgopher also allows easy file downloads, providing a list of files available on the server without relying on external services or cumbersome methods for transferring files across networks.

Technical Features of Upgopher

Below, we explore some of Upgopher’s most relevant technical features:

  • Simplified File Uploads: Users can upload files through a straightforward web interface, selecting the file and clicking the “Upload” button. Uploaded files are stored by default in the uploads directory, though this can be changed with the -dir flag.
  • Folder and Subfolder Browsing: Upgopher allows browsing of the server’s stored content, including subfolder navigation, making it easy to organize uploaded files without direct interaction with the underlying file system.
  • Basic Authentication: For environments requiring a certain level of security, Upgopher offers basic authentication, enabled via the -user and -pass flags, ensuring that only authorized users can access the content.
  • ZIP Directory Download: A time-saving feature is the ability to download an entire directory as a ZIP file, particularly convenient when transferring a large volume of files at once.
  • Optional HTTPS: Security is a key consideration, so Upgopher can use HTTPS connections with a user-provided certificate or by generating a self-signed certificate with the -ssl flag. This protects files during transmission.
  • Cross-Platform Build Mode: Thanks to Go, binaries can be generated for any compatible operating system, making it an excellent option for flexible and portable file server deployment.
  • Quick Configuration: Every time you run it, you can change multiple parameters, such as the upload directory, port, basic authentication, hidden file visibility, and more.

How to Deploy Upgopher

There are various ways to deploy Upgopher depending on the environment’s needs.

Automatic Installation

The simplest way to install Upgopher is by using go install. With just the following command, you can obtain a ready-to-use version if Go is already installed:

go install github.com/wanetty/upgopher@latest

Building from Source

For those who prefer more control over the deployment process, it’s also possible to clone the repository and build the project manually:

git clone https://github.com/wanetty/upgopher.git cd upgopher go build

This allows users to compile Upgopher for their specific platforms, generating a binary tailored to their needs.

Docker

Deployment via Docker is also supported, ideal in environments where consistent, easily replicable implementations are sought:

docker build . -t upgopher docker run --name upgopher -p 9090:9090 upgopher

This simplifies implementation in container-based infrastructures and allows for isolated server instances.

Releases

The current version of Upgopher is available on the GitHub releases page. These versions are automatically compiled and can be downloaded directly from the releases page.

Usage Analysis and Application Cases

Common Use Cases

Upgopher is especially useful in situations requiring a quick file server without complex configuration:

  • Development Environments: Ideal for sharing resources among developers within the same network without tedious configurations.
  • Security Audits and Pentesting: As a pentester, you need fast, portable tools. Upgopher enables easy file uploads to compromised machines without compatibility issues, all thanks to its lightweight design and cross-platform compilation capability.
  • Small Local Infrastructures: For those seeking a file server for a home network or small office without relying on cloud services or complex setups.
  • Organized Bulk Downloads: The ability to download an entire directory as a ZIP file saves time and simplifies massive file transfers without complicated processes.

Example of Use

Below, we see an example of Upgopher in use on our local machine.

Example of Upgopher Execution

Next, we see how we can access Upgopher’s web interface, allowing us to upload files, download them, delete them, navigate directories, and download files in ZIP format.

Upgopher Web Interface

Limitations and Considerations

Although Upgopher is an effective solution for many situations, it has some limitations due to its simplicity:

  • Limited Security: While it supports basic authentication and HTTPS, it’s not intended as a replacement for high-security solutions. For environments where privacy is critical, additional protection methods should be considered.
  • Restrictive Functionality: Upgopher is designed to be simple and straightforward, advantageous in certain contexts, but may not be sufficient for implementations requiring advanced file management features, such as granular permissions or integrations with other services.

Conclusion

Upgopher stands out as a robust and straightforward tool to address the need for a lightweight, cross-platform file server. Its development in Go makes it ideal for those looking to minimize library dependencies and avoid common issues associated with using Python in this context.

While not intended to be a complex solution, its focus on simplicity and ease of use makes it an attractive option for a wide range of cases. From development environments to security audits and small offices, Upgopher offers an efficient and quick way to share and manage files.

To learn more or contribute to the project, you can visit the GitHub repository.

If you have technical questions or want to discuss potential improvements, you can also find me on Twitter at @gm_eduard.