Update SSRF scenario, webserver and terraform code

.gitignore

@@ -8,6 +8,7 @@ __pycache__
 cloudgoat
 cloudgoat.pub
 output.txt
+.DS_Store
 
 # Configuration files:
 config.yml

scenarios/ec2_ssrf/assets/ssrf_app/README.md

@@ -5,12 +5,7 @@ This app was adopted from https://github.com/sethsec/Nodejs-SSRF-App.git with lo
 # Nodejs-SSRF-App
 Nodejs application intentionally vulnerable to SSRF
 
-#Operating Systems
-Ubuntu 14.04 TLS
-
-Kali 2.0
-
-#Download and Setup
+## Download and Setup
 
 ```ShellSession
 seth@ubuntu:/opt# sudo git clone https://github.com/sethsec/Nodejs-SSRF-App.git
@@ -32,3 +27,20 @@ seth@ubuntu:/opt/Nodejs-SSRF-App# sudo nodejs ssrf-demo-app.js
 ##################################################
 
 ```
+
+## Build and run in a Docker container
+
+```ShellSession
+❯ git clone [email protected]:sethsec/Nodejs-SSRF-App.git
+❯ cd Nodejs-SSRF-App/
+❯ docker build -t "nodejs-ssrf-app" .
+❯ docker run -it -p 8000:8000 nodejs-ssrf-app:latest
+
+##################################################
+#
+#  Server listening for connections on port:8000
+#  Connect to server using the following url:
+#  -- http://[server]:8000/?url=[SSRF URL]
+#
+##################################################
+```

scenarios/ec2_ssrf/assets/ssrf_app/app.js

@@ -0,0 +1,58 @@
+//////////////////////////////////////////
+// SSRF Demo App
+// Node.js Application Vulnerable to SSRF
+// Written by Seth Art <[email protected]>
+// MIT Licensed
+//////////////////////////////////////////
+
+var needle = require('needle');
+var express = require('express');
+
+// Currently this app is also vulnerable to reflective XSS as well. Kind of an easter egg :)
+
+var app = express();
+var port = 80
+
+app.get('/', function (request, response) {
+  var url = request.query['url'];
+  if (request.query['mime'] == 'plain') {
+    var mime = 'plain';
+  } else {
+    var mime = 'html';
+  };
+
+  console.log('New request: ' + request.url);
+
+  // If the URL is not set, then we will just return the default page.
+  if (url == undefined) {
+    response.writeHead(200, { 'Content-Type': 'text/' + mime });
+    response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+    response.write('<h2>I am an application. I want to be useful, so give me a URL to requested for you\n</h2><br><br>\n\n\n');
+    response.end();
+  } else { // If the URL is set, then we will try to request it.
+    needle.get(url, { timeout: 3000 }, function (error, response1) {
+      // If the request is successful, then we will return the response to the user.
+      if (!error && response1.statusCode == 200) {
+        response.writeHead(200, { 'Content-Type': 'text/' + mime });
+        response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+        response.write('<h2>I am an application. I want to be useful, so I requested: <font color="red">' + url + '</font> for you\n</h2><br><br>\n\n\n');
+        console.log(response1.body);
+        response.write(response1.body);
+        response.end();
+      } else { // If the request is not successful, then we will return an error to the user.
+        response.writeHead(404, { 'Content-Type': 'text/' + mime });
+        response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+        response.write('<h2>I wanted to be useful, but I could not find: <font color="red">' + url + '</font> for you\n</h2><br><br>\n\n\n');
+        response.end();
+        console.log(error)
+      }
+    });
+  }
+})
+
+app.listen(port);
+
+console.log('\n##################################################')
+console.log('#\n#  Server listening for connections on port:' + port);
+console.log('#  Connect to server using the following url: \n#  -- http://[server]:' + port + '/?url=[SSRF URL]')
+console.log('#\n##################################################')

scenarios/ec2_ssrf/assets/ssrf_app/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "ssrf_app",
+  "version": "1.0.0",
+  "description": "NodeJS Web App with a SSRF vulnerability",
+  "main": "app.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sethsec/Nodejs-SSRF-App.git"
+  },
+  "author": "Seth Art",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/sethsec/Nodejs-SSRF-App/issues"
+  },
+  "homepage": "https://github.com/sethsec/Nodejs-SSRF-App#readme",
+  "dependencies": {
+    "express": "^4.19.2",
+    "needle": "^3.3.1"
+  }
+}

scenarios/ec2_ssrf/terraform/data.tf

@@ -0,0 +1,31 @@
+data "aws_ami" "ec2" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+}
+
+data "archive_file" "lambda_function" {
+  type        = "zip"
+  source_file = "../assets/lambda.py"
+  output_path = "../assets/lambda.zip"
+}
+
+data "archive_file" "app" {
+  type        = "zip"
+  source_dir  = "../assets/ssrf_app/"
+  output_path = "../assets/app.zip"
+}