Beispiel #1
0
 def get(self, project="default"):
     try:
         if not project:
             project = "default"
         if not get_flow_file(project):
             self.write("[ERROR] Flow File not Found!")
             return
         flows = load_flows(get_flow_file(project))
         sorted_flows = get_sorted_flows(flows)
         exclude_matches = settings.SKIP_URL_MATCH
         exclude_file_ext = settings.SKIP_FILE_EXTS
         exclude_resp_code = settings.EXCLUDE_RESP_CODE
         fuzzers = settings.FUZZERS
         projects = []
         flows_dir = settings.FLOWS_DIR
         for file in os.listdir(flows_dir):
             if file.endswith(".flows"):
                 projects.append(rreplace(file, ".flows", "", 1))
         context = {
             "title": "داشبورد ترافیک ها",
             "project": project,
             "projects": projects,
             "exclude_matches": exclude_matches,
             "exclude_ext": exclude_file_ext.keys(),
             "exlude_rs_code": exclude_resp_code,
             "sorted_flows": sorted_flows,
             "fuzzers": fuzzers,
             "f_slugify": slugify
         }
         self.render("dashboard.html", **context)
     except Exception as exp:
         print("[ERROR] ", str(exp))
         self.write({"error": str(exp)})
Beispiel #2
0
 def __init__(self, flow_name):
     print("Capture Module Loaded")
     if not get_flow_file(flow_name, True):
         print("[ERROR] Invalid Project Name")
         sys.exit(0)
     self.flow_file = get_flow_file(flow_name, True)
     self.http_dump_file = get_flow_file(flow_name, True) + ".txt"
     self.make_dir([self.flow_file, self.http_dump_file])
     self.display_out = settings.DISPLAY_OUT
     if self.flow_file:
         self.f = open(self.flow_file, "wb")  # type: typing.IO[bytes]
         self.w = io.FlowWriter(self.f)
     if self.http_dump_file:
         self.http_f = open(self.http_dump_file, "w")
Beispiel #3
0
    def post(self):
        operation = self.request.headers.get('X-Operation', '')
        flow_file = get_flow_file(self.get_argument("project", default=""))
        if not operation == "Start-Fuzz" or not flow_file:
            self.write({"error": "Operation or Project not found!"})
            return
        options = {}
        options["mode"] = "fuzz"
        options["include_scope"] = self.get_arguments("include_scope[]")
        options["exclude_scope"] = self.get_arguments("exclude_scope[]")
        options["active_fuzzers"] = self.get_arguments("active_fuzzers[]")
        options["exclude_url_match"] = self.get_argument(
            "exclude_url_match",
            default="on",
        )
        options["exclude_extensions"] = self.get_argument(
            "exclude_extensions",
            default="on",
        )
        options["exclude_response_code"] = self.get_argument(
            "exclude_response_code",
            default="on",
        )
        options["flow_file"] = flow_file
        options["write"] = ScanProgress.write
        options["api_login"] = self.get_argument("api_login")
        options["api_pin"] = self.get_argument("api_pin")
        options["api_register"] = self.get_argument("api_register")
        self.write({"status": "ok"})

        trd = Thread(target=run_fuzzer, args=(options, ))
        trd.setDaemon(True)
        trd.start()
Beispiel #4
0
 def run_fuzz_cmdline(self, mode, project):
     if project:
         flow_file = get_flow_file(project)
         if not flow_file:
             print("[ERROR] Flow File not found")
             return
     else:
         flow_file = get_flow_file("default")
     fuzz_options = {}
     fuzz_options["mode"] = mode
     fuzz_options["include_scope"] = []
     fuzz_options["exclude_scope"] = []
     fuzz_options["exclude_url_match"] = "on"
     fuzz_options["exclude_extensions"] = "on"
     fuzz_options["exclude_response_code"] = "on"
     fuzz_options["active_fuzzers"] = ["all"]
     fuzz_options["flow_file"] = flow_file
     fuzz_options["api_login"] = ""
     fuzz_options["api_pin"] = ""
     fuzz_options["api_register"] = ""
     fuzz_options["write"] = ScanProgress.write
     run_fuzzer(fuzz_options)
Beispiel #5
0
 def post(self):
     try:
         flow_id = self.request.headers.get('X-Flow-ID', '')
         flow_file = get_flow_file(self.get_argument("project", default=""))
         if not flow_id or not flow_file:
             self.write({"id": ""})
             return
         flows = load_flows(flow_file)
         for flow in flows:
             if flow.id == flow_id:
                 self.write(get_flow_meta(flow))
     except Exception as exp:
         print("[ERROR] ", str(exp))
         self.write({"error": str(exp)})