def do_get(self, s): ''' get SETTING_NAME Retrieves the specified setting value and displays it to the screen. ''' print common.setting(s).value
def get_pvs_data(limit, db): ''' Returns the top 5 vulnerable hosts as detected from the PVS sensor. ''' resp = requests.post('https://%s:8835/login' % setting('pvs_host').value, data={ 'login': setting('pvs_user').value, 'password': setting('pvs_password').value, 'nocookie': 1, 'json': 1 }, verify=False) pvs_key = resp.json()['reply']['contents']['token'] data = requests.post('https://%s:8835/report2/hosts/sort' % setting('pvs_host').value, data={ 'report': 0, 'json': 1, 'token': pvs_key}, verify=False) hosts = data.json()['reply']['contents']['hostlist']['host'] shosts = sorted(hosts, key=lambda k: k['severity_index'], reverse=True) rethosts = [] max_vulns = 0 for item in shosts[:limit]: d = {'host': item['hostname']} sevs = {0: 'info', 1: 'low', 2: 'medium', 3: 'high', 4: 'critical'} for severity in item['severitycount']['item']: d[sevs[severity['severitylevel']]] = severity['count'] if item['severity'] > max_vulns: max_vulns = item['severity'] rethosts.append(d) requests.post('https://%s:8835/logout' % setting('pvs_host').value, data={ 'seq': 1802, 'json': 1, 'token': pvs_key}, verify=False) return jsonify({'vuln_max': max_vulns, 'hosts': rethosts})
def startup(): db.initialize() common.log_to_console() common.log_to_file() monitor.autostart(int(time.time()) + 5) debug(common.setting('api_debug').boolvalue) run(app=api.app, port=common.setting('api_port').intvalue, host=common.setting('api_host').value, server=common.setting('api_app_server').value, reloader=common.setting('api_debug').boolvalue, )
def autostart(delay_start=0): ''' Automatically starts up the parsers that are enabled if autostart is turned on. ''' s = Session() if setting('autostart').boolvalue: if setting('driftnet_enabled').boolvalue: start('driftnet', delay_start) if setting('ettercap_enabled').boolvalue: start('ettercap', delay_start) if setting('tshark_enabled').boolvalue: start('tshark', delay_start)
def do_run(self, s): ''' Runs the Dofler Service ''' db.initialize() common.log_to_console() common.log_to_file() monitor.autostart(int(time.time()) + 5) debug(common.setting('api_debug').boolvalue) run(app=api.app, port=common.setting('api_port').intvalue, host=common.setting('api_host').value, server=common.setting('api_app_server').value, reloader=common.setting('api_debug').boolvalue, )
def do_run(self, s): ''' Runs the Dofler Service ''' db.initialize() common.log_to_console() common.log_to_file() monitor.autostart(int(time.time()) + 5) debug(common.setting('api_debug').boolvalue) run( app=api.app, port=common.setting('api_port').intvalue, host=common.setting('api_host').value, server=common.setting('api_app_server').value, reloader=common.setting('api_debug').boolvalue, )
def api_settings(db): ''' Logging Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_logging.html').render( auth=auth(request), log_console=setting('log_console').intvalue, log_console_level=setting('log_console_level').value, log_file=setting('log_file').intvalue, log_file_level=setting('log_file_level').value, log_file_path=setting('log_file_path').value)
def api_settings(db): ''' Server Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_server.html').render( auth=auth(request), server_host=setting('server_host').value, server_port=setting('server_port').value, server_ssl=setting('server_ssl').intvalue, server_anonymize=setting('server_anonymize').intvalue, server_username=setting('server_username').value)
def api_settings(db): ''' Server Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_server.html').render( auth=auth(request), server_host=setting('server_host').value, server_port=setting('server_port').value, server_ssl=setting('server_ssl').intvalue, server_anonymize=setting('server_anonymize').intvalue, server_username=setting('server_username').value )
def api_settings(db): ''' API Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_api.html').render( auth=auth(request), api_debug=setting('api_debug').intvalue, api_port=setting('api_port').value, api_host=setting('api_host').value, api_app_server=setting('api_app_server').value, cookie_key=setting('cookie_key').value, database=config.config.get('Database', 'db'))
def api_settings(db): ''' Logging Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_logging.html').render( auth=auth(request), log_console=setting('log_console').intvalue, log_console_level=setting('log_console_level').value, log_file=setting('log_file').intvalue, log_file_level=setting('log_file_level').value, log_file_path=setting('log_file_path').value )
def api_settings(db): ''' API Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_api.html').render( auth=auth(request), api_debug=setting('api_debug').intvalue, api_port=setting('api_port').value, api_host=setting('api_host').value, api_app_server=setting('api_app_server').value, cookie_key=setting('cookie_key').value, database=config.config.get('Database', 'db') )
def logout(db): ''' User Logout. ''' response.delete_cookie('user', secret=setting('cookie_key').value) return env.get_template('settings_login.html').render( auth=False, )
def accounts(oid, db): ''' Returns any accounts that are newer than the oid specified. ''' if oid is not '0': items = db.query(Account).filter(Account.id > oid).all() else: items = db.query(Account).limit(setting('web_image_max').intvalue).all() return jsonify([i.dump() for i in items])
def login(): '''Login function''' if auth_login(request): response.set_cookie('user', request.forms.get('username'), secret=setting('cookie_key').value, ) response.add_header('Authentication', 'SUCCESS') else: response.add_header('Authentication', 'FAILURE')
def login(): '''Login function''' if auth_login(request): response.set_cookie( 'user', request.forms.get('username'), secret=setting('cookie_key').value, ) response.add_header('Authentication', 'SUCCESS') else: response.add_header('Authentication', 'FAILURE')
def parsers_settings(db): ''' Parser Configuration Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) parsers = {} for item in monitor.parser_status(): parsers[item] = { 'enabled': setting('%s_enabled' % item).boolvalue, 'command': setting('%s_command' % item).value, } return env.get_template('settings_parsers.html').render( auth=auth(request), parsers=parsers, autostart=setting('autostart').boolvalue, listen_interface=setting('listen_interface').value)
def main_page(db): ''' Main View ''' return env.get_template('main.html').render( auth=auth(request), status=monitor.status(), web_images=setting('web_images').boolvalue, web_accounts=setting('web_accounts').boolvalue, web_stats=setting('web_stats').boolvalue, web_image_delay=setting('web_image_delay').intvalue, web_account_delay=setting('web_account_delay').intvalue, web_stat_delay=setting('web_stat_delay').intvalue, web_image_max=setting('web_image_max').intvalue, web_account_max=setting('web_account_max').intvalue, web_stat_max=setting('web_stat_max').intvalue )
def parsers_settings(db): ''' Parser Configuration Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) parsers = {} for item in monitor.parser_status(): parsers[item] = { 'enabled': setting('%s_enabled' % item).boolvalue, 'command': setting('%s_command' % item).value, } return env.get_template('settings_parsers.html').render( auth=auth(request), parsers=parsers, autostart=setting('autostart').boolvalue, listen_interface=setting('listen_interface').value )
def api_settings(db): ''' WebUI Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_webui.html').render( auth=auth(request), web_images=setting('web_images').boolvalue, web_accounts=setting('web_accounts').boolvalue, web_stats=setting('web_stats').intvalue, web_image_delay=setting('web_image_delay').value, web_account_delay=setting('web_account_delay').value, web_stat_delay=setting('web_stat_delay').value, web_stat_max=setting('web_stat_max').intvalue, web_image_max=setting('web_image_max').intvalue, web_account_max=setting('web_account_max').intvalue, web_display_settings=setting('web_display_settings').boolvalue )
def getapi(self): ''' Initiates a login and then returns the api client object. ''' if os.path.exists(os.path.join(os.environ['HOME'], '.dofler_admin')): pfile = open(os.path.join(os.environ['HOME'], '.dofler_admin')) passwd = pfile.read().strip('\n') pfile.close() else: passwd = getpass('\nEnter Admin Password : '******'127.0.0.1', common.setting('api_port').intvalue, 'admin', passwd)
def do_set(self, s): ''' set SETTING_NAME VALUE Sets the specified setting to the specified value. ''' dset = s.split() if len(dset) == 2: name, value = dset s = db.SettingSession() setting = common.setting(name) setting.value = value s.merge(setting) s.commit() s.close()
def getapi(self): ''' Initiates a login and then returns the api client object. ''' if os.path.exists(os.path.join(os.environ['HOME'], '.dofler_admin')): pfile = open(os.path.join(os.environ['HOME'], '.dofler_admin')) passwd = pfile.read().strip('\n') pfile.close() else: passwd = getpass('\nEnter Admin Password : '******'127.0.0.1', common.setting('api_port').intvalue, 'admin', passwd )
def login_post(db): ''' Authentication Handler. ''' if auth_login(request): response.set_cookie('user', request.forms.get('username'), secret=setting('cookie_key').value ) response.add_header('Authentication', 'SUCCESS') redirect('/') else: return env.get_template('login.html').render( error='Authentication Failed', auth=False, status=monitor.status() )
def run(self): ''' Process startup. ''' s = Session() while int(time.time()) < self.delay: log.debug('%s: Parser Waiting til %s currently %s. sleeping 1s.' %( self.name, self.delay, int(time.time()))) time.sleep(1) self.command = setting('%s_command' % self.name).value\ .replace('{IF}', setting('listen_interface').value) self.api = DoflerClient( host=setting('server_host').value, port=setting('server_port').intvalue, username=setting('server_username').value, password=setting('server_password').value, ssl=setting('server_ssl').boolvalue, anon=setting('server_anonymize').boolvalue) s.close() self.realtime_process()
def update_settings(settings): ''' Settings Updater ''' s = SettingSession() for item in settings: if item == 'database': config.update(settings[item]) else: settingobj = setting(item) if item == 'server_password': if settings[item] != '1234567890': settingobj.value = settings[item] else: settingobj.value = settings[item] s.merge(settingobj) s.commit() s.close() common.log_to_console() common.log_to_file() monitor.autostart()
def login(db): ''' Authentication Page ''' error = None logged_in = False if request.method == 'POST': if auth_login(request): response.set_cookie( 'user', request.forms.get('username'), secret=setting('cookie_key').value, ) response.add_header('Authentication', 'SUCCESS') logged_in = True else: error = 'Authentication Failed' else: logged_in = auth(request) return env.get_template('settings_login.html').render(auth=logged_in, error=error)
def login(db): ''' Authentication Page ''' error=None logged_in=False if request.method == 'POST': if auth_login(request): response.set_cookie('user', request.forms.get('username'), secret=setting('cookie_key').value, ) response.add_header('Authentication', 'SUCCESS') logged_in=True else: error='Authentication Failed' else: logged_in=auth(request) return env.get_template('settings_login.html').render( auth=logged_in, error=error )
def settings_post(db): ''' Settings Update Handler. ''' s = SettingSession() if auth(request): for item in request.forms: settingobj = setting(item) if item == 'server_password': if request.forms['server_password'] != '1234567890': settingobj.value = request.forms[item] else: settingobj.value = request.forms[item] s.merge(settingobj) s.commit() s.close() common.log_to_console() common.log_to_file() monitor.autostart() return get_settings_page(auth(request), note='Settings Updated') else: return get_settings_page(auth(request), error='Must be Authenticated to Change Settings')
def api_settings(db): ''' WebUI Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_webui.html').render( auth=auth(request), web_theme=setting('web_theme').value, web_header=setting('web_header').value, web_images=setting('web_images').boolvalue, web_accounts=setting('web_accounts').boolvalue, web_stats=setting('web_stats').intvalue, web_pvs=setting('web_pvs_enabled').boolvalue, web_image_delay=setting('web_image_delay').value, web_account_delay=setting('web_account_delay').value, web_stat_delay=setting('web_stat_delay').value, web_pvs_delay=setting('web_pvs_delay').value, web_stat_max=setting('web_stat_max').intvalue, web_image_max=setting('web_image_max').intvalue, web_account_max=setting('web_account_max').intvalue, web_pvs_max=setting('web_pvs_max').intvalue, pvs_host=setting('pvs_host').value, pvs_user=setting('pvs_user').value, pvs_password=setting('pvs_password').value, web_display_settings=setting('web_display_settings').boolvalue)
def api_settings(db): ''' WebUI Settings Page ''' if auth(request) and request.method == 'POST': settings = {} for item in request.forms: settings[item] = request.forms[item] update_settings(settings) return env.get_template('settings_webui.html').render( auth=auth(request), web_theme=setting('web_theme').value, web_header=setting('web_header').value, web_images=setting('web_images').boolvalue, web_accounts=setting('web_accounts').boolvalue, web_stats=setting('web_stats').intvalue, web_pvs=setting('web_pvs_enabled').boolvalue, web_image_delay=setting('web_image_delay').value, web_account_delay=setting('web_account_delay').value, web_stat_delay=setting('web_stat_delay').value, web_pvs_delay=setting('web_pvs_delay').value, web_stat_max=setting('web_stat_max').intvalue, web_image_max=setting('web_image_max').intvalue, web_account_max=setting('web_account_max').intvalue, web_pvs_max=setting('web_pvs_max').intvalue, pvs_host=setting('pvs_host').value, pvs_user=setting('pvs_user').value, pvs_password=setting('pvs_password').value, web_display_settings=setting('web_display_settings').boolvalue )
def get_settings_page(auth, error=False, note=False): return env.get_template('settings.html').render( error=error, note=note, auth=auth, status=monitor.status(), log_console=setting('log_console').intvalue, log_console_level=setting('log_console_level').value, log_file=setting('log_file').intvalue, log_file_level=setting('log_file_level').value, log_file_path=setting('log_file_path').value, api_debug=setting('api_debug').intvalue, api_port=setting('api_port').value, api_host=setting('api_host').value, api_app_server=setting('api_app_server').value, cookie_key=setting('cookie_key').value, server_host=setting('server_host').value, server_port=setting('server_port').value, server_ssl=setting('server_ssl').intvalue, server_anonymize=setting('server_anonymize').intvalue, server_username=setting('server_username').value, web_images=setting('web_images').boolvalue, web_accounts=setting('web_accounts').boolvalue, web_stats=setting('web_stats').intvalue, web_image_delay=setting('web_image_delay').value, web_account_delay=setting('web_account_delay').value, web_stat_delay=setting('web_stat_delay').value, web_stat_max=setting('web_stat_max').intvalue, autostart=setting('autostart').intvalue, ettercap_enabled=setting('ettercap_enabled').intvalue, driftnet_enabled=setting('driftnet_enabled').intvalue, tshark_enabled=setting('tshark_enabled').intvalue, ettercap_command=setting('ettercap_command').value, driftnet_command=setting('driftnet_command').value, tshark_command=setting('tshark_command').value, listen_interface=setting('listen_interface').value, web_account_max=setting('web_account_max').value, web_image_max=setting('web_image_max').value )
def logout(): '''Simply deletes the account cookie, effectively logging the sensor out.''' response.delete_cookie('user', secret=setting('cookie_key').value )
def logout(): '''Simply deletes the account cookie, effectively logging the sensor out.''' response.delete_cookie('user', secret=setting('cookie_key').value)
def settings(db): ''' Returns the settings needed for the WebUI ''' return { 'stats_enabled': setting('web_stats').boolvalue, 'stats_delay': setting('web_stat_delay').intvalue, 'stats_max': setting('web_stat_max').intvalue, 'accounts_enabled': setting('web_accounts').boolvalue, 'accounts_delay': setting('web_account_delay').intvalue, 'accounts_max': setting('web_account_max').intvalue, 'images_enabled': setting('web_images').boolvalue, 'images_delay': setting('web_image_delay').intvalue, 'images_max': setting('web_image_max').intvalue, 'vulns_enabled': setting('web_pvs_enabled').boolvalue, 'vulns_delay': setting('web_pvs_delay').intvalue, 'vulns_max': setting('web_pvs_max').intvalue, 'header_text': setting('web_header').value, 'show_settings': setting('web_display_settings').boolvalue, }
def main_page(db): ''' Main View ''' return env.get_template('themes/%s.html' % setting('web_theme').value).render()
def logout(db): ''' User Logout. ''' response.delete_cookie('user', secret=setting('cookie_key').value) return env.get_template('settings_login.html').render(auth=False, )