Beispiel #1
0
def send_verification_mail(userId):
    # generate new link with type email, then load email texts
    link = db.add_verification_link(userId, 'email', str(uuid.uuid4().hex))
    htmlfile = open('website/templates/mailVerifikation.html',
                    'r',
                    encoding="utf8")
    htmltext = htmlfile.read()
    htmlfile.close()
    mailfile = open('website/templates/mailVerifikation.txt',
                    'r',
                    encoding="utf8")
    mailtext = mailfile.read()
    mailfile.close()

    # replace placeholders
    placeholders = {
        'LINK':
        'http://malwaremuehle.dynip.online/nowVerify/' +
        db.get_model(VerificationLink, link).link
    }
    htmlmail = replace_placeholder(htmltext, placeholders)
    txtmail = replace_placeholder(mailtext, placeholders)
    # send mail
    send_mail(
        db.get_model(User, userId).email,
        'Bitte verifiziere Deine E-Mail-Adresse', txtmail, htmlmail)
Beispiel #2
0
 def is_anon_tid(tid):
     try:
         if tid:
             task = db.get_model(Task, tid)
             if task and task.ticket_id:
                 uid = db.get_model(Ticket, task.ticket_id).user_id
                 return uid is None or uid is session.get('logged_in')
             else:
                 return True
     except AttributeError:
         return True
Beispiel #3
0
 def is_anon_task(sample):
     try:
         if sample["task_id"]:
             task = db.get_model(Task, sample["task_id"])
             if task and task.ticket_id:
                 uid = db.get_model(Ticket, task.ticket_id).user_id
                 return uid is None or uid is session.get('logged_in')
             else:
                 return True
     except AttributeError:
         return True
Beispiel #4
0
def loginRegister():
    if request.method == 'GET':
        return render_template('LoginRegister.html')
    if request.method == 'POST':
        # check if its a login request
        if 'emailLogin' in request.form:
            email = request.form['emailLogin']
            password = request.form['passwordLogin']
            userId = db.get_user_by_email(email)
            if not userId:
                return render_template('LoginRegister.html', loginError=True)
            if check_password_hash(
                    db.get_model(User, userId).password, password):
                if db.get_model(User, userId).email_authenticated:
                    session['logged_in'] = userId
                else:
                    return redirect(url_for('nowVerify'))
                return redirect(url_for('account'))
            else:
                return render_template('LoginRegister.html', loginError=True)
        # check if its a registration request
        elif 'emailRegister' in request.form:
            email = request.form['emailRegister']
            password = request.form['passwordRegister']
            passwordRep = request.form['passwordRepeatRegister']
            passwordhash = generate_password_hash(password)

            # check if E-Mail matches e-mail-pattern
            if not match(r'[^@]+@[^@]+\.[^@]+', email):
                return render_template('LoginRegister.html', mailFormat=True)

            # check if password fits policies
            if not checkpw(password):
                return render_template('LoginRegister.html', weakPw=True)

            # check if email is already taken
            if db.get_user_by_email(email):
                return render_template('LoginRegister.html', emailTaken=True)
            else:
                # check if password and password repeat match and if yes create account
                if password == passwordRep:
                    newUserId = db.add_user(email, passwordhash, 0)
                    send_verification_mail(newUserId)
                    return render_template('verification.html', send=True)
                else:
                    return render_template('LoginRegister.html',
                                           matchError=True)
        else:
            return render_template('LoginRegister.html')
Beispiel #5
0
def forgotPW():
    # TODO send email with reset link

    if 'email' in request.form:
        email = request.form['email']
        userId = db.get_user_by_email(email)
        if userId:
            # generate a new link and add it to database with type password
            link = db.add_verification_link(userId, 'password',
                                            str(uuid.uuid4().hex))
            #load email texts
            htmlfile = open('website/templates/passwordReset.html',
                            'r',
                            encoding="utf8")
            htmltext = htmlfile.read()
            htmlfile.close()
            mailfile = open('website/templates/passwordReset.txt',
                            'r',
                            encoding="utf8")
            mailtext = mailfile.read()
            mailfile.close()

            # replace placeholders
            placeholders = {
                'LINK':
                'http://malwaremuehle.dynip.online/resetpw/' +
                db.get_model(VerificationLink, link).link
            }
            htmlmail = replace_placeholder(htmltext, placeholders)
            txtmail = replace_placeholder(mailtext, placeholders)

            # send mail
            send_mail(email, 'Dein Link zur Passwortänderung', txtmail,
                      htmlmail)
            return render_template('forgotpw.html', emailsent=True)
        else:
            return render_template('forgotpw.html', emailsent=True)
    return render_template('forgotpw.html')
Beispiel #6
0
def account():
    userId = session.get('logged_in')
    if userId:
        tickets = db.get_tickets_by_user(userId)
        ticketval_list = []
        for ticket in tickets:
            ticketval_list.append(ticket['ticket_val'])

        # if user sends form for reset
        if 'passwordreset' in request.form and 'passwordrep' in request.form:
            password = request.form['passwordreset']
            passwordrep = request.form['passwordrep']

            if not checkpw(password):
                return render_template('account.html',
                                       tickets=ticketval_list,
                                       weakPw=True)

            # change password
            user = db.get_model(User, userId)
            if user:
                if check_password_hash(user.password, password):
                    return render_template('account.html',
                                           tickets=ticketval_list,
                                           samepass=True)
                elif password == passwordrep:
                    db.update_password(userId,
                                       generate_password_hash(password))
                    return render_template('account.html',
                                           tickets=ticketval_list,
                                           passreset=True)
                else:
                    return render_template('account.html',
                                           tickets=ticketval_list,
                                           matchError=True)

    return render_template('account.html', notauth=True)
Beispiel #7
0
def index():
    # A dictionary that translates the selected Operating System Value to the platform name used in cuckoo
    # TODO: Use the names that are used inside cuckoo
    osStringDict = {
        '0': 'notSelected',
        '1': 'cuckoo_Win7_Home_64bit_ma',
        '2': 'cuckoo_Win7_Prof_64b_ma',
        '3': 'cuckoo_Win10_Home_64bit_ma',
        '4': 'cuckoo_Win10_Pro_64bit_ma',
        '5': 'cuckoo_Win10_Education_64bit_ma',
        '6': 'cuckoo_Win10_Pro_Education_64bit_ma',
        # '7': 'cuckoo_Ubuntu_18.04_64bit_ma',
        '7': 'cuckoo_Debian_64bit_ma',
        '8': 'cuckoo_Debian_64bit_ma'
    }

    if request.method == 'GET':
        return render_template('index.html')

    if request.method == 'POST':
        # check if a URL analysis has been requested
        if 'url' in request.form:
            url = request.form['url']
            # getting the selected OS out of the form and translating it to the platform name used in cuckoo
            selectedOS = request.form['os2']
            if selectedOS == '0':
                return render_template('error.html',
                                       typeError=False,
                                       unknownTicket=False,
                                       noURL=False,
                                       noOS=True)
            else:
                # setting the platform option for the cuckoo submit function
                options = {'machine': osStringDict[selectedOS]}

                # submit to cuckoo
                cuckooticketID = submit([],
                                        url,
                                        options,
                                        user_id=session.get('logged_in'))
                if cuckooticketID:
                    return redirect(
                        url_for('analysisstarted',
                                ticket=db.get_model(
                                    Ticket, cuckooticketID).ticket_val))
                else:
                    return render_template('error.html',
                                           typeError=False,
                                           unknownTicket=False,
                                           noURL=True,
                                           noOS=False)
        # check if the post request contains a file / a file analysis has been requested
        if 'file[0]' not in request.files:
            return redirect(request.url)
        file = request.files['file[0]']
        # if user did not select a file, or it has no name
        if file.filename == '':
            return redirect(request.url)
        if file:
            # sanitising filename
            filename = secure_filename(file.filename)
            # safe file inside the upload folder
            path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
            file.save(path)
            # getting the selected OS out of the form and translating it to the platform name used in cuckoo
            selectedOS = request.form['os1']
            if selectedOS == '0':
                return render_template('error.html',
                                       typeError=False,
                                       unknownTicket=False,
                                       noURL=False,
                                       noOS=True)
            else:
                # setting the platform option for the cuckoo submit function
                options = {'machine': osStringDict[selectedOS]}
                # submit file to cuckoo
                cuckooticketID = submit(path, [],
                                        options,
                                        user_id=session.get('logged_in'))
                os.remove(path)
                if cuckooticketID:
                    return db.get_model(Ticket, cuckooticketID).ticket_val
                else:
                    return 'Error'
Beispiel #8
0
def admin():
    user = session.get('logged_in')
    if not user:
        abort(404)
    # check if a admin is logged in, if not pretend there is no page /admin
    if db.get_model(User, user).privilege_level != 99:
        abort(404)
    if request.method == 'GET':
        dbconnection = True
        # make a list of lists with size 4 of all running tasks to display at the admin page
        try:
            runningTasks = db.list_tasks(status='running')
        except:
            dbconnection = False

        runningTasks = [task.to_dict() for task in runningTasks]
        # shorten tagret path so its only the filename
        for task in runningTasks:
            task['target'] = os.path.basename(task['target'])
        runningTasks4Packs = [
            runningTasks[x:x + 4] for x in range(0, len(runningTasks), 4)
        ]

        status = get_cuckoo_status()

        totalram = to_gb(status['memtotal'])
        freeram = to_gb(status['memavail'])

        # get free disk space and turn bytes into gigabytes
        totalspace = str(
            round(
                status['diskspace']['analyses']['total'] / 1024 / 1024 / 1024,
                2))
        freespace = str(
            round(status['diskspace']['analyses']['free'] / 1024 / 1024 / 1024,
                  2))
        usedspace = str(
            round(status['diskspace']['analyses']['used'] / 1024 / 1024 / 1024,
                  2))

        #get the cpuusage and the nr. of machines connected to cuckoo and analyzing right now
        cpuload = status['cpuload']
        machinesavailable = status['machines']['available']
        machinestotal = status['machines']['total']

        adminlist = db.get_users_by_privilege(99)
        adminlist = [adminuser['email'] for adminuser in adminlist]

        return render_template('admin.html',
                               tasklist=runningTasks4Packs,
                               db=dbconnection,
                               totalram=totalram,
                               freeram=freeram,
                               cpuload=cpuload,
                               machinesavailable=machinesavailable,
                               machinestotal=machinestotal,
                               totalspace=totalspace,
                               freespace=freespace,
                               usedspace=usedspace,
                               adminlist=adminlist)
    elif request.method == 'POST':
        userId = db.get_user_by_email(request.form['email'])
        privilege_level = request.form['priv']
        if userId:
            db.set_user_privilege(privilege_level, userId)
        return redirect(url_for('admin'))