def get(self, project="default"):
try:
if not project:
project = "default"
if not get_flow_file(project):
self.write("[ERROR] Flow File not Found!")
return
flows = load_flows(get_flow_file(project))
sorted_flows = get_sorted_flows(flows)
exclude_matches = settings.SKIP_URL_MATCH
exclude_file_ext = settings.SKIP_FILE_EXTS
exclude_resp_code = settings.EXCLUDE_RESP_CODE
fuzzers = settings.FUZZERS
projects = []
flows_dir = settings.FLOWS_DIR
for file in os.listdir(flows_dir):
if file.endswith(".flows"):
projects.append(rreplace(file, ".flows", "", 1))
context = {
"title": "داشبورد ترافیک ها",
"project": project,
"projects": projects,
"exclude_matches": exclude_matches,
"exclude_ext": exclude_file_ext.keys(),
"exlude_rs_code": exclude_resp_code,
"sorted_flows": sorted_flows,
"fuzzers": fuzzers,
"f_slugify": slugify
}
self.render("dashboard.html", **context)
except Exception as exp:
print("[ERROR] ", str(exp))
self.write({"error": str(exp)})
def __init__(self, flow_name):
print("Capture Module Loaded")
if not get_flow_file(flow_name, True):
print("[ERROR] Invalid Project Name")
sys.exit(0)
self.flow_file = get_flow_file(flow_name, True)
self.http_dump_file = get_flow_file(flow_name, True) + ".txt"
self.make_dir([self.flow_file, self.http_dump_file])
self.display_out = settings.DISPLAY_OUT
if self.flow_file:
self.f = open(self.flow_file, "wb") # type: typing.IO[bytes]
self.w = io.FlowWriter(self.f)
if self.http_dump_file:
self.http_f = open(self.http_dump_file, "w")
def post(self):
operation = self.request.headers.get('X-Operation', '')
flow_file = get_flow_file(self.get_argument("project", default=""))
if not operation == "Start-Fuzz" or not flow_file:
self.write({"error": "Operation or Project not found!"})
return
options = {}
options["mode"] = "fuzz"
options["include_scope"] = self.get_arguments("include_scope[]")
options["exclude_scope"] = self.get_arguments("exclude_scope[]")
options["active_fuzzers"] = self.get_arguments("active_fuzzers[]")
options["exclude_url_match"] = self.get_argument(
"exclude_url_match",
default="on",
)
options["exclude_extensions"] = self.get_argument(
"exclude_extensions",
default="on",
)
options["exclude_response_code"] = self.get_argument(
"exclude_response_code",
default="on",
)
options["flow_file"] = flow_file
options["write"] = ScanProgress.write
options["api_login"] = self.get_argument("api_login")
options["api_pin"] = self.get_argument("api_pin")
options["api_register"] = self.get_argument("api_register")
self.write({"status": "ok"})
trd = Thread(target=run_fuzzer, args=(options, ))
trd.setDaemon(True)
trd.start()
def run_fuzz_cmdline(self, mode, project):
if project:
flow_file = get_flow_file(project)
if not flow_file:
print("[ERROR] Flow File not found")
return
else:
flow_file = get_flow_file("default")
fuzz_options = {}
fuzz_options["mode"] = mode
fuzz_options["include_scope"] = []
fuzz_options["exclude_scope"] = []
fuzz_options["exclude_url_match"] = "on"
fuzz_options["exclude_extensions"] = "on"
fuzz_options["exclude_response_code"] = "on"
fuzz_options["active_fuzzers"] = ["all"]
fuzz_options["flow_file"] = flow_file
fuzz_options["api_login"] = ""
fuzz_options["api_pin"] = ""
fuzz_options["api_register"] = ""
fuzz_options["write"] = ScanProgress.write
run_fuzzer(fuzz_options)
def post(self):
try:
flow_id = self.request.headers.get('X-Flow-ID', '')
flow_file = get_flow_file(self.get_argument("project", default=""))
if not flow_id or not flow_file:
self.write({"id": ""})
return
flows = load_flows(flow_file)
for flow in flows:
if flow.id == flow_id:
self.write(get_flow_meta(flow))
except Exception as exp:
print("[ERROR] ", str(exp))
self.write({"error": str(exp)})