def wrapper(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(self.get_secure_cookie('auth'),
self.request.remote_ip)
if session != None:
return method(self, *args, **kwargs)
self.render("public/404.html")
def render(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.handler.get_secure_cookie('auth'), self.request.remote_ip)
if session is not None:
return self.render_string('sidebar/user.html',
ranks=Team.get_all())
def post(self, *args, **kwargs):
''' Create the Dork in the system '''
form = Form(title="Please enter a title",
description="Please enter a Description",
author="Please Enter an Author",
query="Please Enter the Shodan Hq Search Query",
tag="Please Select a Category")
try:
#Getting the user
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
user = User.by_user_name(session.data['user_name'])
#Get the tag
old_tag = Tag.by_name(self.get_argument('tag'))
#Get all the tags
tags = Tag.all()
if user != None:
if form.validate(self.request.arguments):
old_dork = Dork.by_title(self.get_argument('title'))
if old_dork:
self.render(
'user/submit.html',
user=user,
errors=[
'A Dork by this title has already been submitted'
],
success=None,
tags=tags)
elif old_tag == None:
self.render(
'user/submit.html',
user=user,
errors=[
'A Dork by this title has already been submitted'
],
success=None,
tags=tags)
else:
self.create_dork(user)
self.render('user/submit.html',
user=user,
success='Successfully created new Dork',
errors=None,
tags=tags)
else:
self.render('user/submit.html',
user=user,
errors=form.errors,
success=None,
tags=tags)
else:
self.render('public/please_login.html')
except Exception as e:
print e
self.render('public/please_login.html')
def wrapper(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(self.get_secure_cookie('auth'),
self.request.remote_ip)
if session != None:
return method(self, *args, **kwargs)
# Just render a 404 page, instead of redirecting - this prevents people
# from enumerating legitimate URLs based on if the page is a 200 or 302
self.render("public/404.html")
def wrapper(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
if session != None:
user = User.by_user_name(session.data['user_name'])
if user != None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn(
"Attempted unauthorized access from %s to %s (no permission)" %
(self.request.remote_ip, self.request.uri))
self.redirect(self.application.settings['forbidden_url'])
def successful_login(self, user):
''' Called when a user successfully authenticates '''
logging.info("Successful login: %s from %s" %
(user.user_name, self.request.remote_ip))
session_manager = SessionManager.Instance()
sid, session = session_manager.start_session()
self.set_secure_cookie(name='auth',
value=str(sid),
expires_days=1,
HttpOnly=True)
session.data['user_name'] = str(user.user_name)
session.data['ip'] = str(self.request.remote_ip)
session.data['menu'] = "user"
def render(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.handler.get_secure_cookie('auth'), self.request.remote_ip)
if session != None:
if session.data['menu'] == 'user':
return self.render_string('sidebar/user.html',
bots=PhoneBot.get_all())
elif session.data['menu'] == 'admin':
return self.render_string('sidebar/user.html',
uri=self.handler.request.uri)
return self.render_string('sidebar/public.html',
uri=self.handler.request.uri)
def render(self, *args, **kwargs):
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.handler.get_secure_cookie('auth'), self.request.remote_ip)
if session != None:
if session.data['menu'] == 'user':
return self.render_string('menu/user.html',
uri=self.handler.request.uri,
user_name=session.data['user_name'])
elif session.data['menu'] == 'admin':
return self.render_string('menu/admin.html',
uri=self.handler.request.uri)
return self.render_string('menu/public.html',
uri=self.handler.request.uri)
def get(self, *args, **kwargs):
try:
session_manager = SessionManager.Instance()
session = session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)
user = User.by_user_name(session.data['user_name'])
if user != None:
tags = Tag.all()
self.render('user/submit.html',
user=user,
errors=None,
success=None,
tags=tags)
else:
self.render('public/please_login.html')
except:
self.render('public/please_login.html')
def start_server():
''' Main entry point for the application '''
sockets = netutil.bind_sockets(config.listen_port)
server = HTTPServer(app)
server.add_sockets(sockets)
io_loop = IOLoop.instance()
session_manager = SessionManager.Instance()
session_clean_up = PeriodicCallback(session_manager.clean_up,
app.settings['clean_up_timeout'],
io_loop=io_loop)
try:
logging.info("Shodan Hacking is online.")
io_loop.start()
session_clean_up.start()
except KeyboardInterrupt:
logging.warn("Keyboard interrupt, shutdown everything!")
session_clean_up.stop()
io_loop.stop()
except:
logging.exception("Main I/O Loop threw an excetion!")
def get(self, *args, **kwargs):
''' Clears cookies and session data '''
session_manager = SessionManager.Instance()
session_manager.remove_session(self.get_secure_cookie('auth'))
self.clear_all_cookies()
self.redirect("/")
def initialize(self, dbsession):
self.dbsession = dbsession
self.session_manager = SessionManager.Instance()
self.session = self.session_manager.get_session(
self.get_secure_cookie('auth'), self.request.remote_ip)