def __init__(self, module, *args, **kwargs):
        self.database = DatabaseOperations(
            collection_type=DatabaseCollections.INSTANCES)

        instance_id = kwargs.pop("instance_id")
        self.database.get_amazon_document(resource_id=instance_id)

        self.docker_sever = DockerServerInstanceOperations(
            instance_id=instance_id).docker_server
        self.module = module(source_host=self.docker_sever.public_ip_address,
                             *args,
                             **kwargs)
Example #2
0
class DockerServerServiceImplementation(DockerServerService):
    """
    Implements the docker server instance service.

    Attributes:
        database (DatabaseOperations): DatabaseOperations object.
    """
    type = "Instance"

    def __init__(self):
        self.database = DatabaseOperations(
            collection_type=DatabaseCollections.INSTANCES)

    def create(self, *args, **kwargs):
        return self.create_docker_server(**kwargs)

    def get_all(self):
        return self.get_all_docker_servers()

    def get_one(self, *args, **kwargs):
        return self.get_docker_server(**kwargs)

    def delete_one(self, *args, **kwargs):
        return self.delete_docker_server(**kwargs)

    def get_docker_server(self, instance_id):
        """
        Gets a docker server from the DB

        Args:
            instance_id (str): instance ID.

        Returns:
            dict: docker server document in case found
        """
        return self.database.get_amazon_document(type=self.type,
                                                 resource_id=instance_id)

    def get_all_docker_servers(self):
        """
        Gets all available docker servers from the DB.

        Returns:
            list(dict): docker server documents in case there are, empty list otherwise
        """
        return self.database.get_all_documents()

    @validate_json_request("ImageId", "InstanceType")
    def create_docker_server(self, docker_server_json):
        """
        Creates a docker server instance.

        docker_server_json example:

        {
            "ImageId": "ami-016b213e65284e9c9",
            "InstanceType": "t2.micro"
        }

        Args:
            docker_server_json (dict): docker server Json input from the client.

        Returns:
            dict: a new docker server document.
        """
        new_docker_server = create_instance(
            ImageId=docker_server_json.get("ImageId"),
            InstanceType=docker_server_json.get("InstanceType"),
            KeyName=aws_const.DEFAULT_PAIR_KEY_NAME,
            SecurityGroupIds=[aws_const.DEFAULT_SECURITY_GROUP_ID],
            MaxCount=aws_const.DEFAULT_MAX_MIN_COUNT,
            MinCount=aws_const.DEFAULT_MAX_MIN_COUNT)

        docker_server_response = create_new_response(obj=new_docker_server,
                                                     response_type=self.type)
        self.database.insert_amazon_document(
            new_amazon_document=docker_server_response)

        return docker_server_response

    def delete_docker_server(self, instance_id):
        """
        Deletes a docker server from the DB.

        Args:
            instance_id (str): instance ID.

        Returns:
            empty string as a response in case of success.
        """
        self.database.delete_amazon_document(resource_id=instance_id,
                                             type=self.type)
        DockerServerInstanceOperations(
            instance_id=instance_id).docker_server.terminate()
        return ''
Example #3
0
 def __init__(self):
     self.database = DatabaseOperations(
         collection_type=DatabaseCollections.INSTANCES)
class MetasploitServiceImplementation(MetasploitService):
    """
    Implements the metasploit service.

    Attributes:
        database (DatabaseOperations): DatabaseOperations object.
        module: (MetasploitModule): metasploit module subclass object, e.g.: PayLoad, PortScanning, Exploit
        docker_server (DockerServerInstance): a docker server object where the metasploit operations will be executed.
    """
    def __init__(self, module, *args, **kwargs):
        self.database = DatabaseOperations(
            collection_type=DatabaseCollections.INSTANCES)

        instance_id = kwargs.pop("instance_id")
        self.database.get_amazon_document(resource_id=instance_id)

        self.docker_sever = DockerServerInstanceOperations(
            instance_id=instance_id).docker_server
        self.module = module(source_host=self.docker_sever.public_ip_address,
                             *args,
                             **kwargs)

    def run(self, *args, **kwargs):
        return self.run_exploit(*args, **kwargs)

    def info(self, *args, **kwargs):
        """
        Gets information about a module (Exploit, Payload, PortScanning) parameters.
        """
        return self.module.info(*args, **kwargs)

    @validate_json_request("name", "payloads", "options")
    def run_exploit(self, exploit_request):
        """
        run exploits over a metasploit container with msfrpc daemon connected.

        Args:
            exploit_request (dict): exploit details from the client.

        Returns:
            list(dict): a list with all the successful payloads information.

        Example of exploits running request where the key is the target host and the values are exploit's params:

        exploits_request = {
            "exploit_name": "unix/ftp/vsftpd_234_backdoor",
            "payloads": {
                "cmd/unix/interact": {
                    "option1": "value1",
                    "option2": value2"
                }
            },
            "options": {
                "RHOSTS": "target IP/DNS"
            }
        }
        """
        exploit_results = self.module.execute(**exploit_request)

        for exploit_details in exploit_results:
            self.database.add_metasploit_document(
                amazon_resource_id=self.docker_sever.instance_id,
                metasploit_document=exploit_details)
        return exploit_results
Example #5
0
 def __init__(self):
     self.database = DatabaseOperations(
         collection_type=DatabaseCollections.USERS)
Example #6
0
class UserServiceImplementation(UserService):
    """
    Implements the user service.

    Attributes:
        database (DatabaseOperations): DatabaseOperations object.
    """
    type = "User"

    def __init__(self):
        self.database = DatabaseOperations(
            collection_type=DatabaseCollections.USERS)

    def create(self, *args, **kwargs):
        return self.create_user(*args, **kwargs)

    def get_one(self, *args, **kwargs):
        return self.get_user(*args, **kwargs)

    def get_all(self):
        return self.get_all_users()

    def delete_one(self, *args, **kwargs):
        return self.delete_user(*args, **kwargs)

    def get_user(self, username, password):
        """
        Returns an existing user document from the DB.

        Returns:
            dict: a user client response in case found.

        Raises:
            PasswordIsInvalidError: in case the password is not correct.
        """
        existing_user = User(**self.database.get_user_document_by_id(
            user_id=hashlib.sha256(username.encode('utf-8')).hexdigest(),
            username=username))

        if existing_user.compare_passwords(
                password=hashlib.sha256(password.encode('utf-8')).hexdigest()):
            return existing_user.client_response()
        else:
            raise PasswordIsInvalidError(password=password)

    def get_all_users(self):
        """
        Gets all the existing users.

        Returns:
            list[dict]: a list of all available users.
        """
        users_response = []
        all_available_users = self.database.get_all_documents()

        for user in all_available_users:
            users_response.append(User(**user).client_response())
        return users_response

    @validate_json_request("first_name", "last_name", "username", "password",
                           "email")
    def create_user(self, **create_user_json):
        """
        Creates a user in the DB and returns the new created user document.

        Returns:
            dict: a new user document.
        """
        new_user = User(is_hashing_password_required=True, **create_user_json)
        self.database.insert_user_document(
            new_user_document=new_user.document())
        return new_user.client_response()

    def delete_user(self, username):
        """
        Deletes a user from the DB.

        Returns:
            str: empty string as a response in case of success.
        """
        self.database.delete_amazon_document(resource_id=hashlib.sha256(
            username.encode('utf-8')).hexdigest(),
                                             type=self.type)
        return ''
class ContainerServiceImplementation(ContainerService):
    """
    Implements the container service.

    Attributes:
        database (DatabaseOperations): DatabaseOperations object.
    """
    type = "Container"

    def __init__(self):
        self.database = DatabaseOperations(collection_type=DatabaseCollections.INSTANCES)

    def create(self, *args, **kwargs):
        return self.create_metasploit_container(*args, **kwargs)

    def get_all(self, *args, **kwargs):
        return self.get_all_containers(*args, **kwargs)

    def get_one(self, *args, **kwargs):
        return self.get_container(*args, **kwargs)

    def delete_one(self, *args, **kwargs):
        return self.delete_container(*args, **kwargs)

    @update_containers_status
    def get_container(self, instance_id, container_id):
        """
        Gets a container from the DB.

        Args:
            instance_id (str): instance ID.
            container_id (str): container ID.

        Returns:
            dict: a container document in case found.
        """
        return self.database.get_docker_document(
            amazon_resource_id=instance_id, docker_resource_id=container_id, type=self.type
        )

    @update_containers_status
    def get_all_containers(self, instance_id):
        """
        Gets all containers from the DB.

        Args:
            instance_id (str): instance ID.

        Returns:
            list(dict): a list of container documents in case there are, empty list otherwise.
        """
        return self.database.get_docker_documents(amazon_resource_id=instance_id, type=self.type)

    def create_metasploit_container(self, instance_id):
        """
        Creates a new metasploit container over a docker server instance.

        Args:
            instance_id (str): instance ID.

        Returns:
            dict: a new container document.
        """
        all_containers_documents = self.database.get_docker_documents(amazon_resource_id=instance_id, type=self.type)

        new_container = ContainerOperations(
            docker_server_id=instance_id
        ).run_container_with_msfrpcd_metasploit(containers_documents=all_containers_documents)

        container_response = create_new_response(obj=new_container, response_type=self.type)

        self.database.add_docker_document(
            amazon_resource_id=instance_id, docker_document_type=self.type, new_docker_document=container_response
        )

        return container_response

    def delete_container(self, instance_id, container_id):
        """
        Deletes a container from the DB.

        Args:
            instance_id (str): instance ID.
            container_id (str): container ID.

        Returns:
            str: empty string as a response in case of success.
        """
        self.database.delete_docker_document(
            amazon_resource_id=instance_id, docker_resource_id=container_id, docker_document_type=self.type
        )
        ContainerOperations(docker_server_id=instance_id, docker_resource_id=container_id).container.remove(force=True)
        return ''
class UserServiceImplementation(UserService):
    """
    Implements the user service.

    Attributes:
        database (DatabaseOperations): DatabaseOperations object.
    """
    type = "User"

    def __init__(self):
        self.database = DatabaseOperations(
            collection_type=DatabaseCollections.USERS)

    def create(self, *args, **kwargs):
        return self.create_user(*args, **kwargs)

    def get_one(self, *args, **kwargs):
        return self.get_user(*args, **kwargs)

    def get_all(self):
        return self.get_all_users()

    def delete_one(self, *args, **kwargs):
        return self.delete_user(*args, **kwargs)

    def get_user(self, email, password):
        """
        Returns an existing user document from the DB.

        Returns:
            dict: a user client response in case found.

        Raises:
            PasswordIsInvalidError: in case the password is not correct.
        """
        existing_user = User(**self.database.get_user_document_by_id(
            user_id=hash_email(email=email)))

        if verify_password(stored_password=existing_user.password,
                           provided_password=password):
            return existing_user.client_response()
        else:
            raise InvalidUserNameOrPassword()

    def get_all_users(self):
        """
        Gets all the existing users.

        Returns:
            list[dict]: a list of all available users.
        """
        users_response = []
        all_available_users = self.database.get_all_documents()

        for user in all_available_users:
            users_response.append(User(**user).client_response())
        return users_response

    @validate_json_request("name", "password", "email")
    def create_user(self, **create_user_json):
        """
        Creates a user in the DB and returns the new created user document.

        Returns:
            dict: a new user document.
        """
        new_user = User(**create_user_json)
        new_user.password = hash_password(password=new_user.password)
        self.database.insert_user_document(
            new_user_document=new_user.document())
        return new_user.client_response()

    def delete_user(self, email):
        """
        Deletes a user from the DB.

        Returns:
            str: empty string as a response in case of success.
        """
        self.database.delete_amazon_document(
            resource_id=hash_email(email=email), type=self.type)
        return ''

    def update(self, email, **update_user_json):
        """
        Updates a user and inserts the changes to the DB.

        Returns:
            str: empty string as a response in case of success.
        """

        _data, _name, _password = "******", "name", "password"
        user_id = hash_email(email=email)

        existing_user = User(**self.database.get_user_document_by_id(
            user_id=user_id))

        if _name in update_user_json:
            existing_user.name = update_user_json.get(_name)
        if _password in update_user_json:
            existing_user.password = hash_password(
                password=update_user_json.get(_password))
        if _data in update_user_json:
            existing_user.data = update_user_json.get(_data)

        self.database.update_amazon_document(amazon_resource_id=user_id,
                                             update=existing_user.document())
        return ''