def check_faraday_version():
try:
server.check_faraday_version()
except RuntimeError:
get_logger("launcher").error(
"The server is running a different Faraday version than the client you are running. Version numbers must match!"
)
def __init__(self):
super(RawReportProcessor, self).__init__()
from faraday.client.start_client import setupPlugins
setupPlugins()
self.pending_actions = Queue()
try:
plugin_manager = PluginManager(
os.path.join(CONF.getConfigPath(), "plugins"))
except AttributeError:
get_logger().warning(
"Upload reports in WEB-UI not configurated, run Faraday client and try again..."
)
self._stop = True
return
mappers_manager = MapperManager()
self.model_controller = ModelController(mappers_manager,
self.pending_actions)
self.model_controller.start()
self.end_event = Event()
plugin_controller = PluginController('PluginController',
plugin_manager, mappers_manager,
self.pending_actions,
self.end_event)
self.processor = ReportProcessor(plugin_controller, None)
self._stop = False
def get_exploits(cveid):
"""
Use Vulns API to get all exploits available for a specific CVE-ID
"""
get_logger(__name__).debug("Request parameters: {!r}".format(
flask.request.args))
headers = {
"Content-Type": "application/json",
"Accept": "application/json"
}
response = requests.get(
"https://vulners.com/api/v3/search/id/?references=True&id=" + cveid,
headers=headers,
timeout=3)
try:
json_response = {"metasploit": [], "exploitdb": [], "cveid": cveid}
if response.status_code == 200:
obj_response = response.json()
if obj_response["data"]["references"] is not {}:
metasploit_modules = obj_response["data"]["references"][
cveid].get("metasploit", [])
exploitdb_modules = obj_response["data"]["references"][
cveid].get("exploitdb", [])
for module in metasploit_modules:
obj_module = {}
obj_module.update({"title": module["title"]})
obj_module.update({"id": module["id"]})
obj_module.update({"href": module["href"]})
json_response["metasploit"].append(obj_module)
for module in exploitdb_modules:
obj_module = {}
obj_module.update({"title": module["title"]})
obj_module.update({"id": module["id"]})
obj_module.update({"href": module["href"]})
json_response["exploitdb"].append(obj_module)
except KeyError as ex:
abort(
make_response(
jsonify(message='Could not find {0}'.format(ex.message)), 400))
return flask.jsonify(json_response)
def file_upload(workspace=None):
"""
Upload a report file to Server and process that report with Faraday client plugins.
"""
get_logger(__name__).debug("Importing new plugin report in server...")
# Authorization code copy-pasted from server/api/base.py
ws = Workspace.query.filter_by(name=workspace).one()
if not (ws.active):
# Don't raise a 403 to prevent workspace name enumeration
abort(404, "Workspace disabled: %s" % workspace)
if 'file' not in request.files:
abort(400)
try:
validate_csrf(request.form.get('csrf_token'))
except ValidationError:
abort(403)
report_file = request.files['file']
if report_file:
chars = string.ascii_uppercase + string.digits
random_prefix = ''.join(random.choice(chars) for x in range(12))
raw_report_filename = '{0}{1}'.format(
random_prefix, secure_filename(report_file.filename))
try:
file_path = os.path.join(
CONF.getConfigPath(),
'uploaded_reports/{0}'.format(raw_report_filename))
except AttributeError:
get_logger().warning(
"Upload reports in WEB-UI not configurated, run Faraday client and try again..."
)
abort(
make_response(
jsonify(
message=
"Upload reports not configurated: Run faraday client and start Faraday server again"
), 500))
with open(file_path, 'w') as output:
output.write(report_file.read())
UPLOAD_REPORTS_QUEUE.put((workspace, file_path, request.cookies))
return make_response(jsonify(message="ok"), 200)
def background_process():
"""Change workspace. This function runs on a separated thread
created by the parent function. DO NOT call any Gtk methods
withing its scope, except by emiting signals to the window
"""
GObject.idle_add(loading_workspace, 'show')
try:
ws = self.openWorkspace(workspace_name)
GObject.idle_add(CONF.setLastWorkspace, ws.name)
GObject.idle_add(CONF.saveConfig)
except Exception as e:
GObject.idle_add(self.handle_no_active_workspace)
get_logger("GTK").error(e)
GObject.idle_add(loading_workspace, 'destroy')
return True
def copy_default_config_to_local():
if os.path.exists(LOCAL_CONFIG_FILE):
return
# Create directory if it doesn't exist
try:
os.makedirs(os.path.dirname(LOCAL_CONFIG_FILE))
except OSError as e:
if e.errno != errno.EEXIST:
raise
# Copy default config file into faraday local config
shutil.copyfile(DEFAULT_CONFIG_FILE, LOCAL_CONFIG_FILE)
from faraday.server.utils.logger import get_logger # pylint:disable=import-outside-toplevel
get_logger(__name__).info(u"Local faraday-server configuration created at {}".format(LOCAL_CONFIG_FILE))
def run(self, args):
workspace = args.workspace
try:
ws = super(GuiApp, self).openWorkspace(workspace)
except Exception as e:
get_logger(self).error(
("Your last workspace %s is not accessible, "
"check configuration.") % workspace)
get_logger(self).error(
"You may try and go to ~/.faraday/config/user.xml "
"to set a valid api_uri and last_workspace")
get_logger(self).error(str(e))
return -1
workspace = ws.name
CONF.setLastWorkspace(workspace)
CONF.saveConfig()
get_logger(self).info("Workspace %s loaded" % workspace)
while True:
if self._stop:
return
time.sleep(0.01)
def get_server_pid(port):
logger = get_logger(__name__)
if not os.path.isfile(faraday.server.config.FARADAY_SERVER_PID_FILE.format(port)):
return None
with open(faraday.server.config.FARADAY_SERVER_PID_FILE.format(port), 'r') as pid_file:
# If PID file is badly written, delete it and
# assume server is not running
try:
pid = int(pid_file.readline())
except ValueError:
logger.warning('PID file was found but is corrupted. '\
'Assuming server is not running. Please check manually'\
'if Faraday Server is effectively running')
remove_pid_file(port)
return None
return pid
def is_server_running(port):
"""Returns server PID if it is running. Otherwise returns None"""
logger = get_logger(__name__)
pid = get_server_pid(port)
if pid is None:
return None
try:
os.kill(pid, 0)
except OSError, err:
if err.errno == errno.ESRCH:
remove_pid_file(port)
return None
elif err.errno == errno.EPERM:
logger.warning("Server is running BUT the current user"\
"doesn't have enough access to operate with it")
return pid
else:
raise
def stop_server(port):
"""Stops Faraday Server if it isn't running"""
logger = get_logger(__name__)
pid = is_server_running(port)
if pid is None:
logger.error('Faraday Server is not running')
return False
try:
logger.info('Sending SIGTERM to pid {0}, in port {1}'.format(pid, port))
os.kill(pid, signal.SIGTERM)
logger.info("Faraday Server stopped successfully")
except OSError, err:
if err.errno == errno.EPERM:
logger.error("Couldn't stop Faraday Server. User doesn't"\
"have enough permissions")
return False
else:
raise err
def run(self):
logger.info('Tool report processor started')
while not self._stop:
try:
workspace, file_path, cookie = UPLOAD_REPORTS_QUEUE.get(
False, timeout=0.1)
get_logger().info(
'Processing raw report {0}'.format(file_path))
# Cookie of user, used to create objects in server with the right owner.
server.FARADAY_UPLOAD_REPORTS_WEB_COOKIE = cookie
server.FARADAY_UPLOAD_REPORTS_OVERWRITE_SERVER_URL = "http://{0}:{1}".format(
FaradayServerConfig.faraday_server.bind_address,
FaradayServerConfig.faraday_server.port)
self.processor.ws_name = workspace
command_id = self.processor.processReport(file_path)
UPLOAD_REPORTS_CMD_QUEUE.put(command_id)
if not command_id:
continue
self.end_event.wait()
get_logger().info(
'Report processing of report {0} finished'.format(
file_path))
self.end_event.clear()
except Empty:
time.sleep(0.1)
except KeyboardInterrupt as ex:
get_logger().info(
'Keyboard interrupt, stopping report processing thread')
self.stop()
except Exception as ex:
get_logger().exception(ex)
continue
def wrapper(*args, **kwargs):
try:
res = func(*args, **kwargs)
except ServerRequestException as e:
res = response_in_emergency
get_logger("Server-GTK IO").warning(e)
except (requests.exceptions.MissingSchema,
requests.exceptions.InvalidSchema):
res = response_in_emergency
get_logger("Server-GTK IO").error(
"It looks like the Faraday Server "
"URL is not correctly formated. Please change it and "
"remember to set it with a valid protocol, like http.\n"
"For example: http://faradayserver:port/")
except Exception:
res = response_in_emergency
get_logger("Server-GTK IO").error(
"It looks like the Faraday Server is not running\n")
return res
def update(self, event):
if event.type() == CHANGEFROMINSTANCE:
get_logger(self).info("[Update Received] " +
event.change.getMessage())
def __init__(self):
self.logger = get_logger(self)
def run(self, args):
workspace = args.workspace
try:
ws = super(GuiApp, self).openWorkspace(workspace)
except Exception as e:
get_logger(self).error(
("Your last workspace %s is not accessible, "
"check configuration.") % workspace)
get_logger(self).error(
"You may try and go to ~/.faraday/config/user.xml "
"to set a valid api_uri and last_workspace")
get_logger(self).error(str(e))
valid = False
for i in range(4):
workspace = raw_input("Please write the correct, Workspace): ")
try:
ws = super(GuiApp, self).openWorkspace(workspace)
valid = True
break
except Exception as err:
get_logger(self).error(
("Your last workspace %s is not accessible, "
"check configuration.") % workspace)
get_logger(self).error(
"You may try and go to ~/.faraday/config/user.xml "
"to set a valid api_uri and last_workspace")
get_logger(self).error(str(err))
if not valid:
return -1
workspace = ws.name
CONF.setLastWorkspace(workspace)
CONF.saveConfig()
get_logger(self).info("Workspace %s loaded" % workspace)
while True:
if self._stop:
return
time.sleep(0.01)
def start_server():
get_logger(__name__).info('Running as a daemon')
WORKDIR = faraday.server.config.FARADAY_BASE
createDaemon()
