async def ws_credentials_current_operation(request, ws, user):
try:
async with aiopg.create_pool(apfell.config['DB_POOL_CONNECT_STRING']) as pool:
async with pool.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute('LISTEN "newcredential";')
# BEFORE WE START GETTING NEW THINGS, UPDATE WITH ALL OF THE OLD DATA
operation = await db_objects.get(Operation, name=user['current_operation'])
creds = await db_objects.execute(Credential.select().where(Credential.operation == operation))
for c in creds:
await ws.send(js.dumps({**c.to_json()}))
await ws.send("")
# now pull off any new payloads we got queued up while processing old data
while True:
try:
msg = conn.notifies.get_nowait()
id = (msg.payload)
try:
c = await db_objects.get(Credential, id=id, operation=operation)
await ws.send(js.dumps({**c.to_json()}))
except Exception as e:
pass # we got a file that's just not part of our current operation, so move on
except asyncio.QueueEmpty as e:
await asyncio.sleep(2)
await ws.send("") # this is our test to see if the client is still there
continue
except Exception as e:
print(e)
continue
finally:
pool.close()
async def get_current_operation_credentials(request, user):
if user['current_operation'] != "":
try:
operation = await db_objects.get(Operation,
name=user['current_operation'])
except Exception as e:
print(e)
return json({
'status': 'error',
'error': 'Failed to get current operation'
})
creds = await db_objects.execute(
Credential.select().where(Credential.operation == operation))
return json({
'status': 'success',
'credentials': [c.to_json() for c in creds]
})
else:
return json({
"status": 'error',
'error': "must be part of a current operation"
})
async def database_clears(request, user):
try:
operator = await db_objects.get(Operator, username=user['username'])
operation = await db_objects.get(Operation, name=user['current_operation'])
if operation.name not in user['admin_operations']:
return json({'status': 'error', 'error': "you must be the admin of the operation to clear the database"})
except Exception as e:
return json({'status': 'error', 'error': "failed to get the operation and operation: " + str(e)})
data = request.json
if 'object' not in data:
return json({'status': 'error', 'error': '"object" is a required parameter'})
deleted_obj_info = {'dbnumber': 0}
if data['object'] == "payloads":
payloads = await db_objects.execute(Payload.select().where(Payload.operation == operation))
for p in payloads:
try:
os.remove(p.location) # delete it from disk first
except Exception as e:
print(e)
await db_objects.delete(p, recursive=True) # then delete it and everything it relies on from the db
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "callbacks":
callbacks = await db_objects.execute(Callback.select().where(Callback.operation == operation))
for c in callbacks:
await db_objects.delete(c, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "screencaptures":
screencaptures = await db_objects.execute(FileMeta.select().where( (FileMeta.operation == operation) & (FileMeta.path.contains("/screenshots/")) ))
for s in screencaptures:
try:
os.remove(s.path)
except Exception as e:
print(e)
await db_objects.delete(s, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "downloads":
downloads = await db_objects.execute(FileMeta.select().where( (FileMeta.operation == operation) & (FileMeta.path.contains("/downloads/")) ))
for d in downloads:
try:
os.remove(d.path)
except Exception as e:
print(e)
await db_objects.delete(d, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
shutil.rmtree("./app/files/{}/downloads".format(operation.name)) # remove the downloads folder from disk
elif data['object'] == "uploads":
uploads = await db_objects.execute(FileMeta.select().where( (FileMeta.operation == operation) & (FileMeta.path.contains("/{}/".format(operation.name))) & ~(FileMeta.path.contains("/downloads")) ))
for u in uploads:
try:
os.remove(u.path)
except Exception as e:
print(e)
await db_objects.delete(u, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "keylogs":
keylogs = await db_objects.execute(Keylog.select().where(Keylog.operation == operation))
for k in keylogs:
await db_objects.delete(k, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "credentials":
credentials = await db_objects.execute(Credential.select().where(Credential.operation == operation))
for c in credentials:
await db_objects.delete(c, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "tasks":
callbacks = Callback.select().where(Callback.operation == operation)
tasks = await db_objects.prefetch(Task.select(), callbacks)
for t in tasks:
await db_objects.delete(t, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
elif data['object'] == "responses":
callbacks = Callback.select().where(Callback.operation == operation)
tasks = Task.select()
responses = await db_objects.prefetch(Response.select(), tasks, callbacks)
for r in responses:
await db_objects.delete(r, recursive=True)
deleted_obj_info['dbnumber'] = deleted_obj_info['dbnumber'] + 1
return json({"status": "success", 'stats': deleted_obj_info})