def do_get(self, s):
'''
get SETTING_NAME
Retrieves the specified setting value and displays it to the screen.
'''
print common.setting(s).value
def do_get(self, s):
'''
get SETTING_NAME
Retrieves the specified setting value and displays it to the screen.
'''
print common.setting(s).value
def get_pvs_data(limit, db):
'''
Returns the top 5 vulnerable hosts as detected from the PVS sensor.
'''
resp = requests.post('https://%s:8835/login' % setting('pvs_host').value,
data={
'login': setting('pvs_user').value,
'password': setting('pvs_password').value,
'nocookie': 1, 'json': 1
}, verify=False)
pvs_key = resp.json()['reply']['contents']['token']
data = requests.post('https://%s:8835/report2/hosts/sort' % setting('pvs_host').value, data={
'report': 0, 'json': 1, 'token': pvs_key}, verify=False)
hosts = data.json()['reply']['contents']['hostlist']['host']
shosts = sorted(hosts, key=lambda k: k['severity_index'], reverse=True)
rethosts = []
max_vulns = 0
for item in shosts[:limit]:
d = {'host': item['hostname']}
sevs = {0: 'info', 1: 'low', 2: 'medium', 3: 'high', 4: 'critical'}
for severity in item['severitycount']['item']:
d[sevs[severity['severitylevel']]] = severity['count']
if item['severity'] > max_vulns:
max_vulns = item['severity']
rethosts.append(d)
requests.post('https://%s:8835/logout' % setting('pvs_host').value, data={
'seq': 1802, 'json': 1, 'token': pvs_key}, verify=False)
return jsonify({'vuln_max': max_vulns, 'hosts': rethosts})
def startup():
db.initialize()
common.log_to_console()
common.log_to_file()
monitor.autostart(int(time.time()) + 5)
debug(common.setting('api_debug').boolvalue)
run(app=api.app,
port=common.setting('api_port').intvalue,
host=common.setting('api_host').value,
server=common.setting('api_app_server').value,
reloader=common.setting('api_debug').boolvalue,
)
def autostart(delay_start=0):
'''
Automatically starts up the parsers that are enabled if autostart is
turned on.
'''
s = Session()
if setting('autostart').boolvalue:
if setting('driftnet_enabled').boolvalue:
start('driftnet', delay_start)
if setting('ettercap_enabled').boolvalue:
start('ettercap', delay_start)
if setting('tshark_enabled').boolvalue:
start('tshark', delay_start)
def do_run(self, s):
'''
Runs the Dofler Service
'''
db.initialize()
common.log_to_console()
common.log_to_file()
monitor.autostart(int(time.time()) + 5)
debug(common.setting('api_debug').boolvalue)
run(app=api.app,
port=common.setting('api_port').intvalue,
host=common.setting('api_host').value,
server=common.setting('api_app_server').value,
reloader=common.setting('api_debug').boolvalue,
)
def do_run(self, s):
'''
Runs the Dofler Service
'''
db.initialize()
common.log_to_console()
common.log_to_file()
monitor.autostart(int(time.time()) + 5)
debug(common.setting('api_debug').boolvalue)
run(
app=api.app,
port=common.setting('api_port').intvalue,
host=common.setting('api_host').value,
server=common.setting('api_app_server').value,
reloader=common.setting('api_debug').boolvalue,
)
def api_settings(db):
'''
Logging Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_logging.html').render(
auth=auth(request),
log_console=setting('log_console').intvalue,
log_console_level=setting('log_console_level').value,
log_file=setting('log_file').intvalue,
log_file_level=setting('log_file_level').value,
log_file_path=setting('log_file_path').value)
def api_settings(db):
'''
Server Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_server.html').render(
auth=auth(request),
server_host=setting('server_host').value,
server_port=setting('server_port').value,
server_ssl=setting('server_ssl').intvalue,
server_anonymize=setting('server_anonymize').intvalue,
server_username=setting('server_username').value)
def api_settings(db):
'''
Server Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_server.html').render(
auth=auth(request),
server_host=setting('server_host').value,
server_port=setting('server_port').value,
server_ssl=setting('server_ssl').intvalue,
server_anonymize=setting('server_anonymize').intvalue,
server_username=setting('server_username').value
)
def api_settings(db):
'''
API Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_api.html').render(
auth=auth(request),
api_debug=setting('api_debug').intvalue,
api_port=setting('api_port').value,
api_host=setting('api_host').value,
api_app_server=setting('api_app_server').value,
cookie_key=setting('cookie_key').value,
database=config.config.get('Database', 'db'))
def api_settings(db):
'''
Logging Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_logging.html').render(
auth=auth(request),
log_console=setting('log_console').intvalue,
log_console_level=setting('log_console_level').value,
log_file=setting('log_file').intvalue,
log_file_level=setting('log_file_level').value,
log_file_path=setting('log_file_path').value
)
def api_settings(db):
'''
API Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_api.html').render(
auth=auth(request),
api_debug=setting('api_debug').intvalue,
api_port=setting('api_port').value,
api_host=setting('api_host').value,
api_app_server=setting('api_app_server').value,
cookie_key=setting('cookie_key').value,
database=config.config.get('Database', 'db')
)
def logout(db):
'''
User Logout.
'''
response.delete_cookie('user',
secret=setting('cookie_key').value)
return env.get_template('settings_login.html').render(
auth=False,
)
def accounts(oid, db):
'''
Returns any accounts that are newer than the oid specified.
'''
if oid is not '0':
items = db.query(Account).filter(Account.id > oid).all()
else:
items = db.query(Account).limit(setting('web_image_max').intvalue).all()
return jsonify([i.dump() for i in items])
def login():
'''Login function'''
if auth_login(request):
response.set_cookie('user',
request.forms.get('username'),
secret=setting('cookie_key').value,
)
response.add_header('Authentication', 'SUCCESS')
else:
response.add_header('Authentication', 'FAILURE')
def login():
'''Login function'''
if auth_login(request):
response.set_cookie(
'user',
request.forms.get('username'),
secret=setting('cookie_key').value,
)
response.add_header('Authentication', 'SUCCESS')
else:
response.add_header('Authentication', 'FAILURE')
def parsers_settings(db):
'''
Parser Configuration Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
parsers = {}
for item in monitor.parser_status():
parsers[item] = {
'enabled': setting('%s_enabled' % item).boolvalue,
'command': setting('%s_command' % item).value,
}
return env.get_template('settings_parsers.html').render(
auth=auth(request),
parsers=parsers,
autostart=setting('autostart').boolvalue,
listen_interface=setting('listen_interface').value)
def main_page(db):
'''
Main View
'''
return env.get_template('main.html').render(
auth=auth(request),
status=monitor.status(),
web_images=setting('web_images').boolvalue,
web_accounts=setting('web_accounts').boolvalue,
web_stats=setting('web_stats').boolvalue,
web_image_delay=setting('web_image_delay').intvalue,
web_account_delay=setting('web_account_delay').intvalue,
web_stat_delay=setting('web_stat_delay').intvalue,
web_image_max=setting('web_image_max').intvalue,
web_account_max=setting('web_account_max').intvalue,
web_stat_max=setting('web_stat_max').intvalue
)
def parsers_settings(db):
'''
Parser Configuration Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
parsers = {}
for item in monitor.parser_status():
parsers[item] = {
'enabled': setting('%s_enabled' % item).boolvalue,
'command': setting('%s_command' % item).value,
}
return env.get_template('settings_parsers.html').render(
auth=auth(request),
parsers=parsers,
autostart=setting('autostart').boolvalue,
listen_interface=setting('listen_interface').value
)
def api_settings(db):
'''
WebUI Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_webui.html').render(
auth=auth(request),
web_images=setting('web_images').boolvalue,
web_accounts=setting('web_accounts').boolvalue,
web_stats=setting('web_stats').intvalue,
web_image_delay=setting('web_image_delay').value,
web_account_delay=setting('web_account_delay').value,
web_stat_delay=setting('web_stat_delay').value,
web_stat_max=setting('web_stat_max').intvalue,
web_image_max=setting('web_image_max').intvalue,
web_account_max=setting('web_account_max').intvalue,
web_display_settings=setting('web_display_settings').boolvalue
)
def getapi(self):
'''
Initiates a login and then returns the api client object.
'''
if os.path.exists(os.path.join(os.environ['HOME'], '.dofler_admin')):
pfile = open(os.path.join(os.environ['HOME'], '.dofler_admin'))
passwd = pfile.read().strip('\n')
pfile.close()
else:
passwd = getpass('\nEnter Admin Password : '******'127.0.0.1',
common.setting('api_port').intvalue,
'admin', passwd)
def do_set(self, s):
'''
set SETTING_NAME VALUE
Sets the specified setting to the specified value.
'''
dset = s.split()
if len(dset) == 2:
name, value = dset
s = db.SettingSession()
setting = common.setting(name)
setting.value = value
s.merge(setting)
s.commit()
s.close()
def do_set(self, s):
'''
set SETTING_NAME VALUE
Sets the specified setting to the specified value.
'''
dset = s.split()
if len(dset) == 2:
name, value = dset
s = db.SettingSession()
setting = common.setting(name)
setting.value = value
s.merge(setting)
s.commit()
s.close()
def getapi(self):
'''
Initiates a login and then returns the api client object.
'''
if os.path.exists(os.path.join(os.environ['HOME'], '.dofler_admin')):
pfile = open(os.path.join(os.environ['HOME'], '.dofler_admin'))
passwd = pfile.read().strip('\n')
pfile.close()
else:
passwd = getpass('\nEnter Admin Password : '******'127.0.0.1',
common.setting('api_port').intvalue,
'admin',
passwd
)
def login_post(db):
'''
Authentication Handler.
'''
if auth_login(request):
response.set_cookie('user',
request.forms.get('username'),
secret=setting('cookie_key').value
)
response.add_header('Authentication', 'SUCCESS')
redirect('/')
else:
return env.get_template('login.html').render(
error='Authentication Failed',
auth=False,
status=monitor.status()
)
def run(self):
'''
Process startup.
'''
s = Session()
while int(time.time()) < self.delay:
log.debug('%s: Parser Waiting til %s currently %s. sleeping 1s.' %(
self.name, self.delay, int(time.time())))
time.sleep(1)
self.command = setting('%s_command' % self.name).value\
.replace('{IF}', setting('listen_interface').value)
self.api = DoflerClient(
host=setting('server_host').value,
port=setting('server_port').intvalue,
username=setting('server_username').value,
password=setting('server_password').value,
ssl=setting('server_ssl').boolvalue,
anon=setting('server_anonymize').boolvalue)
s.close()
self.realtime_process()
def run(self):
'''
Process startup.
'''
s = Session()
while int(time.time()) < self.delay:
log.debug('%s: Parser Waiting til %s currently %s. sleeping 1s.' %(
self.name, self.delay, int(time.time())))
time.sleep(1)
self.command = setting('%s_command' % self.name).value\
.replace('{IF}', setting('listen_interface').value)
self.api = DoflerClient(
host=setting('server_host').value,
port=setting('server_port').intvalue,
username=setting('server_username').value,
password=setting('server_password').value,
ssl=setting('server_ssl').boolvalue,
anon=setting('server_anonymize').boolvalue)
s.close()
self.realtime_process()
def update_settings(settings):
'''
Settings Updater
'''
s = SettingSession()
for item in settings:
if item == 'database':
config.update(settings[item])
else:
settingobj = setting(item)
if item == 'server_password':
if settings[item] != '1234567890':
settingobj.value = settings[item]
else:
settingobj.value = settings[item]
s.merge(settingobj)
s.commit()
s.close()
common.log_to_console()
common.log_to_file()
monitor.autostart()
def login(db):
'''
Authentication Page
'''
error = None
logged_in = False
if request.method == 'POST':
if auth_login(request):
response.set_cookie(
'user',
request.forms.get('username'),
secret=setting('cookie_key').value,
)
response.add_header('Authentication', 'SUCCESS')
logged_in = True
else:
error = 'Authentication Failed'
else:
logged_in = auth(request)
return env.get_template('settings_login.html').render(auth=logged_in,
error=error)
def update_settings(settings):
'''
Settings Updater
'''
s = SettingSession()
for item in settings:
if item == 'database':
config.update(settings[item])
else:
settingobj = setting(item)
if item == 'server_password':
if settings[item] != '1234567890':
settingobj.value = settings[item]
else:
settingobj.value = settings[item]
s.merge(settingobj)
s.commit()
s.close()
common.log_to_console()
common.log_to_file()
monitor.autostart()
def login(db):
'''
Authentication Page
'''
error=None
logged_in=False
if request.method == 'POST':
if auth_login(request):
response.set_cookie('user',
request.forms.get('username'),
secret=setting('cookie_key').value,
)
response.add_header('Authentication', 'SUCCESS')
logged_in=True
else:
error='Authentication Failed'
else:
logged_in=auth(request)
return env.get_template('settings_login.html').render(
auth=logged_in,
error=error
)
def settings_post(db):
'''
Settings Update Handler.
'''
s = SettingSession()
if auth(request):
for item in request.forms:
settingobj = setting(item)
if item == 'server_password':
if request.forms['server_password'] != '1234567890':
settingobj.value = request.forms[item]
else:
settingobj.value = request.forms[item]
s.merge(settingobj)
s.commit()
s.close()
common.log_to_console()
common.log_to_file()
monitor.autostart()
return get_settings_page(auth(request), note='Settings Updated')
else:
return get_settings_page(auth(request),
error='Must be Authenticated to Change Settings')
def api_settings(db):
'''
WebUI Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_webui.html').render(
auth=auth(request),
web_theme=setting('web_theme').value,
web_header=setting('web_header').value,
web_images=setting('web_images').boolvalue,
web_accounts=setting('web_accounts').boolvalue,
web_stats=setting('web_stats').intvalue,
web_pvs=setting('web_pvs_enabled').boolvalue,
web_image_delay=setting('web_image_delay').value,
web_account_delay=setting('web_account_delay').value,
web_stat_delay=setting('web_stat_delay').value,
web_pvs_delay=setting('web_pvs_delay').value,
web_stat_max=setting('web_stat_max').intvalue,
web_image_max=setting('web_image_max').intvalue,
web_account_max=setting('web_account_max').intvalue,
web_pvs_max=setting('web_pvs_max').intvalue,
pvs_host=setting('pvs_host').value,
pvs_user=setting('pvs_user').value,
pvs_password=setting('pvs_password').value,
web_display_settings=setting('web_display_settings').boolvalue)
def api_settings(db):
'''
WebUI Settings Page
'''
if auth(request) and request.method == 'POST':
settings = {}
for item in request.forms:
settings[item] = request.forms[item]
update_settings(settings)
return env.get_template('settings_webui.html').render(
auth=auth(request),
web_theme=setting('web_theme').value,
web_header=setting('web_header').value,
web_images=setting('web_images').boolvalue,
web_accounts=setting('web_accounts').boolvalue,
web_stats=setting('web_stats').intvalue,
web_pvs=setting('web_pvs_enabled').boolvalue,
web_image_delay=setting('web_image_delay').value,
web_account_delay=setting('web_account_delay').value,
web_stat_delay=setting('web_stat_delay').value,
web_pvs_delay=setting('web_pvs_delay').value,
web_stat_max=setting('web_stat_max').intvalue,
web_image_max=setting('web_image_max').intvalue,
web_account_max=setting('web_account_max').intvalue,
web_pvs_max=setting('web_pvs_max').intvalue,
pvs_host=setting('pvs_host').value,
pvs_user=setting('pvs_user').value,
pvs_password=setting('pvs_password').value,
web_display_settings=setting('web_display_settings').boolvalue
)
def get_settings_page(auth, error=False, note=False):
return env.get_template('settings.html').render(
error=error,
note=note,
auth=auth,
status=monitor.status(),
log_console=setting('log_console').intvalue,
log_console_level=setting('log_console_level').value,
log_file=setting('log_file').intvalue,
log_file_level=setting('log_file_level').value,
log_file_path=setting('log_file_path').value,
api_debug=setting('api_debug').intvalue,
api_port=setting('api_port').value,
api_host=setting('api_host').value,
api_app_server=setting('api_app_server').value,
cookie_key=setting('cookie_key').value,
server_host=setting('server_host').value,
server_port=setting('server_port').value,
server_ssl=setting('server_ssl').intvalue,
server_anonymize=setting('server_anonymize').intvalue,
server_username=setting('server_username').value,
web_images=setting('web_images').boolvalue,
web_accounts=setting('web_accounts').boolvalue,
web_stats=setting('web_stats').intvalue,
web_image_delay=setting('web_image_delay').value,
web_account_delay=setting('web_account_delay').value,
web_stat_delay=setting('web_stat_delay').value,
web_stat_max=setting('web_stat_max').intvalue,
autostart=setting('autostart').intvalue,
ettercap_enabled=setting('ettercap_enabled').intvalue,
driftnet_enabled=setting('driftnet_enabled').intvalue,
tshark_enabled=setting('tshark_enabled').intvalue,
ettercap_command=setting('ettercap_command').value,
driftnet_command=setting('driftnet_command').value,
tshark_command=setting('tshark_command').value,
listen_interface=setting('listen_interface').value,
web_account_max=setting('web_account_max').value,
web_image_max=setting('web_image_max').value
)
def logout():
'''Simply deletes the account cookie, effectively logging the sensor out.'''
response.delete_cookie('user',
secret=setting('cookie_key').value
)
def logout():
'''Simply deletes the account cookie, effectively logging the sensor out.'''
response.delete_cookie('user', secret=setting('cookie_key').value)
def settings(db):
'''
Returns the settings needed for the WebUI
'''
return {
'stats_enabled': setting('web_stats').boolvalue,
'stats_delay': setting('web_stat_delay').intvalue,
'stats_max': setting('web_stat_max').intvalue,
'accounts_enabled': setting('web_accounts').boolvalue,
'accounts_delay': setting('web_account_delay').intvalue,
'accounts_max': setting('web_account_max').intvalue,
'images_enabled': setting('web_images').boolvalue,
'images_delay': setting('web_image_delay').intvalue,
'images_max': setting('web_image_max').intvalue,
'vulns_enabled': setting('web_pvs_enabled').boolvalue,
'vulns_delay': setting('web_pvs_delay').intvalue,
'vulns_max': setting('web_pvs_max').intvalue,
'header_text': setting('web_header').value,
'show_settings': setting('web_display_settings').boolvalue,
}
def main_page(db):
'''
Main View
'''
return env.get_template('themes/%s.html' %
setting('web_theme').value).render()
def logout(db):
'''
User Logout.
'''
response.delete_cookie('user', secret=setting('cookie_key').value)
return env.get_template('settings_login.html').render(auth=False, )
def main_page(db):
'''
Main View
'''
return env.get_template('themes/%s.html' % setting('web_theme').value).render()
