def get(self, request, *args, **kwargs):
filename = self.request.query_params.get('std', None)
is_html = self.request.query_params.get('html', False)
if not filename:
return common.message(500, 'stdout not found')
options = dbutils.get_stateless_options()
wss = options.get('WORKSPACES')
filename = utils.clean_path(filename).strip('/')
p = pathlib.Path(filename)
# we don't want a LFI here even when we're admin
if p.parts[0] not in os.listdir(wss):
return common.message(500, 'Workspace not found ')
stdout = utils.join_path(wss, filename)
content = utils.just_read(stdout)
if not content:
return HttpResponse("No result found")
if filename.endswith('.html') or is_html:
return HttpResponse(content)
try:
# convert console output to html
conv = Ansi2HTMLConverter(scheme='mint-terminal')
html = conv.convert(content)
return HttpResponse(html)
# return Response(html)
except:
return HttpResponse(content)
def post(self, request, *args, **kwargs):
serializer = ConfigurationsSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
if data.get('override'):
utils.print_good("Clean all record in Configurations")
Configurations.objects.all().delete()
config_path = data.get('config_path')
if not config_path or config_path == 'False':
config_path = utils.DEAFULT_CONFIG_PATH
result = dbutils.load_default_config(config_path)
if result:
return common.message(200, "Loading Configurations Successfully")
return common.message(500, "Configurations file not exist")
def post(self, request, *args, **kwargs):
serializer = ExecuteSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
forced = data.get('forced')
cmd = data.get('cmd')
output_path = data.get('output_path')
cmd_type = data.get('cmd_type')
# don't care about the status
nolog = data.get('nolog')
# forced check if output path exist
if not forced:
if utils.not_empty_file(output_path):
return common.message(500, "Commands is already done")
# set idle status
if nolog:
data['status'] = 'Done'
else:
data['status'] = 'Running'
item = parse_data(data)
instance = Activities.objects.create(**item)
Logs.objects.create(**item)
command_record = instance.as_json()
# really run the command
if cmd_type == 'single':
utils.print_info("Execute: {0} ".format(cmd))
execute.run_single(command_record)
elif cmd_type == 'list':
utils.print_info("Execute chunk: {0} ".format(cmd))
commands = execute.get_chunk_commands(command_record)
execute.run_chunk(commands, command_record.get(
'chunk'), command_record.get('delay'))
# update status after done
if instance.status != 'Done':
instance.status = 'Done'
instance.save()
return common.message(200, "Commands is done")
def post(self, request, *args, **kwargs):
serializer = ClearSpecificSerializers(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
queryset = Activities.objects.all()
queryset = queryset.filter(workspace=data.get('workspace'))
queryset = queryset.filter(module=data.get('module'))
queryset.delete()
return common.message(200, "Clear all old activities for {0}")
def post(self, request, *args, **kwargs):
serializer = CommandsSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
if data.get('override'):
utils.print_good(
"Clean all record in Commands")
Commands.objects.all().delete()
if data.get('reset'):
dbutils.internal_parse_commands()
return common.message(200, "Load default Commands Successfully")
command_path = data.get('command_path')
result = dbutils.parse_commands(command_path)
if result:
return common.message(200, "Parsing Commands Successfully")
return common.message(500, "Commands file not exist")
def post(self, request, *args, **kwargs):
serializer = SummariesListSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
workspace = data.get('workspace')
domains = data.get('domains')
domains_file = data.get('domains_file')
update_type = data.get('update_type')
if not domains:
# @TODO Check if file under workspaces folder to prevent a LFI
domains = utils.just_read(domains_file, get_list=True)
if not domains:
return common.message(500, "Domain files not found")
# create domain record
for domain in domains:
jsonl = dbutils.parse_domains(domain)
dbutils.import_domain_summary(jsonl, workspace, update_type)
return common.message(200, "Summary List Submitted")
def get(self, request, *args, **kwargs):
workspace = request.query_params.get('workspace', None)
if not workspace:
return common.message(500, "Workspace not found")
field = request.query_params.get('field', None)
data = []
if 'ip' in field:
data = list(
Summaries.objects.filter(workspace=workspace).values_list(
'ip_address', flat=True).exclude(ip_address='N/A'))
return Response({'summaries': data})
def get(self, request, *args, **kwargs):
workspace = request.query_params.get('workspace', None)
module = request.query_params.get('module', None)
full = request.query_params.get('full', None)
grouped = request.query_params.get('grouped', None)
# workspace validate
if not workspace or workspace == 'null':
return common.message(500, "Workspace not specifed")
obj = Workspaces.objects.filter(workspace=workspace)
if not obj.first():
return common.message(404, "Workspace not found")
# get options
ws = obj.first().as_json().get('workspace')
options = dbutils.get_stateful_options(ws)
real_workspace = utils.join_path(options.get(
'WORKSPACES'), options.get('WORKSPACE'))
options['WORKSPACE'] = real_workspace
reports = self.get_reports(options, module, full, grouped)
content = {'reports': reports}
return Response(content)
def post(self, request, *args, **kwargs):
serializer = ExportsSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
workspace = data.get('workspace')
filename = data.get('filename')
qs = self.get_queryset(workspace)
if filename == 'False' or not filename:
return render_to_csv_response(qs)
else:
filename = utils.clean_path(filename)
with open(filename, 'wb') as csv_file:
write_csv(qs, csv_file)
return common.message(200, filename)
def post(self, request, *args, **kwargs):
Workspaces.objects.all().delete()
return common.message(200, "Workspaces Table have been cleared.")
def post(self, request, *args, **kwargs):
Configurations.objects.all().delete()
return common.message(200, "Configurations Table have been cleared.")
def post(self, request, *args, **kwargs):
self.get_queryset().update(status='Done')
return common.message(200, "Update all status")