from app import apfell, links, use_ssl
from sanic import response
from jinja2 import Environment, PackageLoader
from sanic_jwt.decorators import protected, inject_user
env = Environment(loader=PackageLoader('app', 'templates'))
@apfell.route("/attacks/host_file", methods=['GET'])
@inject_user()
@protected()
async def attacks_host_file(request, user):
template = env.get_template('attacks_host_file.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss")
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws")
return response.html(content)
# add links to the routes in this file at the bottom
links['attacks_host_file'] = apfell.url_for('attacks_host_file')
content = template.render(name=user['username'], links=links, cld=api_data)
return response.html(content)
@apfell.route("/apiui/documentation")
@inject_user()
@protected()
async def apiui_documentation(request, user):
template = env.get_template('apiui_documentation.html')
content = template.render(name=user['username'], links=links)
return response.html(content)
@apfell.route("/apiui/apfell_jxa")
@inject_user()
@protected()
async def apiui_apfell_jxa(request, user):
data = open("./app/templates/default_commands.json", 'r').read()
json_data = js.loads(data)
template = env.get_template('apiui_apfell-jxa.html')
content = template.render(name=user['username'],
links=links,
cmd=json_data)
return response.html(content)
# add links to the routes in this file at the bottom
links['apiui_commandlines'] = apfell.url_for('apiui_commandline')
links['apiui_documentation'] = apfell.url_for('apiui_documentation')
links['apiui_apfell_jxa'] = apfell.url_for('apiui_apfell_jxa')
name='grouped_output')
apfell.static('/no_cmd_output.png',
'./app/static/no_cmd_output.png',
name='no_cmd_output')
apfell.static('/gear_med.png',
'./app/static/Gear-icon_med.png',
name='gear_md')
apfell.static('/add_comment.png',
'./app/static/add_comment.png',
name='add_comment')
apfell.static('/static/bootstrap.3.3.7.min.css',
'./app/static/bootstrap.3.3.7.min.css',
name='bootstrap-css')
apfell.static('/static/ajax.jquery.1.9.1.js',
'./app/static/ajax.jquery.1.9.1.js',
name='ajax')
apfell.static('/static/bootstrap.3.3.7.min.js',
'./app/static/bootstrap.3.3.7.min.js',
name='bootstrap-js')
apfell.static('/static/vue.2.5.13.dist.vue.min.js',
'./app/static/vue.2.5.13.dist.vue.min.js',
name='vue-js')
# add links to the routes in this file at the bottom
links['index'] = apfell.url_for('index')
links['login'] = links['WEB_BASE'] + "/login"
links['logout'] = apfell.url_for('logout')
links['register'] = links['WEB_BASE'] + "/register"
links['settings'] = apfell.url_for('settings')
links['search'] = apfell.url_for('search')
template = env.get_template('view_tasks.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss",
admin=user['admin'],
current_operation=user['current_operation'])
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
admin=user['admin'],
current_operation=user['current_operation'])
return response.html(content)
# add links to these routes at the bottom
links['callbacks'] = apfell.url_for('callbacks')
links['database_management'] = apfell.url_for('db_management')
links['payload_management'] = apfell.url_for('payload_management')
links['analytics'] = apfell.url_for('analytics')
links['c2profile_management'] = apfell.url_for('c2profile_management')
links['operations_management'] = apfell.url_for('operations_management')
links['screencaptures'] = apfell.url_for('screencaptures')
links['keylogs'] = apfell.url_for('keylogs')
links['files'] = apfell.url_for('files')
links['credentials'] = apfell.url_for('credentials')
links['view_tasks'] = apfell.url_for('view_tasks')
admin=user['admin'],
current_operation=user['current_operation'],
config=user['ui_config'])
else:
content = template.render(links=await respect_pivot(links, request),
name=user['username'],
http="http",
ws="ws",
admin=user['admin'],
current_operation=user['current_operation'],
config=user['ui_config'])
return response.html(content)
# add links to these routes at the bottom
links['callbacks'] = apfell.url_for('callbacks')
links['database_management'] = apfell.url_for('db_management')
links['payload_management'] = apfell.url_for('payload_management')
links['analytics'] = apfell.url_for('analytics')
links['c2profile_management'] = apfell.url_for('c2profile_management')
links['operations_management'] = apfell.url_for('operations_management')
links['screencaptures'] = apfell.url_for('screencaptures')
links['keylogs'] = apfell.url_for('keylogs')
links['files'] = apfell.url_for('files')
links['credentials'] = apfell.url_for('credentials')
links['view_tasks'] = apfell.url_for('view_tasks')
links['transform_management'] = apfell.url_for('transform_management')
links['artifacts_management'] = apfell.url_for('artifacts_management')
links['reporting_artifacts'] = apfell.url_for('reporting_artifacts')
links['comments'] = apfell.url_for('comments')
links['manage_browser_scripts'] = apfell.url_for('manage_browser_scripts')
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
@apfell.route("/apiui/command_help")
@inject_user()
@protected()
async def apiui_command_help(request, user):
template = env.get_template('apiui_command_help.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss",
config=user['ui_config'])
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
# add links to the routes in this file at the bottom
links['apiui_commandlines'] = apfell.url_for('apiui_commandline')
links['apiui_documentation'] = apfell.url_for('apiui_documentation')
links['apiui_command_help'] = apfell.url_for('apiui_command_help')
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
@apfell.route("/reporting/attack_mapping")
@inject_user()
@scoped('auth:user')
async def attack_mappings(request, user):
template = env.get_template('mitre_attack_mappings.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss",
config=user['ui_config'])
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
links['full_timeline'] = apfell.url_for('ui_full_timeline')
links['attack_mapping'] = apfell.url_for('attack_mappings')
callback_host + ":" + str(callback_port) +
"/\");")
else:
custom_jxa.write(line)
base_jxa.close()
custom_jxa.close()
success = "true"
except Exception as e:
print(e)
errors['validate_errors'] = "Failed to create payload"
errors['token_errors'] = '<br>'.join(form.csrf_token.errors)
errors['callback_host_errors'] = '<br>'.join(form.callback_host.errors)
errors['callback_port_errors'] = '<br>'.join(form.callback_port.errors)
errors['obfuscation_errors'] = '<br>'.join(form.obfuscation.errors)
errors['output_directory_errors'] = '<br>'.join(
form.output_directory.errors)
errors['callback_interval_errors'] = '<br>'.join(
form.callback_interval.errors)
template = env.get_template('payloads_jxa.html')
content = template.render(name=user.name,
links=links,
form=form,
errors=errors,
success=success)
return response.html(content)
# add links to the routes in this file at the bottom
links['payloads_jxa'] = apfell.url_for('payloads_jxa')
from app import apfell, auth, links, use_ssl
from app.routes.routes import env
from sanic import response
@apfell.route("/callbacks")
@auth.login_required(user_keyword='user')
async def callbacks(request, user):
template = env.get_template('callbacks.html')
if use_ssl:
content = template.render(links=links,
name=user.name,
http="https",
ws="wss")
else:
content = template.render(links=links,
name=user.name,
http="http",
ws="ws")
return response.html(content)
# add links to these routes at the bottom
links['callbacks'] = apfell.url_for('callbacks')
from app import apfell, db_objects, links, use_ssl
from sanic import response
from jinja2 import Environment, PackageLoader
from sanic_jwt.decorators import protected, inject_user
env = Environment(loader=PackageLoader('app', 'templates'))
@apfell.route("/reporting/full_timeline")
@inject_user()
@protected()
async def ui_full_timeline(request, user):
template = env.get_template('reporting_full_timeline.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss")
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws")
return response.html(content)
links['full_timeline'] = apfell.url_for('ui_full_timeline')
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
@apfell.route("/instantiate_c2profile/", methods=['GET'])
@inject_user()
@protected()
async def instantiate_c2profile(request, user):
template = env.get_template('instantiate_c2profile.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss",
config=user['ui_config'])
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'])
return response.html(content)
links['payloads_creation'] = apfell.url_for('payloads_creation')
links['instantiate_c2profile'] = apfell.url_for('instantiate_c2profile')
from app import apfell, links, use_ssl
from sanic import response
from jinja2 import Environment, PackageLoader
from sanic_jwt.decorators import scoped, inject_user
env = Environment(loader=PackageLoader('app', 'templates'))
@apfell.route("/services/host_file", methods=['GET'])
@inject_user()
@scoped('auth:user')
async def services_host_file(request, user):
template = env.get_template('services_host_file.html')
if use_ssl:
content = template.render(links=links, name=user['username'], http="https", ws="wss", config=user['ui_config'])
else:
content = template.render(links=links, name=user['username'], http="http", ws="ws", config=user['ui_config'])
return response.html(content)
# add links to the routes in this file at the bottom
links['services_host_file'] = apfell.url_for('services_host_file')
@apfell.route("/operations_management", methods=['GET'])
@inject_user()
@protected()
async def operations_management(request, user):
template = env.get_template('operations_management.html')
if use_ssl:
content = template.render(links=links,
name=user['username'],
http="https",
ws="wss",
admin=user['admin'],
current_operation=user['current_operation'])
else:
content = template.render(links=links,
name=user['username'],
http="http",
ws="ws",
admin=user['admin'],
current_operation=user['current_operation'])
return response.html(content)
# add links to these routes at the bottom
links['callbacks'] = apfell.url_for('callbacks')
links['database_management'] = apfell.url_for('db_management')
links['payload_management'] = apfell.url_for('payload_management')
links['analytics'] = apfell.url_for('analytics')
links['c2profile_management'] = apfell.url_for('c2profile_management')
links['operations_management'] = apfell.url_for('operations_management')
http="https",
ws="wss")
else:
content = template.render(links=links,
name=user.name,
http="http",
ws="ws")
return response.html(content)
@apfell.route("/db_management")
@auth.login_required(user_keyword='user')
async def db_management(request, user):
template = env.get_template('database_management.html')
if use_ssl:
content = template.render(links=links,
name=user.name,
http="https",
ws="wss")
else:
content = template.render(links=links,
name=user.name,
http="http",
ws="ws")
return response.html(content)
# add links to these routes at the bottom
links['callbacks'] = apfell.url_for('callbacks')
links['database_management'] = apfell.url_for('db_management')
if len(request.query_args) != 0:
data = urllib.parse.unquote(request.query_args[0][1])
query = await db_model.payloadtype_query()
try:
payloadtype = await db_objects.get(query, ptype=data)
except Exception as e:
data = ""
else:
data = ""
if use_ssl:
content = template.render(links=await respect_pivot(links, request),
name=user['username'],
http="https",
ws="wss",
config=user['ui_config'],
view_utc_time=user['view_utc_time'],
agent=data)
else:
content = template.render(links=await respect_pivot(links, request),
name=user['username'],
http="http",
ws="ws",
config=user['ui_config'],
view_utc_time=user['view_utc_time'],
agent=data)
return response.html(content)
# add links to the routes in this file at the bottom
links['apiui_command_help'] = apfell.url_for('apiui_command_help')
auth.login_user(request, login_user)
return response.redirect("/")
except:
# failed to insert into database
errors['validate_errors'] = "failed to create user"
errors['token_errors'] = '<br>'.join(form.csrf_token.errors)
errors['username_errors'] = '<br>'.join(form.username.errors)
errors['password_errors'] = '<br>'.join(form.password.errors)
template = env.get_template('register.html')
content = template.render(links=links, form=form, errors=errors)
return response.html(content)
@apfell.route("/logout")
@auth.login_required
async def logout(request):
auth.logout_user(request)
return response.redirect('/login')
@apfell.exception(NotFound)
async def handler_404(request, exception):
return json({'error': 'Not Found'})
# add links to the routes in this file at the bottom
links['index'] = apfell.url_for('index')
links['login'] = apfell.url_for('login')
links['logout'] = apfell.url_for('logout')
links['register'] = apfell.url_for('register')
