def editOne(self, scenario_json):
"""
Edits a current scenario with a JSON file
:param scenario_json: JSON file with the new scenario
:return: Response object containing the status of the request
"""
response = Response()
print(scenario_json)
scenario_name = scenario_json["scenario_name"]
if scenario_name in self.scenarios_dict:
if "machines" in scenario_json:
for machine in scenario_json["machines"]:
if scenario_json["machines"][machine]["uuid"] == "":
new_uuid = uuid.uuid4()
new_uuid = str(new_uuid).replace('-', '')
print("Unique id: ", new_uuid)
scenario_json['machines'][machine]['uuid'] = new_uuid
scenario_json = Scenario(scenario_name).objectFromDictionary(
scenario_json)
self.scenarios_dict[scenario_name] = scenario_json
#self._saveScenarioAsJSON(new_scenario)
self.db_manager.editScenario(scenario_json.dictionary().copy())
response.setResponse(True)
response.setBody(self.scenarios_dict[scenario_name].dictionary())
else:
response.setReason('Scenario doesn\'t exist')
response.setResponse(False)
response.setBody(dict())
return response.dictionary()
def createSharedFolders(self, scenario_json):
"""
Creates the shared folder within a scenario.
:param scenario_json: JSON containing the scenario data
:return: Response object containing request info
"""
response = Response()
self.console_manager.printRed('Creating shared folders: ')
try:
machines = scenario_json['machines']
scenario_name = scenario_json['scenario_name']
machine_names = machines.keys()
machines_path = self.getScenariosPath(
) / scenario_name / "Machines"
for machine_name in machine_names:
machine_uuid = scenario_json["machines"][machine_name]["uuid"]
shared_folder_path = machines_path / machine_uuid / "host_shared_folder"
if os.path.isdir(shared_folder_path):
self.console_manager.printGreen("Folder already exists")
else:
os.makedirs(shared_folder_path)
except KeyError as key_not_found:
self.console_manager.printGreen(''.join(
[key_not_found, " has not been defined"]))
response.setResponse(False)
response.setReason(key_not_found, " has not been defined")
except OSError:
self.console_manager.printGreen("OS Error")
response.setResponse(False)
response.setReason("OS Error")
except:
self.console_manager.printGreen(''.join(
["Unexpected error:", sys.exc_info()[0]]))
response.setResponse(True)
return response.dictionary()
def sendCommand(self,
scenario_name,
machine_name,
command,
default_timeout=5,
show_output=True):
"""
Sends a command to a virtual machine.
:param scenario_name: Scenario's name string
:param machine_name: Machine's name string
:param command: Command to be executed
:param default_timeout: Timeout for executing the command
:param show_output: Boolean to show an output
:return: Response object containing the status of the request
"""
response = Response()
scenario = db_manager.getScenario(scenario_name)
return_code = ''
if scenario:
scenario_json = scenario[0]
#First we need to move to the directory of the given machine
machine_uuid = scenario_json["machines"][machine_name]["uuid"]
machine_path = file_manager.getScenariosPath(
) / scenario_name / "Machines" / machine_uuid
#using "vagrant ssh -c 'command' <machine>" will only try to execute that command and return, CHANGE THIS
connect_command = "vagrant ssh -c '{}' {}".format(
command, machine_uuid)
sshProcess = subprocess.Popen(connect_command,
cwd=machine_path,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
universal_newlines=True,
shell=True,
bufsize=0)
#wait for the execution to finish, process running on different shell
sshProcess.wait()
sshProcess.stdin.close()
return_code = sshProcess.returncode
if show_output:
for line in sshProcess.stdout:
if line == "END\n":
break
print(line, end="")
for line in sshProcess.stdout:
if line == "END\n":
break
print(line, end="")
else:
response.setResponse(False)
response.setReason('Scenario doesn\'t exist')
return return_code
def getOne(self, scenario_name):
"""
Gets the scenario as a JSON file
:param scenario_name: String with the scenario name
:return: Response object containing the status of the request
"""
response = Response()
if scenario_name in self.scenarios_dict:
response.setResponse(True)
response.setBody(self.scenarios_dict[scenario_name].dictionary())
else:
response.setResponse(False)
response.setReason('Scenario doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def getOne(self, exploit_name):
"""
Gets the scenario as a JSON file
:param exploit_name: Exploit's name string
:return: Response object containing the status of the request
"""
response = Response()
if exploit_name in self.exploits_dict:
response.setResponse(True)
response.setBody(self.exploits_dict[exploit_name].dictionary())
else:
response.setResponse(False)
response.setReason('Exploit doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def testNetworkPing(self,
scenario_name,
machine_name,
destination_machine_name,
count=1):
"""
Tests connection between the host and a virtual machine.
:param scenario_name: Scenario's name string
:param machine_name: Machine's name string
:param destination_machine_name: Machine's to be pinged
:param count: Counter used in the ping command
:return: Response object containing the status of the request
"""
response = Response()
scenario = db_manager.getOne(scenario_name)
if scenario:
scenario_data = scenario[0]
try:
machines = scenario_data['machines']
machine_to_ping = machines[destination_machine_name]
machine_to_ping_network_settings = machine_to_ping[
'network_settings']
destination_ip = machine_to_ping_network_settings['ip_address']
ping_command = "ping -c {} {}".format(count, destination_ip)
return_code = self.sendCommand(scenario_name, machine_name,
ping_command)
if return_code == 0:
print("Ping Successfully")
response.setResponse(True)
response.setReason("Ping Successfully")
elif return_code == 1:
print("No answer from %s" % destination_machine_name)
response.setResponse(False)
response.setReason("No answer from %s" %
destination_machine_name)
else:
print("Another error has occurred")
response.setResponse(False)
response.setReason("Another error has occurred")
except KeyError:
print("Machines not defined for this Scenario")
response.setResponse(False)
response.setReason("Machines not defined for this Scenario")
else:
print("Scenario %s not found" % scenario_name)
response.setResponse(False)
response.setReason("Scenario %s not found" % scenario_name)
return response.dictionary()
def getOne(self, vulnerability_name):
"""
Gets the scenario as a JSON file
:param vulnerability_name: VUlnerability's name string
:return: Response object containing the status of the request
"""
response = Response()
if vulnerability_name in self.vulnerabilities_dict:
response.setResponse(True)
response.setBody(
self.vulnerabilities_dict[vulnerability_name].dictionary())
else:
response.setResponse(False)
response.setReason('Vulnerability doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def deleteOne(self, exploit_name):
"""
Deletes an exploit from the database.
:param exploit_name: Exploit's name string
:return: Response object containing the status of the request
"""
response = Response()
if exploit_name in self.exploits_dict:
deleted_exploit = self.exploits_dict.pop(exploit_name)
self.db_manager.deleteExploit(exploit_name)
response.setResponse(True)
response.setBody(deleted_exploit.dictionary())
else:
response.setResponse(False)
response.setReason('Exploit doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def deleteOne(self, scenario_name):
"""
Deletes one scenario from the database.
:param scenario_name: Scenario's name string
:return: Response object containing the status of the request
"""
response = Response()
if scenario_name in self.scenarios_dict:
deleted_scenario = self.scenarios_dict.pop(scenario_name)
#self.file_manager.deleteScenariosFolder(scenario_name)
self.db_manager.deleteScenario(scenario_name)
response.setResponse(True)
response.setBody(deleted_scenario.dictionary())
else:
response.setResponse(False)
response.setReason('Scenario doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def deleteOne(self, vulnerability_name):
"""
Deletes a vulnerability from the database.
:param vulnerability_name: Vulnerability's name string
:return: Response object containing the status of the request
"""
response = Response()
if vulnerability_name in self.vulnerabilities_dict:
deleted_vulnerability = self.vulnerabilities_dict.pop(
vulnerability_name)
self.db_manager.deleteVulnerability(vulnerability_name)
response.setResponse(True)
response.setBody(deleted_vulnerability.dictionary())
else:
response.setResponse(False)
response.setReason('Vulnerability doesn\'t exist')
response.setBody(dict())
return response.dictionary()
def newEmpty(self, exploit_name):
"""
Creates a new exploit which includes the folders and the exploit JSON file
:param exploit_name: String with the exploit name
:return: Response object containing the status of the request
"""
response = Response()
if exploit_name not in self.exploits_dict:
exploit = Exploit(exploit_name)
self.exploits_dict[exploit_name] = exploit
self.db_manager.insertExploit(exploit.dictionary().copy())
response.setResponse(True)
response.setBody(exploit.dictionary())
else:
response.setResponse(False)
response.setReason('Exploit already exist')
response.setBody(dict())
return response.dictionary()
def newEmpty(self, vulnerability_name):
"""
Creates a new vulnerability which includes the folders and the vulnerability JSON file
:param vulnerability_name: String with the vulnerability name
:return: Response object containing the status of the request
"""
response = Response()
if vulnerability_name not in self.vulnerabilities_dict:
vulnerability = Vulnerability(vulnerability_name)
self.vulnerabilities_dict[vulnerability_name] = vulnerability
self.db_manager.insertVulnerability(
vulnerability.dictionary().copy())
response.setResponse(True)
response.setBody(vulnerability.dictionary())
else:
response.setResponse(False)
response.setReason('Vulnerability already exist')
response.setBody(dict())
return response.dictionary()
def editOne(self, exploit_json):
"""
Edits a current scenario with a JSON file
:param exploit_json: JSON file with the exploit's data
:return: Response object containing the status of the request
"""
response = Response()
print(exploit_json)
exploit_name = exploit_json["name"]
if exploit_name in self.exploits_dict:
exploit_json = Exploit().objectFromDictionary(exploit_json)
self.exploits_dict[exploit_name] = exploit_json
self.db_manager.editExploit(exploit_json.dictionary().copy())
response.setResponse(True)
response.setBody(self.exploits_dict[exploit_name].dictionary())
else:
response.setReason('Exploit doesn\'t exist')
response.setResponse(False)
response.setBody(dict())
return response.dictionary()
def createSaltStackFolder(self, scenario_json):
"""
Creates a folder for each machine in the scenario
:param scenario_json: String with the scenario name
:return: True if machine folders are created successfully
"""
# Response message for the requester
response = Response()
self.console_manager.printRed('Creating saltstack folders: ')
try:
machines = scenario_json['machines']
scenario_name = scenario_json['scenario_name']
machine_names = machines.keys()
machines_path = self.getScenariosPath(
) / scenario_name / "Machines"
for machine_name in machine_names:
machine_uuid = scenario_json["machines"][machine_name]["uuid"]
saltstack_path = machines_path / machine_uuid / 'salt'
keys_path = saltstack_path / 'keys'
etc_path = saltstack_path / 'conf'
paths = [saltstack_path, keys_path, etc_path]
for path in paths:
if os.path.isdir(path):
self.console_manager.printGreen(
"Folder already exists")
else:
os.makedirs(path)
except KeyError as key_not_found:
self.console_manager.printGreen(''.join(
[key_not_found, " has not been defined"]))
response.setResponse(False)
response.setReason(key_not_found, " has not been defined")
except OSError:
self.console_manager.printGreen("OS Error")
response.setResponse(False)
response.setReason("OS Error")
except:
self.console_manager.printGreen(''.join(
["Unexpected error:", sys.exc_info()[0]]))
response.setResponse(True)
return response.dictionary()
def vagrantMachineCommand(self, scenario_name, machine_name, command):
"""
Runs the given vagrant command on the desired machine, if allowed.
:param scenario_name: Name of scenario containing the machine
:param machine_name: String with the machine name
:return: Response object containing the status of the request
"""
response = Response()
scenario = db_manager.getScenario(scenario_name)
if scenario:
scenario_json = scenario[0]
machine_uuid = scenario_json["machines"][machine_name]["uuid"]
allowed_commands = ['suspend', 'halt', 'resume', 'status']
if command not in allowed_commands:
response = Response(False, "Given command not allowed")
return response.dictionary()
else:
try:
machine_path = file_manager.getScenariosPath(
) / scenario_name / "Machines" / machine_uuid
if command != 'status':
os.chdir(machine_path)
subprocess.run(['vagrant', command])
machine_state = VagrantManager.vagrantStatus(
machine_uuid, machine_path)
response = Response(True,
body={machine_name: machine_state})
return response.dictionary()
except OSError:
error_message = "OS ERROR while running %s command on %s machine " % command, machine_name
print(error_message)
response = Response(False, error_message)
return response.dictionary()
else:
response.setResponse(False)
response.setReason('Scenario doesn\'t exist')
return response.dictionary()
def newEmpty(self, scenario_name):
"""
Creates a new scenario which includes the folders and the scenario JSON file
:param scenario_name: String with the scenario name
:return: Response object containing the status of the request
"""
#Folder creation moved to FileManager
response = Response()
if scenario_name not in self.scenarios_dict:
#self.file_manager.createScenarioFolders(scenario_name)
scenario = Scenario(scenario_name)
self.scenarios_dict[scenario_name] = scenario
#self._saveScenarioAsJSON(scenario)
self.db_manager.insertScenario(scenario.dictionary().copy())
response.setResponse(True)
response.setBody(scenario.dictionary())
else:
response.setResponse(False)
response.setReason('Scenario already exist')
response.setBody(dict())
return response.dictionary()
def editOne(self, vulnerability_json):
"""
Edits a current scenario with a JSON file
:param vulnerability_json: JSON file new vulnerability
:return: Response object containing the status of the request
"""
response = Response()
print(vulnerability_json)
vulnerability_name = vulnerability_json["name"]
if vulnerability_name in self.vulnerabilities_dict:
vulnerability_json = Vulnerability().objectFromDictionary(
vulnerability_json)
self.vulnerabilities_dict[vulnerability_name] = vulnerability_json
self.db_manager.editVulnerability(
vulnerability_json.dictionary().copy())
response.setResponse(True)
response.setBody(
self.vulnerabilities_dict[vulnerability_name].dictionary())
else:
response.setReason('Vulnerability doesn\'t exist')
response.setResponse(False)
response.setBody(dict())
return response.dictionary()
