def check_faraday_version(): try: server.check_faraday_version() except RuntimeError: get_logger("launcher").error( "The server is running a different Faraday version than the client you are running. Version numbers must match!" )
def __init__(self): super(RawReportProcessor, self).__init__() from faraday.client.start_client import setupPlugins setupPlugins() self.pending_actions = Queue() try: plugin_manager = PluginManager( os.path.join(CONF.getConfigPath(), "plugins")) except AttributeError: get_logger().warning( "Upload reports in WEB-UI not configurated, run Faraday client and try again..." ) self._stop = True return mappers_manager = MapperManager() self.model_controller = ModelController(mappers_manager, self.pending_actions) self.model_controller.start() self.end_event = Event() plugin_controller = PluginController('PluginController', plugin_manager, mappers_manager, self.pending_actions, self.end_event) self.processor = ReportProcessor(plugin_controller, None) self._stop = False
def get_exploits(cveid): """ Use Vulns API to get all exploits available for a specific CVE-ID """ get_logger(__name__).debug("Request parameters: {!r}".format( flask.request.args)) headers = { "Content-Type": "application/json", "Accept": "application/json" } response = requests.get( "https://vulners.com/api/v3/search/id/?references=True&id=" + cveid, headers=headers, timeout=3) try: json_response = {"metasploit": [], "exploitdb": [], "cveid": cveid} if response.status_code == 200: obj_response = response.json() if obj_response["data"]["references"] is not {}: metasploit_modules = obj_response["data"]["references"][ cveid].get("metasploit", []) exploitdb_modules = obj_response["data"]["references"][ cveid].get("exploitdb", []) for module in metasploit_modules: obj_module = {} obj_module.update({"title": module["title"]}) obj_module.update({"id": module["id"]}) obj_module.update({"href": module["href"]}) json_response["metasploit"].append(obj_module) for module in exploitdb_modules: obj_module = {} obj_module.update({"title": module["title"]}) obj_module.update({"id": module["id"]}) obj_module.update({"href": module["href"]}) json_response["exploitdb"].append(obj_module) except KeyError as ex: abort( make_response( jsonify(message='Could not find {0}'.format(ex.message)), 400)) return flask.jsonify(json_response)
def file_upload(workspace=None): """ Upload a report file to Server and process that report with Faraday client plugins. """ get_logger(__name__).debug("Importing new plugin report in server...") # Authorization code copy-pasted from server/api/base.py ws = Workspace.query.filter_by(name=workspace).one() if not (ws.active): # Don't raise a 403 to prevent workspace name enumeration abort(404, "Workspace disabled: %s" % workspace) if 'file' not in request.files: abort(400) try: validate_csrf(request.form.get('csrf_token')) except ValidationError: abort(403) report_file = request.files['file'] if report_file: chars = string.ascii_uppercase + string.digits random_prefix = ''.join(random.choice(chars) for x in range(12)) raw_report_filename = '{0}{1}'.format( random_prefix, secure_filename(report_file.filename)) try: file_path = os.path.join( CONF.getConfigPath(), 'uploaded_reports/{0}'.format(raw_report_filename)) except AttributeError: get_logger().warning( "Upload reports in WEB-UI not configurated, run Faraday client and try again..." ) abort( make_response( jsonify( message= "Upload reports not configurated: Run faraday client and start Faraday server again" ), 500)) with open(file_path, 'w') as output: output.write(report_file.read()) UPLOAD_REPORTS_QUEUE.put((workspace, file_path, request.cookies)) return make_response(jsonify(message="ok"), 200)
def background_process(): """Change workspace. This function runs on a separated thread created by the parent function. DO NOT call any Gtk methods withing its scope, except by emiting signals to the window """ GObject.idle_add(loading_workspace, 'show') try: ws = self.openWorkspace(workspace_name) GObject.idle_add(CONF.setLastWorkspace, ws.name) GObject.idle_add(CONF.saveConfig) except Exception as e: GObject.idle_add(self.handle_no_active_workspace) get_logger("GTK").error(e) GObject.idle_add(loading_workspace, 'destroy') return True
def copy_default_config_to_local(): if os.path.exists(LOCAL_CONFIG_FILE): return # Create directory if it doesn't exist try: os.makedirs(os.path.dirname(LOCAL_CONFIG_FILE)) except OSError as e: if e.errno != errno.EEXIST: raise # Copy default config file into faraday local config shutil.copyfile(DEFAULT_CONFIG_FILE, LOCAL_CONFIG_FILE) from faraday.server.utils.logger import get_logger # pylint:disable=import-outside-toplevel get_logger(__name__).info(u"Local faraday-server configuration created at {}".format(LOCAL_CONFIG_FILE))
def run(self, args): workspace = args.workspace try: ws = super(GuiApp, self).openWorkspace(workspace) except Exception as e: get_logger(self).error( ("Your last workspace %s is not accessible, " "check configuration.") % workspace) get_logger(self).error( "You may try and go to ~/.faraday/config/user.xml " "to set a valid api_uri and last_workspace") get_logger(self).error(str(e)) return -1 workspace = ws.name CONF.setLastWorkspace(workspace) CONF.saveConfig() get_logger(self).info("Workspace %s loaded" % workspace) while True: if self._stop: return time.sleep(0.01)
def get_server_pid(port): logger = get_logger(__name__) if not os.path.isfile(faraday.server.config.FARADAY_SERVER_PID_FILE.format(port)): return None with open(faraday.server.config.FARADAY_SERVER_PID_FILE.format(port), 'r') as pid_file: # If PID file is badly written, delete it and # assume server is not running try: pid = int(pid_file.readline()) except ValueError: logger.warning('PID file was found but is corrupted. '\ 'Assuming server is not running. Please check manually'\ 'if Faraday Server is effectively running') remove_pid_file(port) return None return pid
def is_server_running(port): """Returns server PID if it is running. Otherwise returns None""" logger = get_logger(__name__) pid = get_server_pid(port) if pid is None: return None try: os.kill(pid, 0) except OSError, err: if err.errno == errno.ESRCH: remove_pid_file(port) return None elif err.errno == errno.EPERM: logger.warning("Server is running BUT the current user"\ "doesn't have enough access to operate with it") return pid else: raise
def stop_server(port): """Stops Faraday Server if it isn't running""" logger = get_logger(__name__) pid = is_server_running(port) if pid is None: logger.error('Faraday Server is not running') return False try: logger.info('Sending SIGTERM to pid {0}, in port {1}'.format(pid, port)) os.kill(pid, signal.SIGTERM) logger.info("Faraday Server stopped successfully") except OSError, err: if err.errno == errno.EPERM: logger.error("Couldn't stop Faraday Server. User doesn't"\ "have enough permissions") return False else: raise err
def run(self): logger.info('Tool report processor started') while not self._stop: try: workspace, file_path, cookie = UPLOAD_REPORTS_QUEUE.get( False, timeout=0.1) get_logger().info( 'Processing raw report {0}'.format(file_path)) # Cookie of user, used to create objects in server with the right owner. server.FARADAY_UPLOAD_REPORTS_WEB_COOKIE = cookie server.FARADAY_UPLOAD_REPORTS_OVERWRITE_SERVER_URL = "http://{0}:{1}".format( FaradayServerConfig.faraday_server.bind_address, FaradayServerConfig.faraday_server.port) self.processor.ws_name = workspace command_id = self.processor.processReport(file_path) UPLOAD_REPORTS_CMD_QUEUE.put(command_id) if not command_id: continue self.end_event.wait() get_logger().info( 'Report processing of report {0} finished'.format( file_path)) self.end_event.clear() except Empty: time.sleep(0.1) except KeyboardInterrupt as ex: get_logger().info( 'Keyboard interrupt, stopping report processing thread') self.stop() except Exception as ex: get_logger().exception(ex) continue
def wrapper(*args, **kwargs): try: res = func(*args, **kwargs) except ServerRequestException as e: res = response_in_emergency get_logger("Server-GTK IO").warning(e) except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): res = response_in_emergency get_logger("Server-GTK IO").error( "It looks like the Faraday Server " "URL is not correctly formated. Please change it and " "remember to set it with a valid protocol, like http.\n" "For example: http://faradayserver:port/") except Exception: res = response_in_emergency get_logger("Server-GTK IO").error( "It looks like the Faraday Server is not running\n") return res
def update(self, event): if event.type() == CHANGEFROMINSTANCE: get_logger(self).info("[Update Received] " + event.change.getMessage())
def __init__(self): self.logger = get_logger(self)
def run(self, args): workspace = args.workspace try: ws = super(GuiApp, self).openWorkspace(workspace) except Exception as e: get_logger(self).error( ("Your last workspace %s is not accessible, " "check configuration.") % workspace) get_logger(self).error( "You may try and go to ~/.faraday/config/user.xml " "to set a valid api_uri and last_workspace") get_logger(self).error(str(e)) valid = False for i in range(4): workspace = raw_input("Please write the correct, Workspace): ") try: ws = super(GuiApp, self).openWorkspace(workspace) valid = True break except Exception as err: get_logger(self).error( ("Your last workspace %s is not accessible, " "check configuration.") % workspace) get_logger(self).error( "You may try and go to ~/.faraday/config/user.xml " "to set a valid api_uri and last_workspace") get_logger(self).error(str(err)) if not valid: return -1 workspace = ws.name CONF.setLastWorkspace(workspace) CONF.saveConfig() get_logger(self).info("Workspace %s loaded" % workspace) while True: if self._stop: return time.sleep(0.01)
def start_server(): get_logger(__name__).info('Running as a daemon') WORKDIR = faraday.server.config.FARADAY_BASE createDaemon()