def new_machine(scenario_id): if request.method == 'POST': form = NewMachineForm(request.form) logger.info(request.form) if not form.validate() or not is_pyro_running(): flash_form_errors(form) os_list = OS.query.all() exploits, vulns = get_files_from_scenario(scenario_id) return render_template('configMachine.html', scenario_id=scenario_id, os_list=os_list, machine_types=MachineTypeEnum, network_types=NetworkTypeEnum, form=form, exploits=exploits, vulns=vulns) rdp_ip = get_rdp_ip() machine = Machine(name=form.name.data, machine_ip='', rdp_ip=rdp_ip, rdp_port=5000, machine_type=form.machine_type.data, processors=form.processors.data, memory=form.memory.data, scenario_id=scenario_id, os_id=form.vm_os.data, network_type=form.network_type.data, cmd_line=form.cmd_line.data, cmd_order=form.cmd_order.data) if form.network_name: machine.network_name = form.network_name.data files = get_files(form.exploits.data, form.vulns.data) machine.file = files db.session.add(machine) db.session.commit() scenario = Scenario.query.filter_by(id=scenario_id).first() machine1 = Machine.query.filter_by(id=machine.id).first() machine1.machine_ip = machine_gen.generate_ip(scenario.id, machine1.id) machine1.rdp_port = machine_gen.generate_port(machine.id) db.session.commit() rdpManager = RDPManager(username=scenario.id, password=scenario.id) rdpManager.add_connection(name=machine.id, username=machine.machine_username, password=machine.machine_password, hostname=machine.rdp_ip, port=machine.rdp_port) connection_id = rdpManager.get_connection_id(str(machine.id)) connection_link = rdpManager.get_connection_link(connection_id) machine.connection_link = connection_link machine.connection_id = connection_id db.session.commit() flash("Machine created", 'success') return redirect(url_for('configure', id=scenario_id)) if request.method == 'GET': is_pyro_running() os_list = OS.query.all() exploits, vulns = get_files_from_scenario(scenario_id) return render_template('configMachine.html', scenario_id=scenario_id, os_list=os_list, machine_types=MachineTypeEnum, network_types=NetworkTypeEnum, exploits=exploits, vulns=vulns)
def new_scenario(): exploits = File.query.filter_by(file_type=FileTypeEnum.pov).all() vulns = File.query.filter_by(file_type=FileTypeEnum.vuln).all() if request.method == 'GET': is_pyro_running() return render_template('newScenario.html', exploits=exploits, vulns=vulns) else: form = NewScenarioForm(request.form) logger.info(request.form) if not is_pyro_running(): return render_template('newScenario.html', exploits=exploits, vulns=vulns, form=form) if not form.validate(): logger.info(form.errors) flash_form_errors(form) return render_template('newScenario.html', exploits=exploits, vulns=vulns, form=form) scenario = Scenario(name=form.name.data, description=form.description.data, cve_number=form.cve_number.data) files = get_files(form.exploits.data, form.vulns.data) scenario.file = files db.session.add(scenario) db.session.commit() rdpManager = RDPManager() rdpManager.add_user(scenario.id, scenario.id) guacUser = GuacUser(guac_username=scenario.id, guac_password=scenario.id, scenario_id=scenario.id) db.session.add(guacUser) db.session.commit() exploits = form.exploits.data for index, exploit in enumerate(exploits): f = File.query.filter_by(name=exploit).first() if f: rdp_ip = get_rdp_ip() os_rec = scenario_gen.generate_os_rec(f) rec_machine = Machine(name=scenario.name + '-Exploits' + str(index + 1), scenario_id=scenario.id, rdp_ip=rdp_ip) rec_machine.file.append(f) db.session.add(rec_machine) db.session.commit() machine_gen.generate(scenario, rec_machine, os_rec, vulns) db.session.commit() rdpManager = RDPManager(username=scenario.id, password=scenario.id) rdpManager.add_connection( name=rec_machine.id, username=rec_machine.machine_username, password=rec_machine.machine_password, hostname=rec_machine.rdp_ip, port=rec_machine.rdp_port) print(scenario.id) # machine_gen.generate(scenario, rec_machine, os_rec, vulns) # db.session.commit() connection_id = rdpManager.get_connection_id( str(rec_machine.id)) connection_link = rdpManager.get_connection_link(connection_id) # print(connection_link) rec_machine.connection_link = connection_link rec_machine.connection_id = connection_id db.session.commit() return redirect(url_for('configure', id=scenario.id))