1 | | - | """ |
2 | | - | OWASP Maryam! |
3 | | - | |
4 | | - | This program is free software: you can redistribute it and/or modify |
5 | | - | it under the terms of the GNU General Public License as published by |
6 | | - | the Free Software Foundation, either version 3 of the License, or |
7 | | - | any later version. |
8 | | - | |
9 | | - | This program is distributed in the hope that it will be useful, |
10 | | - | but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | | - | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 | | - | GNU General Public License for more details. |
13 | | - | |
14 | | - | You should have received a copy of the GNU General Public License |
15 | | - | along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | | - | """ |
17 | | - | |
18 | | - | import flask |
19 | | - | from flask import request, jsonify, render_template |
20 | | - | |
21 | | - | framework = None |
22 | | - | app = flask.Flask('OWASP Maryam', template_folder='gui/templates', static_folder='gui/static') |
23 | | - | |
24 | | - | @app.route('/iris_cluster') |
25 | | - | def iris_cluster(): |
26 | | - | return render_template('index.html') |
27 | | - | |
28 | | - | @app.route('/', methods=['GET', 'POST']) |
29 | | - | def home(): |
30 | | - | page = '<pre>current pages:<br>/api/modules => running modules<br>/api/framework => framework commands<br>/iris_cluster => search your query and get iris and cluster results</pre>' |
31 | | - | return page |
32 | | - | |
33 | | - | |
34 | | - | @app.route('/api/', methods=['GET', 'POST']) |
35 | | - | def api(): |
36 | | - | page = '<pre>current pages:<br>/api/modules => running modules<br>/api/framework => framework commands'\ |
37 | | - | '<br><b>/api/modules?_module=<module-name>&options[short or long]...</b>'\ |
38 | | - | '<br>["meta"]: api metadata'\ |
39 | | - | '<br>["meta"]["error"]: error messages. None if no error occurs'\ |
40 | | - | '<br>["meta"]["command"]: input command'\ |
41 | | - | '<br>["output"]: module output'\ |
42 | | - | '<br>["output"]["running_errors]: error messages that occurs during running the module'\ |
43 | | - | '<br><b>/api/framework?command=<command></b>'\ |
44 | | - | '<br>["meta"]: api metadata'\ |
45 | | - | '<br>["meta"]["error"]: error messages. None if no error occurs'\ |
46 | | - | '<br>["meta"]["command"]: input command'\ |
47 | | - | '</pre>' |
48 | | - | return page |
49 | | - | |
50 | | - | @app.route('/api/framework') |
51 | | - | def api_framework(): |
52 | | - | error = None |
53 | | - | command = None |
54 | | - | page = {'meta': {'error': error, 'command': command}} |
55 | | - | if 'command' in request.args: |
56 | | - | invalid_commands = ['workspaces', 'set', 'unset', 'history', 'report', 'update'] |
57 | | - | command = request.args['command'] |
58 | | - | if command != '': |
59 | | - | if command.split(' ')[0] in invalid_commands: |
60 | | - | framework.onecmd(command) |
61 | | - | command = request.args['command'] |
62 | | - | else: |
63 | | - | error = 'Invalid command.' |
64 | | - | else: |
65 | | - | error = 'No command specified.' |
66 | | - | else: |
67 | | - | error = 'no command specified.' |
68 | | - | page['meta']['command'] = command |
69 | | - | page['meta']['error'] = error |
70 | | - | return jsonify(page) |
71 | | - | |
72 | | - | @app.route('/api/modules') |
73 | | - | def api_modules(): |
74 | | - | page = {'meta': {'error': None, 'command': None}, 'output': {}} |
75 | | - | # If no module specified |
76 | | - | args_dict = request.args.to_dict() |
77 | | - | if '_module' not in args_dict: |
78 | | - | page['meta']['error'] = 'No module specified.' |
79 | | - | return jsonify(page) |
80 | | - | module_name = args_dict.pop('_module') |
81 | | - | # If module doesn't exist |
82 | | - | if module_name not in framework._loaded_modules: |
83 | | - | page['meta']['error'] = f"Module name '{module_name}' not found." |
84 | | - | return jsonify(page) |
85 | | - | if args_dict == {}: |
86 | | - | page['meta']['error'] = f"No option specified." |
87 | | - | return jsonify(page) |
88 | | - | module = framework._loaded_modules[module_name] |
89 | | - | options = module.meta['options'] |
90 | | - | true_options = ('true', 'on', 'yes', '1', True) |
91 | | - | framework.options = {} |
92 | | - | # Add framework options |
93 | | - | if 'output' in args_dict: |
94 | | - | if args_dict['output'] in true_options: |
95 | | - | framework.options['output'] = True |
96 | | - | else: |
97 | | - | framework.options['output'] = False |
98 | | - | else: |
99 | | - | framework.options['output'] = False |
100 | | - | |
101 | | - | # Setting options |
102 | | - | for option in options: |
103 | | - | option_name = option[0] |
104 | | - | option_required = option[2] |
105 | | - | option_type = option[6] |
106 | | - | option_name_short = option[4][1:] |
107 | | - | option_action = option[5] |
108 | | - | if option_name in args_dict: |
109 | | - | option_value = args_dict[option_name] |
110 | | - | elif option_name_short in args_dict: |
111 | | - | option_value = args_dict[option_name_short] |
112 | | - | else: |
113 | | - | option_value = option[1] |
114 | | - | |
115 | | - | if option_action == 'store': |
116 | | - | if isinstance(option_value, option_type): |
117 | | - | framework.options[option_name] = option_value |
118 | | - | else: |
119 | | - | page['meta']['error'] = f"Need {option_type}. got invalid type for {option_name}." |
120 | | - | return jsonify(page) |
121 | | - | else: |
122 | | - | if option_value in true_options: |
123 | | - | framework.options[option_name] = True |
124 | | - | try: |
125 | | - | output = framework.mod_api_run(module_name) |
126 | | - | except Exception as e: |
127 | | - | framework.print_exception() |
128 | | - | output = False |
129 | | - | if output == False: |
130 | | - | page['meta']['error'] = 'Something went wrong.' |
131 | | - | else: |
132 | | - | page['output'] = output |
133 | | - | if page['output']['running_errors'] != []: |
134 | | - | page['meta']['error'] = 'Runtime error.' |
135 | | - | page['meta']['command'] = framework.options |
136 | | - | return jsonify(page) |
137 | | - | |
138 | | - | @app.errorhandler(404) |
139 | | - | def page_not_found(e): |
140 | | - | return "<pre>404</pre>", 404 |
141 | | - | |
142 | | - | def run_app(core_obj, host='127.0.0.1', port=1313): |
143 | | - | global framework |
144 | | - | framework = core_obj |
145 | | - | app.run(host=host, port=port) |
146 | | - | |
147 | | - | |