| 1 | + | """ |
| 2 | + | OWASP Maryam! |
| 3 | + | |
| 4 | + | This program is free software: you can redistribute it and/or modify |
| 5 | + | it under the terms of the GNU General Public License as published by |
| 6 | + | the Free Software Foundation, either version 3 of the License, or |
| 7 | + | any later version. |
| 8 | + | |
| 9 | + | This program is distributed in the hope that it will be useful, |
| 10 | + | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | + | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | + | GNU General Public License for more details. |
| 13 | + | |
| 14 | + | You should have received a copy of the GNU General Public License |
| 15 | + | along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | + | """ |
| 17 | + | |
| 18 | + | import flask |
| 19 | + | from flask import request, jsonify |
| 20 | + | |
| 21 | + | framework = None |
| 22 | + | app = flask.Flask('OWASP Maryam') |
| 23 | + | |
| 24 | + | @app.route('/', methods=['GET', 'POST']) |
| 25 | + | def home(): |
| 26 | + | page = '<pre>current pages:<br>/api/modules => running modules<br>/api/framework => framework commands</pre>' |
| 27 | + | return page |
| 28 | + | |
| 29 | + | |
| 30 | + | @app.route('/api/', methods=['GET', 'POST']) |
| 31 | + | def api(): |
| 32 | + | page = '<pre>current pages:<br>/api/modules => running modules<br>/api/framework => framework commands'\ |
| 33 | + | '<br><b>/api/modules?_module=<module-name>&options[short or long]...</b>'\ |
| 34 | + | '<br>["meta"]: api metadata'\ |
| 35 | + | '<br>["meta"]["error"]: error messages. None if no error occurs'\ |
| 36 | + | '<br>["meta"]["command"]: input command'\ |
| 37 | + | '<br>["output"]: module output'\ |
| 38 | + | '<br>["output"]["running_errors]: error messages that occurs during running the module'\ |
| 39 | + | '<br><b>/api/framework?command=<command></b>'\ |
| 40 | + | '<br>["meta"]: api metadata'\ |
| 41 | + | '<br>["meta"]["error"]: error messages. None if no error occurs'\ |
| 42 | + | '<br>["meta"]["command"]: input command'\ |
| 43 | + | '</pre>' |
| 44 | + | return page |
| 45 | + | |
| 46 | + | @app.route('/api/framework') |
| 47 | + | def api_framework(): |
| 48 | + | error = None |
| 49 | + | command = None |
| 50 | + | page = {'meta': {'error': error, 'command': command}} |
| 51 | + | if 'command' in request.args: |
| 52 | + | invalid_commands = ['workspaces', 'set', 'unset', 'history', 'report', 'update'] |
| 53 | + | command = request.args['command'] |
| 54 | + | if command != '': |
| 55 | + | if command.split(' ')[0] in invalid_commands: |
| 56 | + | framework.onecmd(command) |
| 57 | + | command = request.args['command'] |
| 58 | + | else: |
| 59 | + | error = 'Invalid command.' |
| 60 | + | else: |
| 61 | + | error = 'No command specified.' |
| 62 | + | else: |
| 63 | + | error = 'no command specified.' |
| 64 | + | page['meta']['command'] = command |
| 65 | + | page['meta']['error'] = error |
| 66 | + | return jsonify(page) |
| 67 | + | |
| 68 | + | @app.route('/api/modules') |
| 69 | + | def api_modules(): |
| 70 | + | page = {'meta': {'error': None, 'command': None}, 'output': {}} |
| 71 | + | # If no module specified |
| 72 | + | args_dict = request.args.to_dict() |
| 73 | + | if '_module' not in args_dict: |
| 74 | + | page['meta']['error'] = 'No module specified.' |
| 75 | + | return jsonify(page) |
| 76 | + | module_name = args_dict.pop('_module') |
| 77 | + | # If module doesn't exist |
| 78 | + | if module_name not in framework._loaded_modules: |
| 79 | + | page['meta']['error'] = f"Module name '{module_name}' not found." |
| 80 | + | return jsonify(page) |
| 81 | + | if args_dict == {}: |
| 82 | + | page['meta']['error'] = f"No option specified." |
| 83 | + | return jsonify(page) |
| 84 | + | module = framework._loaded_modules[module_name] |
| 85 | + | options = module.meta['options'] |
| 86 | + | true_options = ('true', 'on', 'yes', '1', True) |
| 87 | + | framework.options = {} |
| 88 | + | # Add framework options |
| 89 | + | if 'output' in args_dict: |
| 90 | + | if args_dict['output'] in true_options: |
| 91 | + | framework.options['output'] = True |
| 92 | + | else: |
| 93 | + | framework.options['output'] = False |
| 94 | + | else: |
| 95 | + | framework.options['output'] = False |
| 96 | + | |
| 97 | + | # Setting options |
| 98 | + | for option in options: |
| 99 | + | option_name = option[0] |
| 100 | + | option_required = option[2] |
| 101 | + | option_type = option[6] |
| 102 | + | option_name_short = option[4][1:] |
| 103 | + | option_action = option[5] |
| 104 | + | if option_name in args_dict: |
| 105 | + | option_value = args_dict[option_name] |
| 106 | + | elif option_name_short in args_dict: |
| 107 | + | option_value = args_dict[option_name_short] |
| 108 | + | else: |
| 109 | + | option_value = option[1] |
| 110 | + | |
| 111 | + | if option_action == 'store': |
| 112 | + | if isinstance(option_value, option_type): |
| 113 | + | framework.options[option_name] = option_value |
| 114 | + | else: |
| 115 | + | page['meta']['error'] = f"Need {option_type}. got invalid type for {option_name}." |
| 116 | + | return jsonify(page) |
| 117 | + | else: |
| 118 | + | if option_value in true_options: |
| 119 | + | framework.options[option_name] = True |
| 120 | + | try: |
| 121 | + | output = framework.mod_api_run(module_name) |
| 122 | + | except Exception as e: |
| 123 | + | framework.print_exception() |
| 124 | + | output = False |
| 125 | + | if output == False: |
| 126 | + | page['meta']['error'] = 'Something went wrong.' |
| 127 | + | else: |
| 128 | + | page['output'] = output |
| 129 | + | if page['output']['running_errors'] != []: |
| 130 | + | page['meta']['error'] = 'Runtime error.' |
| 131 | + | page['meta']['command'] = framework.options |
| 132 | + | return jsonify(page) |
| 133 | + | |
| 134 | + | @app.errorhandler(404) |
| 135 | + | def page_not_found(e): |
| 136 | + | return "<pre>404</pre>", 404 |
| 137 | + | |
| 138 | + | def run_app(core_obj, host='127.0.0.1', port=1313): |
| 139 | + | global framework |
| 140 | + | framework = core_obj |
| 141 | + | app.run(host=host, port=port) |
| 142 | + | |