1 | 1 | | package web |
2 | 2 | | |
3 | 3 | | import ( |
4 | | - | "RedMap/internal/app/api" |
| 4 | + | "goc2/internal/app/api" |
5 | 5 | | "encoding/json" |
6 | 6 | | "fmt" |
7 | 7 | | "log" |
8 | 8 | | "net/http" |
9 | 9 | | |
10 | | - | "text/template" |
| 10 | + | //"text/template" |
11 | 11 | | |
12 | 12 | | "github.com/globalsign/mgo/bson" |
13 | 13 | | "github.com/julienschmidt/httprouter" |
14 | 14 | | ) |
15 | 15 | | |
16 | | - | type Todo struct { |
17 | | - | Title string |
18 | | - | Done bool |
19 | | - | } |
20 | | - | |
21 | | - | type TodoPageData struct { |
22 | | - | PageTitle string |
23 | | - | ScanID string |
24 | | - | Todos []Todo |
25 | | - | } |
26 | | - | |
27 | 16 | | type domainObject struct { |
28 | 17 | | ID bson.ObjectId `bson:"_id,omitempty"` |
29 | 18 | | Type string |
| skipped 8 lines |
38 | 27 | | router := httprouter.New() |
39 | 28 | | |
40 | 29 | | //Main Entry |
41 | | - | router.GET("/api/reports", apiReports) |
42 | | - | router.GET("/", reports) |
43 | | - | |
44 | | - | router.GET("/scan", scan) |
45 | 30 | | router.POST("/api/scan", apiScan) |
46 | 31 | | |
47 | | - | //Services Endpoints |
48 | | - | router.GET("/api/services/:name", apiServices) |
49 | | - | router.GET("/services/:name", services) |
50 | | - | router.GET("/services/", redirect) |
| 32 | + | //Main Entry |
| 33 | + | router.GET("/api/test", apiTest) |
51 | 34 | | |
52 | | - | //Vulnerabilities Endpoints |
53 | | - | router.GET("/api/vulns/:name", apiVulns) |
54 | | - | router.GET("/vulns/:name", vulns) |
55 | | - | router.GET("/vulns/", redirect) |
56 | | - | |
57 | | - | //Secrets Endpoints |
58 | | - | router.GET("/api/secrets/:name", apiSecrets) |
59 | | - | router.GET("/secrets/:name", secrets) |
60 | | - | router.GET("/secrets/", redirect) |
61 | | - | |
62 | | - | //Users Endpoints |
63 | | - | router.GET("/api/users/:name", apiUsers) |
64 | | - | router.GET("/users/:name", users) |
65 | | - | router.GET("/users/", redirect) |
| 35 | + | //Agents Endpoints |
| 36 | + | router.GET("/api/agents", apiAgents) |
| 37 | + | router.GET("/agents/", redirect) |
66 | 38 | | |
67 | | - | //Sub Endpoints |
68 | | - | router.GET("/api/sub/:name", apiSub) |
69 | | - | router.GET("/sub/:name", sub) |
70 | | - | router.GET("/sub/", redirect) |
| 39 | + | //commands Endpoints |
| 40 | + | router.GET("/api/cmds/:name", apiCmds) |
| 41 | + | router.GET("/cmds/", redirect) |
71 | 42 | | |
72 | 43 | | fmt.Printf("Starting server at port 8005\n") |
73 | 44 | | if err := http.ListenAndServe(":8005", router); err != nil { |
| skipped 6 lines |
80 | 51 | | http.Redirect(w, r, "/", 301) |
81 | 52 | | } |
82 | 53 | | |
83 | | - | func scan(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
84 | | - | w.Header().Set("Content-Type", "text/html") |
85 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-scan.html")) |
86 | | - | data := TodoPageData{ |
87 | | - | PageTitle: "RedMap - Reports", |
88 | | - | } |
89 | | - | tmpl.ExecuteTemplate(w, "base", data) |
90 | | - | } |
91 | | - | |
92 | 54 | | func apiScan(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
93 | 55 | | w.Header().Set("Content-Type", "application/json") |
94 | 56 | | if err := r.ParseForm(); err != nil { |
| skipped 1 lines |
96 | 58 | | return |
97 | 59 | | } |
98 | 60 | | |
99 | | - | domains := r.FormValue("domains") |
100 | | - | git := r.FormValue("git") |
101 | | - | email := r.FormValue("email") |
102 | | - | scanner := r.FormValue("scanner") |
| 61 | + | //domains := r.FormValue("domains") |
| 62 | + | //git := r.FormValue("git") |
| 63 | + | //email := r.FormValue("email") |
| 64 | + | //scanner := r.FormValue("scanner") |
103 | 65 | | |
104 | 66 | | jsond := map[string]interface{}{ |
105 | 67 | | "status": "Scan Started", |
| skipped 4 lines |
110 | 72 | | log.Fatalln(err) |
111 | 73 | | } |
112 | 74 | | fmt.Fprintf(w, string(jsondata)) |
113 | | - | go api.WebScan(domains, git, email, scanner) |
114 | | - | } |
115 | | - | |
116 | | - | func apiReports(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
117 | | - | w.Header().Set("Content-Type", "application/json") |
118 | | - | |
119 | | - | fmt.Fprintf(w, "%s", api.GetReports()) |
120 | | - | } |
121 | | - | |
122 | | - | func reports(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
123 | | - | w.Header().Set("Content-Type", "text/html") |
124 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-reports.html")) |
125 | | - | data := TodoPageData{ |
126 | | - | PageTitle: "RedMap - Reports", |
127 | | - | ScanID: ps.ByName("name"), |
128 | | - | } |
129 | | - | tmpl.ExecuteTemplate(w, "base", data) |
| 75 | + | //go api.WebScan(domains, git, email, scanner) |
130 | 76 | | } |
131 | 77 | | |
132 | | - | func apiServices(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
| 78 | + | func apiAgents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
133 | 79 | | w.Header().Set("Content-Type", "application/json") |
134 | | - | d := api.GetServices(ps.ByName("name")) |
| 80 | + | d := api.GetAgents() |
135 | 81 | | |
136 | 82 | | fmt.Fprintf(w, "%s", string(d)) |
137 | 83 | | } |
138 | 84 | | |
139 | | - | func services(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
140 | | - | w.Header().Set("Content-Type", "text/html") |
141 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-services.html")) |
142 | | - | data := TodoPageData{ |
143 | | - | PageTitle: "RedMap - Services", |
144 | | - | ScanID: ps.ByName("name"), |
145 | | - | Todos: []Todo{ |
146 | | - | {Title: "Task 1", Done: false}, |
147 | | - | {Title: "Task 2", Done: true}, |
148 | | - | {Title: "Task 3", Done: true}, |
149 | | - | }, |
150 | | - | } |
151 | | - | tmpl.ExecuteTemplate(w, "base", data) |
152 | | - | } |
153 | 85 | | |
154 | | - | func apiVulns(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
| 86 | + | func apiCmds(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
155 | 87 | | w.Header().Set("Content-Type", "application/json") |
156 | | - | d := api.GetVulns(ps.ByName("name")) |
| 88 | + | d := api.GetCommands(ps.ByName("name")) |
157 | 89 | | |
158 | 90 | | fmt.Fprintf(w, "%s", string(d)) |
159 | 91 | | } |
160 | 92 | | |
161 | | - | func vulns(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
162 | | - | w.Header().Set("Content-Type", "text/html") |
163 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-vulns.html")) |
164 | | - | data := TodoPageData{ |
165 | | - | PageTitle: "RedMap - Vulnerabilities", |
166 | | - | ScanID: ps.ByName("name"), |
167 | | - | Todos: []Todo{ |
168 | | - | {Title: "Task 1", Done: false}, |
169 | | - | {Title: "Task 2", Done: true}, |
170 | | - | {Title: "Task 3", Done: true}, |
171 | | - | }, |
172 | | - | } |
173 | | - | tmpl.ExecuteTemplate(w, "base", data) |
174 | | - | } |
175 | | - | |
176 | | - | func apiSecrets(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
177 | | - | w.Header().Set("Content-Type", "application/json") |
178 | | - | d := api.GetSecrets(ps.ByName("name")) |
179 | | - | |
180 | | - | fmt.Fprintf(w, "%s", string(d)) |
181 | | - | } |
182 | | - | |
183 | | - | func secrets(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
184 | | - | w.Header().Set("Content-Type", "text/html") |
185 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-secrets.html")) |
186 | | - | data := TodoPageData{ |
187 | | - | PageTitle: "RedMap - Secrets", |
188 | | - | ScanID: ps.ByName("name"), |
189 | | - | Todos: []Todo{ |
190 | | - | {Title: "Task 1", Done: false}, |
191 | | - | {Title: "Task 2", Done: true}, |
192 | | - | {Title: "Task 3", Done: true}, |
193 | | - | }, |
194 | | - | } |
195 | | - | tmpl.ExecuteTemplate(w, "base", data) |
196 | | - | } |
197 | | - | |
198 | | - | func apiUsers(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
199 | | - | w.Header().Set("Content-Type", "application/json") |
200 | | - | d := api.GetEmails(ps.ByName("name")) |
201 | | - | |
202 | | - | fmt.Fprintf(w, "%s", string(d)) |
203 | | - | } |
204 | | - | |
205 | | - | func users(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
206 | | - | w.Header().Set("Content-Type", "text/html") |
207 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-users.html")) |
208 | | - | data := TodoPageData{ |
209 | | - | PageTitle: "RedMap - Users", |
210 | | - | ScanID: ps.ByName("name"), |
211 | | - | Todos: []Todo{ |
212 | | - | {Title: "Task 1", Done: false}, |
213 | | - | {Title: "Task 2", Done: true}, |
214 | | - | {Title: "Task 3", Done: true}, |
215 | | - | }, |
216 | | - | } |
217 | | - | tmpl.ExecuteTemplate(w, "base", data) |
218 | | - | } |
219 | | - | |
220 | | - | func apiSub(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
221 | | - | w.Header().Set("Content-Type", "application/json") |
222 | | - | d := api.GetSubs(ps.ByName("name")) |
223 | | - | |
224 | | - | fmt.Fprintf(w, "%s", string(d)) |
225 | | - | } |
226 | | - | |
227 | | - | func sub(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
228 | | - | w.Header().Set("Content-Type", "text/html") |
229 | | - | tmpl := template.Must(template.ParseFiles("web/template/base.html", "web/template/tmp-sub.html")) |
230 | | - | data := TodoPageData{ |
231 | | - | PageTitle: "RedMap - Subdomain Takeovers", |
232 | | - | ScanID: ps.ByName("name"), |
233 | | - | Todos: []Todo{ |
234 | | - | {Title: "Task 1", Done: false}, |
235 | | - | {Title: "Task 2", Done: true}, |
236 | | - | {Title: "Task 3", Done: true}, |
237 | | - | }, |
238 | | - | } |
239 | | - | tmpl.ExecuteTemplate(w, "base", data) |
240 | | - | } |
241 | | - | |
242 | | - | func helloHandler(w http.ResponseWriter, r *http.Request) { |
243 | | - | if r.URL.Path != "/hello" { |
244 | | - | http.Error(w, "404 not found.", http.StatusNotFound) |
245 | | - | return |
246 | | - | } |
247 | | - | |
248 | | - | if r.Method != "GET" { |
249 | | - | http.Error(w, "Method is not supported.", http.StatusNotFound) |
250 | | - | return |
251 | | - | } |
252 | | - | |
253 | | - | fmt.Fprintf(w, "Hello!") |
254 | | - | } |
255 | | - | |
256 | | - | func formHandler(w http.ResponseWriter, r *http.Request) { |
| 93 | + | func apiTest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { |
257 | 94 | | w.Header().Set("Content-Type", "application/json") |
258 | | - | if err := r.ParseForm(); err != nil { |
259 | | - | fmt.Fprintf(w, "ParseForm() err: %v", err) |
260 | | - | return |
261 | | - | } |
262 | 95 | | //fmt.Fprintf(w, "POST request successful") |
263 | 96 | | //name := r.FormValue("name") |
264 | 97 | | //address := r.FormValue("address") |
265 | 98 | | |
266 | 99 | | //fmt.Fprintf(w, "Name = %s\n", name) |
267 | 100 | | //fmt.Fprintf(w, "Address = %s\n", address) |
268 | | - | json := "{'status': 'started'}" |
| 101 | + | json := "{\"status\": \"started\"}" |
269 | 102 | | fmt.Fprintf(w, json) |
270 | 103 | | } |
271 | 104 | | |