# -*- coding: utf-8 -*- import flask from functools import wraps import logging import database import importscan import attacks #----------------------------------------------------------------------------- # WEB SERVER #----------------------------------------------------------------------------- app = flask.Flask(__name__) def get_project_db(pid): """ Get our project database. """ pdb = database.ProjectDatabase() project = pdb.get_project(pid) if project is None: flask.abort(404) return project @app.route("/") def index(): return flask.render_template('index.html') @app.route("/about") def about(): return flask.render_template('about.html') @app.route("/project/<pid>/hosts") def hosts(pid): """ Get summary inforation about all imported hosts. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) hosts = db.get_summary() unique = db.get_unique() return flask.render_template('hosts.html', pid=pid, name=project['name'], hosts=hosts, unique=unique) @app.route('/project/<pid>/host/<ip>', methods=['GET', 'POST']) def host(pid, ip): """ Get all the information about a host. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) if flask.request.method == 'POST': note = flask.request.form['note'] db.hostdb.update_host_note(ip, note) data = db.get_host_details(ip) if data is None: flask.abort(404) details = {} for item in data['items']: key = "{0}/{1}".format(item['port'], item['protocol']) if details.get(key) is None: details[key] = [] details[key].append(item['note']) else: details[key].append(item['note']) keys = sorted(details.keys(), key=lambda x: int(x.split('/')[0])) note = data['note'] return flask.render_template('host.html', pid=pid, host=ip, details=details, keys=keys, note=note, name=project['name']) @app.route('/project/<pid>/host/notes') def host_notes(pid): """ Display all host notes. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) notes = db.hostdb.get_host_notes() return flask.render_template('notes.html', pid=pid, notes=notes, name=project['name']) @app.route('/project/<pid>/item/<item_id>') def item(pid, item_id): """ Get all the information about an item. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) item = db.itemdb.get_item(item_id) if item is None: flask.abort(404) return flask.render_template('item.html', pid=pid, item=item, name=project['name']) @app.route('/project/<pid>/attack/<aid>', methods=['GET', 'POST']) def get_attack(pid, aid): """ Get list of all the hosts possibly vulnerable to the attack. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) if flask.request.method == 'POST': note = flask.request.form['note'] db.attackdb.update_attack_note(aid, note) attack = db.attackdb.get_attack(aid) if attack is None: flask.abort(404) items = [i.split(':') for i in attack['items'].split(',')] return flask.render_template('attack.html', pid=pid, attack=attack, items=items, name=project['name']) @app.route('/project/<pid>/import', methods=['GET', 'POST']) def import_scan(pid): """ Import scan data into the database associated with the pid. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) if flask.request.method == 'GET': files = db.importdb.get_imported_files() return flask.render_template('import.html', pid=pid, files=files, name=project['name']) else: i = importscan.Import(project['dbfile']) scans = flask.request.files.getlist("scans[]") for scan in scans: res = i.import_scan(scan.read()) if res is True: db.importdb.add_import_file(scan.filename) a = attacks.Attack(project['dbfile']) a.find_attacks() return flask.redirect(flask.url_for('get_project', pid=pid)) @app.route('/project/<pid>/attack/notes') def attack_notes(pid): """ Display all attack notes. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) notes = db.attackdb.get_attack_notes() return flask.render_template('notes.html', pid=pid, notes=notes, name=project['name']) @app.route('/projects', methods=['GET', 'POST']) def projects(): """ Get a list of all projects. """ pdb = database.ProjectDatabase() stats = {} if flask.request.method == 'POST': name = flask.request.form['project_name'] pdb.create_project(name) project_list = pdb.get_projects() for project in project_list: db = database.ScanDatabase(project['dbfile']) stats[project['id']] = db.get_stats() return flask.render_template('projects.html', projects=project_list, stats=stats) @app.route('/project/<pid>') def get_project(pid): """ Get a project, including the list of hosts attacks. """ project = get_project_db(pid) db = database.ScanDatabase(project['dbfile']) attacks = db.attackdb.get_attacks() return flask.render_template('project.html', pid=pid, note=project['note'], name=project['name'], attacks=attacks) @app.route('/project/<pid>/notes', methods=['GET', 'POST']) def project_notes(pid): """ Display all project notes. """ pdb = database.ProjectDatabase() project = get_project_db(pid) if flask.request.method == 'POST': note = flask.request.form['note'] pdb.update_project_note(pid, note) return flask.redirect(flask.url_for('get_project', pid=pid)) else: return flask.render_template('project_notes.html', pid=pid, name=project['name'], note=project['note']) @app.route('/project/<pid>/delete') def delete_project(pid): """ Delete the specified project. """ pdb = database.ProjectDatabase() project = pdb.delete_project(pid) return flask.redirect(flask.url_for('projects')) @app.errorhandler(404) def page_not_found(e): return flask.render_template('404.html'), 404 @app.errorhandler(500) def inernal_error(e): return flask.render_template('500.html'), 500