Merge community

infobyte · Apr 29, 2016 · 126932f · 126932f
2 parents c72a37b + 7090d3e
commit 126932f
Show file tree

Hide file tree

Showing 58 changed files with 3,667 additions and 2,251 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -21,3 +21,4 @@ Project contributors
     * Andres Tarantini
     * Martin Tartarelli
     * Ronald Iraheta
+    * Thierry Beauquier
diff --git a/RELEASE.md b/RELEASE.md
@@ -10,6 +10,16 @@ Please run ./faraday.py --update
 New features in the latest update
 =====================================
 
+Apr 29, 2016:
+---
+* Added Open services count to Hosts list in WEB UI
+* Improved zsh integration
+* Added GTK3 interface prototype
+* Added plugin detection through report name
+* Fixed an error in wcscan script
+* Fixed nikto plugin
+* Fixed openvas plugin
+
 Apr 04, 2016
 ---
 * Added cli mode (see wiki for usage instructions)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.18
+1.0.19
diff --git a/apis/rest/api.py b/apis/rest/api.py
@@ -16,7 +16,6 @@
 from tornado.httpserver import HTTPServer
 from tornado.ioloop import IOLoop
 
-from plugins.core import PluginControllerForApi
 from model.visitor import VulnsLookupVisitor
 
 import utils.logs as logger
@@ -41,10 +40,10 @@ def stopServer():
         _http_server.stop()
 
 
-def startAPIs(plugin_manager, model_controller, mapper_manager, hostname, port):
+def startAPIs(plugin_controller, model_controller, hostname, port):
     global _rest_controllers
     global _http_server
-    _rest_controllers = [PluginControllerAPI(plugin_manager, mapper_manager), ModelControllerAPI(model_controller)]
+    _rest_controllers = [PluginControllerAPI(plugin_controller), ModelControllerAPI(model_controller)]
 
     app = Flask('APISController')
 
@@ -92,12 +91,12 @@ def getRoutes(self):
     def badRequest(self, message):
         error = 400
         return jsonify(error=error,
-                       message=message), error
+                       message=message)
 
     def noContent(self, message):
         code = 204
         return jsonify(code=code,
-                       message=message), code
+                       message=message)
 
     def ok(self, message):
         code = 200
@@ -287,54 +286,71 @@ def statusCheck(self):
 
 
 class PluginControllerAPI(RESTApi):
-    def __init__(self, plugin_manager, mapper_manager):
-        self.plugin_controller = PluginControllerForApi(
-            "PluginController",
-            plugin_manager.getPlugins(),
-            mapper_manager)
+    def __init__(self, plugin_controller):
+        self.plugin_controller = plugin_controller
 
     def getRoutes(self):
         routes = []
         routes.append(Route(path='/cmd/input',
-                              view_func=self.postCmdInput,
-                              methods=['POST']))
+                            view_func=self.postCmdInput,
+                            methods=['POST']))
         routes.append(Route(path='/cmd/output',
-                              view_func=self.postCmdOutput,
-                              methods=['POST']))
+                            view_func=self.postCmdOutput,
+                            methods=['POST']))
         routes.append(Route(path='/cmd/active-plugins',
-                              view_func=self.clearActivePlugins,
-                              methods=['DELETE']))
+                            view_func=self.clearActivePlugins,
+                            methods=['DELETE']))
         return routes
 
-    def pluginAvailable(self, new_cmd, output_file):
+    def pluginAvailable(self, plugin, cmd):
         code = 200
         return jsonify(code=code,
-                       cmd=new_cmd,
-                       custom_output_file=output_file)
+                       cmd=cmd,
+                       plugin=plugin)
 
     def postCmdInput(self):
         json_data = request.get_json()
         if 'cmd' in json_data.keys():
-            cmd = json_data.get('cmd')
-            has_plugin, new_cmd, output_file = self.plugin_controller.\
-                processCommandInput(cmd)
-            if has_plugin:
-                return self.pluginAvailable(new_cmd, output_file)
-            return self.noContent("no plugin available for cmd")
-        #cmd not sent, bad request
-        return self.badRequest("cmd parameter not sent")
+            if 'pid' in json_data.keys():
+                if 'pwd' in json_data.keys():
+                    try:
+                        cmd = base64.b64decode(json_data.get('cmd'))
+                        pwd = base64.b64decode(json_data.get('pwd'))
+                    except:
+                        cmd = ''
+                        pwd = ''
+                    pid = json_data.get('pid')
+                    plugin, new_cmd = self.plugin_controller.\
+                        processCommandInput(pid, cmd, pwd)
+                    if plugin:
+                        return self.pluginAvailable(plugin, new_cmd)
+                    else:
+                        return self.noContent("no plugin available for cmd")
+                else:
+                    return self.badRequest("pwd parameter not sent")
+            else:
+                return self.badRequest("pid parameter not sent")
+        else:
+            return self.badRequest("cmd parameter not sent")
+
+
 
     def postCmdOutput(self):
         json_data = request.get_json()
-        if 'cmd' in json_data.keys():
+        if 'pid' in json_data.keys():
             if 'output' in json_data.keys():
-                cmd = json_data.get('cmd')
-                output = base64.b64decode(json_data.get('output'))
-                if self.plugin_controller.onCommandFinished(cmd, output):
-                    return self.ok("output successfully sent to plugin")
-                return self.badRequest("output received but no active plugin")
+                if 'exit_code' in json_data.keys():
+                    pid = json_data.get('pid')
+                    output = base64.b64decode(json_data.get('output'))
+                    exit_code = json_data.get('exit_code')
+                    if self.plugin_controller.onCommandFinished(
+                            pid, exit_code, output):
+                        return self.ok("output successfully sent to plugin")
+                    return self.badRequest(
+                        "output received but no active plugin")
+                return self.badRequest("exit_code parameter not sent")
             return self.badRequest("output parameter not sent")
-        return self.badRequest("cmd parameter not sent")
+        return self.badRequest("pid parameter not sent")
 
     def clearActivePlugins(self):
         self.plugin_controller.clearActivePlugins()

diff --git a/config/default.xml b/config/default.xml
@@ -2,7 +2,7 @@
 <faraday>
 
     <appname>Faraday - Penetration Test IDE</appname>
-    <version>1.0.18</version>
+    <version>1.0.19</version>
     <debug_status>0</debug_status>
     <font>-Misc-Fixed-medium-r-normal-*-12-100-100-100-c-70-iso8859-1</font>
     <home_path>~/</home_path>

diff --git a/config/globals.py b/config/globals.py
@@ -13,7 +13,7 @@
 CONST_FARADAY_QTRC_PATH = 'deps/qtrc'
 CONST_FARADAY_IMAGES = 'images/'
 CONST_FARADAY_LOGS_PATH = 'logs/'
-CONST_FARADAY_FOLDER_LIST = [ "config", "data", "images", 
+CONST_FARADAY_FOLDER_LIST = [ "config", "data", "images",
                         "persistence", "plugins",
                         "report", "temp", "zsh", "logs" ]
 
@@ -24,7 +24,7 @@
 CONST_FARADAY_QTRC_BACKUP = '~/.qt/.qtrc_faraday.bak'
 CONST_FARADAY_ZSHRC = "zsh/.zshrc"
 CONST_FARADAY_ZSH_FARADAY = "zsh/faraday.zsh"
-CONST_FARADAY_ZSH_PLUGIN = "zsh/plugin_controller_client.py"
+CONST_FARADAY_ZSH_OUTPUT_PATH = "zsh/output"
 CONST_FARADAY_BASE_CFG = "config/default.xml"
 CONST_FARADAY_USER_CFG = "config/config.xml"
 CONST_FARADAY_LIB_HELPERS = "shell/core/_helpers.so"

diff --git a/faraday.py b/faraday.py
@@ -54,8 +54,6 @@
 FARADAY_USER_ZSHRC = os.path.join(FARADAY_USER_HOME, CONST_FARADAY_ZSHRC)
 FARADAY_USER_ZSH_PATH = os.path.join(FARADAY_USER_HOME, CONST_ZSH_PATH)
 FARADAY_BASE_ZSH = os.path.join(FARADAY_BASE, CONST_FARADAY_ZSH_FARADAY)
-FARADAY_BASE_ZSH_PLUGIN = os.path.join(FARADAY_BASE,
-                            CONST_FARADAY_ZSH_PLUGIN)
 
 USER_QT = os.path.expanduser(CONST_USER_QT_PATH)
 USER_QTRC = os.path.expanduser(CONST_USER_QTRC_PATH)
@@ -141,7 +139,8 @@ def getParserArgs():
 
     parser.add_argument('--gui', action="store", dest="gui",
         default="qt3",
-        help="Select interface to start faraday. Default = qt3")
+        help="Select interface to start faraday. Supported values are "
+              "qt3 (deprecated), gtk and 'no' (no GUI at all). Defaults to qt3")
 
     parser.add_argument('--cli', action="store_true",
         dest="cli",
@@ -300,9 +299,6 @@ def startFaraday():
 
     logger.info("All done. Opening environment.")
     #TODO: Handle args in CONF and send only necessary ones.
-    # Force OSX to run no gui
-    if sys.platform == "darwin":
-        args.gui = "no-gui"
 
     main_app = MainApplication(args)
 
@@ -400,10 +396,8 @@ def setupZSH():
         f.seek(0, 0)
         f.write('ZDOTDIR=$OLDZDOTDIR' + '\n' + content)
     with open(FARADAY_USER_ZSHRC, "a") as f:
-        f.write("source %s" % FARADAY_BASE_ZSH)
+        f.write("source \"%s\"" % FARADAY_BASE_ZSH)
     shutil.copy(FARADAY_BASE_ZSH, FARADAY_USER_ZSH_PATH)
-    shutil.copy(FARADAY_BASE_ZSH_PLUGIN, FARADAY_USER_ZSH_PATH)
-
 
 def setupXMLConfig():
     """Checks user configuration file status.

diff --git a/gui/gtk/__init__.py b/gui/gtk/__init__.py