Merge branch 'community'

infobyte · Apr 4, 2016 · eac849b · eac849b
2 parents 0311143 + e73b6eb
commit eac849b
Show file tree

Hide file tree

Showing 51 changed files with 2,082 additions and 1,256 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -9,13 +9,15 @@ The PRIMARY AUTHORS are:
     * Francisco Amato
     * Franco Linares
     * Micaela Ranea Sánchez
+    * Ezequiel Tavella
+    * Joaquín López Pereyra
+    * Martín Rocha
 
 Project contributors
 
     * Andrés López Luksenberg
     * Juan Urbano
     * Elian Gidoni
     * Andres Tarantini
-    * Ezequiel Tavella
     * Martin Tartarelli
     * Ronald Iraheta
diff --git a/RELEASE.md b/RELEASE.md
@@ -10,6 +10,16 @@ Please run ./faraday.py --update
 New features in the latest update
 =====================================
 
+Apr 04, 2016
+---
+* Added cli mode (see wiki for usage instructions)
+* Support for multiple Faraday instances in the same host
+* Fixed bug for editing web vulns in bulk
+* Fixed bug for select all in web UI
+* Fixed bugs in Qualys, ZAP, nikto, w3af, openVas plugins
+* Added some new scripts and helpers
+
+
 Feb 26, 2016:
 ---
 * Fixed bug in pip debian

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.17
+1.0.18
diff --git a/apis/rest/api.py b/apis/rest/api.py
@@ -6,10 +6,9 @@
 
 '''
 
+import socket
 import threading
 import logging
-import requests
-import json
 import base64
 
 from flask import Flask, request, jsonify
@@ -50,7 +49,24 @@ def startAPIs(plugin_manager, model_controller, mapper_manager, hostname, port):
     app = Flask('APISController')
 
     _http_server = HTTPServer(WSGIContainer(app))
-    _http_server.listen(port, address=hostname)
+    while True:
+        try:
+            _http_server.listen(port, address=hostname)
+            logger.getLogger().info(
+                    "REST API server configured on %s" % str(
+                        CONF.getApiRestfulConInfo()))
+            break
+        except socket.error as exception:
+            if exception.errno == 98:
+                # Port already in use
+                # Let's try the next one
+                port += 1
+                if port > 65535:
+                    raise Exception("No ports available!")
+                CONF.setApiRestfulConInfoPort(port)
+                CONF.saveConfig()
+            else:
+                raise exception
 
     routes = [r for c in _rest_controllers for r in c.getRoutes()]
 
@@ -325,48 +341,6 @@ def clearActivePlugins(self):
         return self.ok("active plugins cleared")
 
 
-class PluginControllerAPIClient(object):
-    def __init__(self, hostname, port):
-        self.hostname = hostname
-        self.port = port
-        self.url_input = "http://%s:%d/cmd/input" % (self.hostname, self.port)
-        self.url_output = "http://%s:%d/cmd/output" % (self.hostname, self.port)
-        self.url_active_plugins = "http://%s:%d/cmd/active-plugins" % (self.hostname, self.port)
-        self.headers = {'Content-type': 'application/json', 'Accept': 'application/json'}
-
-    def send_cmd(self, cmd):
-        data = {"cmd": cmd}
-        new_cmd = cmd
-        output_file = None
-        try:
-            response = requests.post(self.url_input,
-                                     data=json.dumps(data),
-                                     headers=self.headers)
-
-            if response.status_code == 200:
-                json_response = response.json()
-                if "cmd" in json_response.keys():
-                    if json_response.get("cmd") is not None:
-                        new_cmd = json_response.get("cmd")
-                if "custom_output_file" in json_response.keys():
-                    output_file = json_response.get("custom_output_file")
-        except:
-            new_cmd = cmd
-        finally:
-            return new_cmd, output_file
-
-    def send_output(self, cmd, output_file):
-        output_file = open(output_file)
-        output = base64.b64encode(output_file.read())
-        data = {"cmd": cmd, "output": output}
-        response = requests.post(self.url_output,
-                                 data=json.dumps(data),
-                                 headers=self.headers)
-        if response.status_code != 200:
-            return False
-        return True
-
-
 class Route(object):
     """ Route class, abstracts information about:
     path, handler and methods """

diff --git a/apis/rest/client.py b/apis/rest/client.py
@@ -7,6 +7,7 @@
 '''
 import requests
 import json
+import base64
 
 
 class RestApiClient(object):
@@ -81,3 +82,49 @@ def createNote(self, name, text, parent_id):
     def createCred(self, username, password, parent_id):
         return self._create(
             "cred", username=username, password=password, parent_id=parent_id)
+
+
+class PluginControllerAPIClient(object):
+    def __init__(self, hostname, port):
+        self.hostname = hostname
+        self.port = port
+        self.url_input = "http://%s:%d/cmd/input" % (self.hostname, self.port)
+        self.url_output = "http://%s:%d/cmd/output" % (self.hostname, self.port)
+        self.url_active_plugins = "http://%s:%d/cmd/active-plugins" % (self.hostname, self.port)
+        self.headers = {'Content-type': 'application/json', 'Accept': 'application/json'}
+
+    def send_cmd(self, cmd):
+        data = {"cmd": cmd}
+        new_cmd = cmd
+        output_file = None
+        try:
+            response = requests.post(self.url_input,
+                                     data=json.dumps(data),
+                                     headers=self.headers)
+
+            if response.status_code == 200:
+                json_response = response.json()
+                if "cmd" in json_response.keys():
+                    if json_response.get("cmd") is not None:
+                        new_cmd = json_response.get("cmd")
+                if "custom_output_file" in json_response.keys():
+                    output_file = json_response.get("custom_output_file")
+        except:
+            new_cmd = cmd
+        finally:
+            return new_cmd, output_file
+
+    def send_output(self, cmd, output_file=None):
+        # output_file could be None, when there is
+        # no output to send
+        output = ""
+        if output_file:
+            output_file = open(output_file)
+            output = base64.b64encode(output_file.read())
+        data = {"cmd": cmd, "output": output}
+        response = requests.post(self.url_output,
+                                 data=json.dumps(data),
+                                 headers=self.headers)
+        if response.status_code != 200:
+            return False
+        return True
diff --git a/auth/__init__.py b/auth/__init__.py
diff --git a/auth/manager.py b/auth/manager.py
diff --git a/auth/users.py b/auth/users.py
diff --git a/bin/fplugin b/bin/fplugin
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''