Files

 master

/

app.py

Blame

Blame

Latest commit

 

History

History

117 lines (98 loc) · 2.8 KB

 master

/

app.py

Top

File metadata and controls

• Code
• Blame

117 lines (98 loc) · 2.8 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

from threading import Thread

from datetime import datetime

from flask import Flask, jsonify, g

from flask import render_template, request

from flask_basicauth import BasicAuth

from plugins.scanners import (

update_wpscan,

find_cms

)

from core import Scanner

from db import (

init_db,

get_db,

dict_factory

)

app = Flask(__name__, static_folder="static")

# Basic Auth Credentials

app.config['BASIC_AUTH_USERNAME'] = 'admin'

app.config['BASIC_AUTH_PASSWORD'] = 'password'

app.config['BASIC_AUTH_FORCE'] = False

basic_auth = BasicAuth(app)

try:

Thread(target=update_wpscan).start()

init_db(app)

except:

pass

@app.teardown_appcontext

def close_connection(exception):

dbo = getattr(g, '_database', None)

if dbo is not None:

dbo.close()

@app.template_filter('tmstring')

def tms_filter(tms):

if tms:

tmso = datetime.utcfromtimestamp(float(tms))

return tmso.strftime('%Y-%m-%d %H:%M:%S')

return ""

@app.route("/", methods=['GET'])

def index():

return render_template('index.html')

@app.route("/scans", methods=['GET'])

def list_scans():

dbo = get_db()

dbo.row_factory = dict_factory

cur = dbo.cursor().execute('SELECT id,url,cms,tms from cmsscan')

all_scans = cur.fetchall()

all_scans.reverse()

cur.close()

return render_template('scans.html', scans=all_scans)

@app.route("/result/<int:scan_id>", methods=['GET'])

def view_result(scan_id):

resp = {

"id": "",

"url": "",

"cms": "",

"tms": "",

"res": "",

}

dbo = get_db()

cur = dbo.cursor().execute('SELECT * from cmsscan WHERE id=?', (scan_id,))

res = cur.fetchall()

cur.close()

if res:

resp = {

"id": res[0][0],

"url": res[0][1],

"cms": res[0][2],

"tms": res[0][4],

"res": res[0][3],

}

if resp["cms"] in ["joomla", "vbulletin"]:

return render_template('result_plain.html', result=resp)

return render_template('result.html', result=resp)

@app.route("/delete", methods=['POST'])

def delete_scan():

scan_id = request.form.get('id')

dbo = get_db()

dbo.cursor().execute('DELETE FROM cmsscan WHERE id=?', (scan_id,))

dbo.commit()

dbo.close()

return jsonify({"status": "ok"})

@app.route("/scan", methods=['POST'])

def scan():

url = request.form.get('url')

cmsg = request.form.get('cms')

if cmsg in ['wordpress', 'drupal', 'joomla', 'vbulletin']:

cms = cmsg

else:

cms = find_cms(url)

if cms == "unknown":

resp = {"error": "Cannot Detect CMS"}

else:

resp = {"url": url, "cms": cms, "message": "Scheduled for Scan"}

scano = Scanner(app, url, cms)

Thread(target=scano.scan).start()

return jsonify(resp)

if __name__ == "__main__":

app.run(debug=True)