Merge branch 'white/master'

CharaD7 · Nov 18, 2016 · 8f0b282 · 8f0b282
2 parents 961fda4 + cb5ea1c
commit 8f0b282
Show file tree

Hide file tree

Showing 113 changed files with 3,768 additions and 4,749 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -25,3 +25,5 @@ Project contributors
     * Brice Samulenok
     * Ulisses Albuquerque
     * Alejandro Parodi
+    * Federico Fernandez
+    * xtr4nge
diff --git a/RELEASE.md b/RELEASE.md
@@ -10,6 +10,19 @@ Please run ./faraday.py --update
 New features in the latest update
 =====================================
 
+November 10, 2016:
+---
+* New library to connect with Faraday Server.
+* Fixed Fplugin, now it uses the new library to communicate with the Server.
+* New field for Vulnerabilities: plugin creator and status.
+* Refactor in Faraday Core and GTK Client.
+* Bug fixing in Faraday Client and Server.
+* Added Faraday news notifications in GTK and Web UI.
+* New plugins: Dirb, Netdiscover, FruityWifi, Sentinel.
+* Improvements on the WPscan plugin.
+* Fixed Licenses search.
+* Refactor Licenses module to be compatible with JS Strict Mode.
+
 September 19, 2016: 
 ---
 * Major refactor of Faraday Client: now we support massive workspaces (100.000+ hosts). 
@@ -21,9 +34,9 @@ September 19, 2016:
 * New plugin: WPscan
 * Host Sidebar on GTK now adds information more intelligently and will never block the application.
 * Evidence screenshots in report generation is now bigger. 
+* Help menu in GTK with links to interesting links.
 * Added Help section to WEB UI.
 
-
 August 12, 2016:
 ---
 * Added Faraday Server

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.1.0
+2.2.0
diff --git a/bin/delAllHost.py b/bin/delAllHost.py
@@ -1,12 +1,16 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
-for host in api.__model_controller.getAllHosts():
-    print "Del host: " + host.name
-    api.delHost(host.id)
+
+from persistence.server import server, models
+
+def main(workspace=''):
+
+    for host in models.get_hosts(workspace):
+        print('Delete Host:' + host.name)
+        models.delete_host(workspace, host.id)
diff --git a/bin/delAllServiceClosed.py b/bin/delAllServiceClosed.py
@@ -1,19 +1,17 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
 
-for host in api.__model_controller.getAllHosts():
-
-    for i in host.getAllInterfaces():
-        for s in i.getAllServices():
-            if s.getStatus() != "open":
-                print "delService" + s.name + "from int:" + i.name
-                api.delServiceFromInterface(host.id,i.id,s.id)
+from persistence.server import server, models
 
+def main(workspace=''):
 
+    for service in models.get_services(workspace):
+        if service.status != 'open' and service.status != 'opened':
+            print('Deleted service: ' + service.name)
+            models.delete_service(workspace, service.id)
diff --git a/bin/delAllVulnsWith.py b/bin/delAllVulnsWith.py
@@ -1,28 +1,22 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
 
 import re
-regex="ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported|OS Identification|Common Platform Enumeration"
-c=0
-for host in api.__model_controller.getAllHosts():
-    hostnames=""
-    for v in host.getVulns():
-        if re.match(regex,v.name) is not None:
-            api.delVulnFromHost(v.id,host.id)
-            c+=1
+from persistence.server import server, models
+
+def main(workspace=''):
 
-    for i in host.getAllInterfaces():
-        for s in i.getAllServices():
-            for v in s.getVulns():
-                if re.match(regex,v.name) is not None:
-                    api.delVulnFromService(v.id,host.id,s.id)
-                    c+=1            
+    regex = (
+        r"ssl\-cert|ssl\-date|Traceroute Information|TCP\/IP Timestamps Supported"
+        r"|OS Identification|Common Platform Enumeration")
 
-print "Vulnerabilities deleted %s" % c
+    for vuln in models.get_all_vulns(workspace):
+        if re.findall(regex, vuln.name, ) != []:
+            print("Delete Vuln: " + vuln.name)
+            models.delete_vuln(workspace, vuln.id)
diff --git a/bin/fplugin b/bin/fplugin
@@ -3,14 +3,20 @@
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
 '''
 
 import os
+import imp
+import sys
 import argparse
 
+parent_path = os.path.abspath(os.path.join(__file__, '../..'))
+sys.path.insert(0, parent_path)
+
 if __name__ == '__main__':
+
     description = (
         'Using our plugin you can do different actions in the command line'
         ' and interact with Faraday. Faraday comes with some presets for bulk'
@@ -19,26 +25,32 @@ if __name__ == '__main__':
     parser = argparse.ArgumentParser(description=description)
 
     parser.add_argument(
-        '-e',
-        '--execute',
-        help='Execute code received in this parameter.'
-        ' Example:\n./fplugin -e "for h in api.__model_controller.getAllHosts(): print h.name"')
+        '-f',
+        '--file',
+        help='Script file.'
+        ' Example:\n./fplugin -f getAllIps.py')
 
     parser.add_argument(
-        '-o',
-        '--output',
-        help='Store output of fplugin in a file.')
+        '-w',
+        '--workspace',
+        help='Use workspace')
 
-    # file with code to execute
     parser.add_argument(
-        '-f',
-        '--file',
-        help='File with code to execute.'
-        ' Example:\n./fplugin -f getAllIps.py ')
+        '-u',
+        '--url',
+        help='Faraday Server URL. Example: http://localhost:5984')
 
     args, unknown = parser.parse_known_args()
-    if args.output:
-        if os.path.isfile(args.output):
-            with open(args.output) as f:
-                data = f.read()
-                print data
+
+    if args.file:
+
+        # Get filename and import this
+        module_fplugin = imp.load_source('module_fplugin', args.file)
+        module_fplugin.models.server.FARADAY_UP = False
+        module_fplugin.models.server.SERVER_URL = args.url
+
+        try:
+            call_main = getattr(module_fplugin, 'main')
+            call_main(workspace = args.workspace)
+        except AttributeError:
+            print 'Error: main() function missing in script?'
diff --git a/bin/getAllCreds.py b/bin/getAllCreds.py
@@ -1,19 +1,14 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
 
-for host in api.__model_controller.getAllHosts():
-    for c in host.getCreds():
-        print host.name+"|0|"+c.username+ "|"+c.password
-
-    for i in host.getAllInterfaces():
-        for s in i.getAllServices():
-            for c in s.getCreds():
-                print host.name+"|"+str(s.getPorts()) + "|"+c.username+ "|"+c.password
+from persistence.server import server, models
 
+def main(workspace=''):
+    for credential in models.get_credentials(workspace):
+        print(credential.username + ' : ' + credential.password)
diff --git a/bin/getAllHosts.py b/bin/getAllHosts.py
diff --git a/bin/getAllIps.py b/bin/getAllIps.py
@@ -1,10 +1,14 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
-for h in api.__model_controller.getAllHosts(): print h.name
+
+from persistence.server import server, models
+
+def main(workspace=''):
+    for host in models.get_hosts(workspace):
+        print(host.name)
diff --git a/bin/getAllIpsInterfaces.py b/bin/getAllIpsInterfaces.py
@@ -1,13 +1,14 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
 
-for host in api.__model_controller.getAllHosts():
-    if len(host.getAllInterfaces()) > 1:
-       print host.name
+from persistence.server import server, models
+
+def main(workspace=''):
+    for interface in models.get_interfaces(workspace):
+        print(interface.ipv4['address'])
diff --git a/bin/getAllIpsNotServices.py b/bin/getAllIpsNotServices.py
diff --git a/bin/getAllOs.py b/bin/getAllOs.py
@@ -1,10 +1,14 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
-for h in api.__model_controller.getAllHosts(): print h.name+"|"+h.getOS()
+
+from persistence.server import server, models
+
+def main(workspace=''):
+    for host in models.get_hosts(workspace):
+        print(host.os)
diff --git a/bin/getAllTelnet.py b/bin/getAllTelnet.py
@@ -1,20 +1,16 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
-webs={}
-for host in api.__model_controller.getAllHosts():
 
-    for i in host.getAllInterfaces():
-        for s in i.getAllServices():
-            for p in s.getPorts():
-                if str(p) == '23':
-                    webs[host.name]=1
+from persistence.server import server, models
 
-for k,v in webs.iteritems():
-    print k
+def main(workspace=''):
+
+    for service in models.get_services(workspace):
+        if 23 in service.ports:
+            print(service.name)
diff --git a/bin/getAllVnc.py b/bin/getAllVnc.py
@@ -1,20 +1,16 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
 # -*- coding: utf-8 -*-
 
 '''
 Faraday Penetration Test IDE
-Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
+Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
 See the file 'doc/LICENSE' for the license information
-
 '''
-webs={}
-for host in api.__model_controller.getAllHosts():
 
-    for i in host.getAllInterfaces():
-        for s in i.getAllServices():
-            for p in s.getPorts():
-                if str(p) == '5900':
-                    webs[host.name]=1
+from persistence.server import server, models
 
-for k,v in webs.iteritems():
-     print k
+def main(workspace=''):
+
+    for service in models.get_services(workspace):
+        if 5900 in service.ports:
+            print(service.name)