This tool run scripts and display the result in a Web Interface.
Project description
WebScripts
Description
This tool run scripts and display the result in a Web Interface (a little presentation is available here and on my github.io).
Goals
Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.
- Secure
- SAST - Static Application Security Testing (wiki) using bandit, semgrep, CodeQL and Pycharm Security.
- DAST - Dynamic Application Security Testing (wiki) using ZAP (Baseline && full scan), nuclei and some Kali Linux tools.
- Web pentest (wiki) using Kali Linux Web tools and my little experience in Web Hacking. Tools are skipfish, nikto, dirb and whatweb.
- Hardening(wiki), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports:
- Centralization of logs (using Syslog on Linux and Event Viewer on Windows)
- Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python package)
- Easy to deploy securely
- Easy to configure securely (read the documentation) (wiki)
- INI/CFG syntax
- JSON syntax
- Unittest (wiki)
- ubuntu && python [3.8, 3.9, 3.10]
- windows && python [3.8, 3.9, 3.10]
- MacOS && python [3.8, 3.9, 3.10]
- Customizable
- Authentication (wiki) - example (wiki)
- Web Interface: HTML, CSS and JS files (wiki)
- URL, request, response and error pages using python modules (wiki) - example (wiki)
- Highly configurable and scalable
- Pre-installed and configured scripts and modules
- Account, permissions (wiki) and authentication system (wiki)
- Share files (wiki): upload and download files with permissions (example here, wiki)
- HTTP Error Page Request and Reporting System
- Temporary and secure password sharing
- Logs viewer and analysis
Demo
Demonstration of WebScripts use - Youtube video
Requirements
This package require:
- python3
- python3 Standard Library
Optional on Windows:
- pywin32 (to centralize logs in Event Viewer)
Installation
pip install WebScripts --install-option "--admin-password=<your password>" --install-option "--directory=<directory>"
Basic Usages
Command line
WebScripts
python3 -m WebScripts
WebScripts --help
WebScripts -h # Print help message and command line options
WebScripts --interface "192.168.1.2" --port 80
WebScripts -i "192.168.1.2" -p 80 # Change interface and port
# /!\ do not use the --debug option on the production environment
WebScripts --debug
WebScripts -d # Print informations about server configuration in errors pages (404 and 500)
# /!\ do not use the --security option on the production environment
WebScripts --security
WebScripts -s # Do not use HTTP security headers (for debugging)
WebScripts --accept-unauthenticated-user --accept-unknow-user
# Accept unauthenticated user
Python script
import WebScripts
WebScripts.main()
from WebScripts import Configuration, Server, main
from wsgiref import simple_server
config = Configuration()
config.add_conf(
interface="",
port=8000,
scripts_path = [
"./scripts/account",
"./scripts/passwords"
],
json_scripts_config = [
"./config/scripts/*.json"
],
ini_scripts_config = [
"./config/scripts/*.ini"
],
documentations_path = [
"./doc/*.html"
],
js_path = [
"./static/js/*.js"
],
statics_path = [
"./static/html/*.html",
"./static/css/*.css",
"./static/images/*.jpg",
"./static/pdf/*.pdf"
],
)
config.set_defaults()
config.check_required()
config.get_unexpecteds()
config.build_types()
server = Server(config)
httpd = simple_server.make_server(server.interface, server.port, server.app)
httpd.serve_forever()
Compatibility
Python3.8
git clone https://github.com/mauricelambert/WebScripts.git
cd WebScripts
python3.8 WebScripts/scripts/to_3.8/to_3.8.py
python3.8 setup38.py install
python3.8 -m WebScripts38
# Launch this commands line:
# - git clone https://github.com/mauricelambert/WebScripts.git
# - cd WebScripts
# - python3.8 WebScripts/scripts/to_3.8/to_3.8.py
# - python3.8 setup38.py install
# And use the package:
import WebScripts38
WebScripts38.main()
Documentation
- Home: wiki, readthedocs
- Installation: wiki, readthedocs
- Configurations:
- Usages: wiki, readthedocs
- Server Configurations: wiki, readthedocs
- Scripts Configurations: wiki, readthedocs
- Arguments Configurations: wiki, readthedocs
- Logs: wiki, readthedocs
- Authentication: wiki, readthedocs
- Default Database: wiki, readthedocs
- Access and Permissions: wiki, readthedocs
- API: wiki, readthedocs
- Development and Administration Tools: wiki, readthedocs
- Customize:
- WEB Interface: wiki, readthedocs
- Modules: wiki, readthedocs
- Security:
- Security Considerations: wiki, readthedocs
- Code analysis for security (SAST and DAST): wiki, readthedocs
- Security checks and tests (pentest): wiki, readthedocs
- Examples:
- Deployment: wiki, readthedocs
- Add a bash script (for authentication): wiki, readthedocs
- Add a module: wiki, readthedocs
- Make a custom API client: wiki, readthedocs
PyDoc
- __init__
- WebScripts
- Pages
- commons
- utils
- Errors
- Default Database Manager
- Default Upload Manager
- Default Request Manager
- Default module errors
- Default module share
- Default module csp
Links
Pictures
Index page (dark) Text script (dark) HTML script (light)
License
Licensed under the GPL, version 3.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
WebScripts-2.4.13.tar.gz
(1.4 MB
view details)
File details
Details for the file WebScripts-2.4.13.tar.gz
.
File metadata
- Download URL: WebScripts-2.4.13.tar.gz
- Upload date:
- Size: 1.4 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/59.6.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d55546b1018a22063e4e60b0e31dbf8459da8f337d650cddcc5b3732c0bcfdb9 |
|
MD5 | b2d66174751d55d9ee59bcab1033b664 |
|
BLAKE2b-256 | d1fec845b4e1ac17c8538d4291020a123522db2342fc8bf030af4fb050afe543 |