Skip to main content

This tool runs CLI scripts and displays output in a Web Interface.

Project description

WebScripts Logo

WebScripts

PyPI Downloads GitHub branch checks state PyPI - Status PyPI - Python Version GitHub commit activity GitHub top language GitHub issues GitHub closed issues GitHub GitHub repo size Libraries.io SourceRank Compatibility Containers Code style: black

Description

This tool run scripts and display the result in a Web Interface (a little presentation is available here and on my github.io).

Goals

Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.

  • Secure
    • SAST - Static Application Security Testing (wiki) using bandit, semgrep, CodeQL and Pycharm Security.
    • DAST - Dynamic Application Security Testing (wiki) using ZAP (Baseline && full scan), nuclei and some Kali Linux tools.
    • Web pentest (wiki) using Kali Linux Web tools and my little experience in Web Hacking. Tools are skipfish, nikto, dirb and whatweb.
    • Hardening(wiki), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports:
    • File integrity checks(wiki), the WebScripts server implements a daemon thread to check file integrity hourly.
    • Logs with centralization (using Syslog on Linux and Event Viewer on Windows), some levels and differents files for easiest supervision, controls and investigations
    • Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python external package)
    • Easy to deploy securely (with docker or on your Linux system with Apache and UWSGI or NGINX as reverse proxy)
    • Easy to configure securely (read the documentation) (wiki), hardening checks and reports for unsecure configurations
    • Unittest - 99% Code Coverage (2104/2108 lines) (wiki), tests with python3.8 - python3.12
    • Javascript parser and formatter for text, json and csv content type (XSS protection)
    • XSS active protection for html content type based on user inputs analysis and script outputs
  • Customizable
  • Highly configurable and scalable with a python module system (wiki) and configurations
  • Pre-installed and configured scripts and modules (user and authentication, secure file sharing with permissions, error pages with requests to administrator system, temporary and secure password share, logs viewer and analyser)

Demo

Demo WebScripts - Youtube

Demonstration of WebScripts use - Youtube video

Requirements

This package require:

  • python3
  • python3 Standard Library

Optional on Windows:

  • pywin32 (to centralize logs in Event Viewer)

Installation

python3 -m venv WebScripts        # Make a virtual environment for WebScripts
source WebScripts/bin/activate    # Activate your virtual environment
sudo WebScripts/bin/python3 -m pip install --use-pep517 WebScripts --install-option "--admin-password=<your password>" --install-option "--owner=<owner>" --install-option "--directory=<directory>"     # Install WebScripts using setup.py with pip
sudo WebScripts/bin/python3 -m WebScripts.harden -p '<my admin password>' -o '<my webscripts user>' -d 'WebScripts/'  # Harden default configurations
cd WebScripts                     # Use your virtual environment to start WebScripts
WebScripts                        # Start WebScripts server for demonstration (for production see deployment documentation)

Basic Usages

Command line

WebScripts
python3 -m WebScripts

WebScripts --help
WebScripts -h # Print help message and command line options

WebScripts --interface "192.168.1.2" --port 80
WebScripts -i "192.168.1.2" -p 80 # Change interface and port

# /!\ do not use the --debug option on the production environment
WebScripts --debug
WebScripts -d # Print informations about server configuration in errors pages (404 and 500)

# /!\ do not use the --security option on the production environment
WebScripts --security
WebScripts -s # Do not use HTTP security headers (for debugging)

WebScripts --accept-unauthenticated-user --accept-unknow-user
# Accept unauthenticated user

Python script

import WebScripts
WebScripts.main()
from WebScripts import Configuration, Server, main
from wsgiref import simple_server

config = Configuration()
config.add_conf(
    interface="", 
    port=8000, 
    scripts_path = [
        "./scripts/account",
        "./scripts/passwords"
    ],
    json_scripts_config = [
        "./config/scripts/*.json"
    ],
    ini_scripts_config = [
        "./config/scripts/*.ini"
    ],
    documentations_path = [
        "./doc/*.html"
    ],
    js_path = [
        "./static/js/*.js"
    ],
    statics_path = [
        "./static/html/*.html",
        "./static/css/*.css",
        "./static/images/*.jpg",
        "./static/pdf/*.pdf"
    ],
)
config.set_defaults()
config.check_required()
config.get_unexpecteds()
config.build_types()

server = Server(config)
httpd = simple_server.make_server(server.interface, server.port, server.app)
httpd.serve_forever()

Compatibility

Python3.8

git clone https://github.com/mauricelambert/WebScripts.git
cd WebScripts
python3.8 WebScripts/scripts/to_3.8/to_3.8.py
python3.8 setup38.py install
python3.8 -m WebScripts38
# Launch this commands line:
#   - git clone https://github.com/mauricelambert/WebScripts.git
#   - cd WebScripts
#   - python3.8 WebScripts/scripts/to_3.8/to_3.8.py
#   - python3.8 setup38.py install
# And use the package:

import WebScripts38
WebScripts38.main()

Documentation

Links

Screenshots

Index page (dark) Index page (dark) Text script (dark) Text script (dark) HTML script (light) HTML script (light)

License

Licensed under the GPL, version 3.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

WebScripts-3.0.39.tar.gz (1.5 MB view details)

Uploaded Source

File details

Details for the file WebScripts-3.0.39.tar.gz.

File metadata

  • Download URL: WebScripts-3.0.39.tar.gz
  • Upload date:
  • Size: 1.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.11.9

File hashes

Hashes for WebScripts-3.0.39.tar.gz
Algorithm Hash digest
SHA256 7c8a0af69961142c9bbebb0db597d13b5dee73be8fc7d0d08fbd72e2ad6136d3
MD5 cbb750b8eebab560dd9aba34f638cffb
BLAKE2b-256 5b094d300ab6d539cce623d8a44ec58be5357518cbc4cdc4f5baabbe3a608549

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page