Merge pull request #79 from grutz/pwnwiki

Adds redirect page w/delay, pwnwiki link (closes #60) and fixes
KvasirSecurity · Apr 21, 2014 · f2de837 · f2de837
2 parents 66cf0d2 + 98862c0
commit f2de837
Show file tree

Hide file tree

Showing 9 changed files with 123 additions and 28 deletions.
diff --git a/controllers/default.py b/controllers/default.py
@@ -309,3 +309,9 @@ def ip_calc():
     response.files.append(URL(request.application, 'static', 'js/teredo_calc.js'))
     response.title = "%s :: IP Calculators" % (settings.title)
     return dict()
+
+def redirect():
+    redirect_url = request.vars.get('url', '')
+    pwnwiki = request.vars.get('pwniki', False)
+    response.title = "%s :: Redirecting to %s" % (settings.title, redirect_url)
+    return dict(redirect_url=redirect_url, pwnwiki=pwnwiki)
diff --git a/controllers/services.py b/controllers/services.py
@@ -178,6 +178,7 @@ def edit():
 
 @auth.requires_login()
 def list():
+    from skaldship.general import severity_mapping
     response.title = "%s :: Services" % (settings.title)
 
     # if no filter is set then we blank it out
@@ -272,16 +273,6 @@ def list():
         nolimit = db(q).count()
 
         aaData = []
-        colormap = [ (1, 'grey'),
-                     (2, 'grey'),
-                     (3, 'grey'),
-                     (4, 'blue'),
-                     (5, 'blue'),
-                     (6, 'magenta'),
-                     (7, 'magenta'),
-                     (8, 'magenta'),
-                     (9, 'red'),
-                     (10, 'red') ]
 
         # datatable formatting is specific
         # gather all the vulndata and exploits into a big row
@@ -338,11 +329,11 @@ def list():
             # Append A tags around services with HTTP Ports
             if r.t_services.f_number in HTTP_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTP":
                 atxt['5'] = A(r.t_services.f_number,
-                              _href="http://%s:%s/" % (host_rec.f_ipv4, r.t_services.f_number),
+                              _href=URL('default', 'redirect', extension='html', vars={'url': "http://%s:%s/" % (host_rec.f_ipv4, r.t_services.f_number)}),
                               _target="%s-tcp-%s" % (host_rec.f_ipv4, r.t_services.f_number)).xml()
             elif r.t_services.f_number in HTTPS_PORTS and r.t_services.f_proto == "tcp" or r.t_services.f_name == "HTTPS":
                 atxt['5'] = A(r.t_services.f_number,
-                              _href="https://%s:%s/" % (host_rec.f_ipv4, r.t_services.f_number),
+                              _href=URL('default', 'redirect', extension='html', vars={'url': "https://%s:%s/" % (host_rec.f_ipv4, r.t_services.f_number)}),
                               _target="%s-tcp-%s" % (host_rec.f_ipv4, r.t_services.f_number)).xml()
             else:
                 atxt['5'] = r.t_services.f_number
@@ -351,7 +342,7 @@ def list():
             atxt['7'] = len(vulnlist)
             vulntxt = []
             for vuln in vulnlist:
-                color = colormap[vuln[1]-1][1]
+                color = severity_mapping(vuln[1])[2]
                 vulntxt.append(A(vuln[0], _id="vuln", _target="vulninfo_by_vulnid_%s" % (vuln[0]), _href=URL('vulns', 'vulninfo_by_vulnid', args=[vuln[0]], extension='html'),
                                  _style="color:"+color).xml())
             atxt['8'] = " :: ".join(vulntxt)

diff --git a/controllers/vulns.py b/controllers/vulns.py
@@ -377,14 +377,14 @@ def vulndata_by_host():
                                 if db.t_exploitdb[expl_data.f_title]:
                                     exploitdb_href = URL('exploitdb', 'detail.html', args=expl_data.f_title)
                                 else:
-                                    exploitdb_href = "http://www.exploit-db.com/exploits/%s" % expl_data.f_title
+                                    exploitdb_href = URL('default', 'redirect', extension='html', vars={'url': 'http://www.exploit-db.com/exploits/%s' % expl_data.f_title})
                                 exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/exploitdb.ico')), ' exploitdb - ' + expl_data.f_name,_href=exploitdb_href, _target="exploitdb_%s" % (expl_data.f_name))
                             elif expl_data.f_source == 'metasploit':
                                 if session.msf_workspace:
-                                    msf_uri = os.path.join(msf_settings['url'], 'workspaces', session.msf_workspace_num, 'tasks/new_module_run')
+                                    msf_uri = os.path.join(msf_settings['url'], 'workspaces', session.msf_workspace_num, 'modules', expl_data.f_title)
                                 else:
-                                    msf_uri = 'http://www.metasploit.com/modules/'
-                                exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name,_href=os.path.join(msf_uri, expl_data.f_title), _target="msf_%s" % (expl_data.f_name))
+                                    msf_uri = URL('default', 'redirect', extension='html', vars={'url': 'http://www.rapid7.com/db/modules/%s' % expl_data.f_title})
+                                exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name, _href=msf_uri, _target="msf_%s" % (expl_data.f_name))
                             elif expl_data.f_source == 'canvas':
                                 exp_link = SPAN(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/canvas.png')), ' canvas - ' + expl_data.f_name)
 
@@ -705,15 +705,15 @@ def aa_by_host():
                             if db.t_exploitdb[expl_data.f_title]:
                                 exploitdb_href = URL('exploitdb', 'detail.html', args=expl_data.f_title)
                             else:
-                                exploitdb_href = "http://www.exploit-db.com/exploits/%s" % expl_data.f_title
+                                exploitdb_href = URL('default', 'redirect', extension='html', vars={'url': 'http://www.exploit-db.com/exploits/%s' % expl_data.f_title})
                             exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/exploitdb.ico')), ' exploitdb - ' + expl_data.f_name,_href=exploitdb_href, _target="exploitdb_%s" % (expl_data.f_name))
                         elif expl_data.f_source == 'metasploit':
                             metasploit += 1
                             if session.msf_workspace:
-                                msf_uri = msf_settings['url'] + "/" + session.msf_workspace + "/modules/"
+                                msf_uri = os.path.join(msf_settings['url'], session.msf_workspace, 'modules', expl_data.f_title)
                             else:
-                                msf_uri = 'http://www.metasploit.com/modules/'
-                            exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name,_href=os.path.join(msf_uri, expl_data.f_title), _target="msf_%s" % (expl_data.f_name))
+                                msf_uri = URL('default', 'redirect', extension='html', vars={'url': 'http://www.rapid7.com/db/modules/%s' % expl_data.f_title})
+                            exp_link = A(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/msf.gif')), ' metasploit - ' + expl_data.f_name, _href=msf_uri, _target="msf_%s" % (expl_data.f_name))
                         elif expl_data.f_source == 'canvas':
                             canvas += 1
                             exp_link = SPAN(IMG(_align="absmiddle", _width=16, _height=16, _src=URL('static','images/canvas.png')), ' canvas - ' + expl_data.f_name)

diff --git a/kvasir.yaml.sample b/kvasir.yaml.sample
@@ -57,13 +57,22 @@ shodanhq_api_key: none
 # pwnwiki path
 # download latest from https://github.com/pwnwiki/pwnwiki.github.io/archive/master.zip
 # or clone: git clone https://github.com/pwnwiki/pwnwiki.github.io
-pwnwiki_path: "/path/to/pwnwiki.github.io"
+# start a separate webserver (python -m SimpleHTTPServer) and replace or leave github url
+pwnwiki_path: "https://pwnwiki.github.io"
 
 # exploitdb archive path
 # download latest from https://github.com/offensive-security/exploit-database/archive/master.zip
 # or clone: git clone https://github.com/offensive-security/exploit-database.git
 exploitdb_path: "/usr/share/exploitdb"
 
+# redirection timer
+# links to external resources will go through a staging page. This page includes a countdown timer for automatic
+# redirection. The length of the timer is set here and defaults to 10 seconds.
+# >0 = seconds before redirection
+#  0 = immediate redirection
+# -1 = no redirection
+redirect_timer: 10
+
 # Web2py security_key should be unique and changed. It's used to encrypt passwords and generate CSRF tokens
 security_key: "sha512:36518081-c858-47ad-8832-a28d842f3052"
 

diff --git a/models/00_settings.py b/models/00_settings.py
@@ -99,8 +99,10 @@
 settings.shodanhq_apikey = settings.kvasir_config.get('shodanhq_api_key', '')
 
 # pwnwiki.github.io
-settings.pwnwiki_path = settings.kvasir_config.get('pwnwiki_path', None)
+settings.pwnwiki_path = settings.kvasir_config.get('pwnwiki_path', 'http://pwnwiki.io/')
 
 # exploitdb
 settings.exploitdb_path = settings.kvasir_config.get('exploitdb_path', None)
 
+# redirect_timer
+settings.redirect_timer = settings.kvasir_config.get('redirect_timer', 10)
diff --git a/models/menu.py b/models/menu.py
@@ -83,6 +83,7 @@
          (T('Update DB Fields'),URL(_a,'default','update_dynamic_fields')==URL(),URL(_a,'default','update_dynamic_fields'),[]),
          (T('IP Calculator'), False, URL(_a, 'default', 'ip_calc'), []),
          (T('Exploit Database (local)'), False, URL(_a, 'exploitdb', 'index'), []),
+         (T('PwnWiki'), False, URL(_a, 'default', 'redirect', vars={'url':settings.pwnwiki_path, 'pwnwiki': True}), []),
      ]),
     (T('Statistics'), False, '',
     [

diff --git a/modules/skaldship/hosts.py b/modules/skaldship/hosts.py
@@ -381,9 +381,9 @@ def pagination(request, curr_host):
         hostindex=hostindex+1
 
     if hostprev == "#":
-        hostprevstyle="display:none";
+        hostprevstyle="display:none"
     if hostnext == "#":
-        hostnextstyle="display:none";
+        hostnextstyle="display:none"
 
     pagination = {}
     pagination['previous'] = A("(p)",_id="prevhostlink" ,_class="button", _href=hostprev, _style=hostprevstyle, _title=hostprevtitle)

diff --git a/views/default/redirect.html b/views/default/redirect.html
@@ -0,0 +1,83 @@
+{{extend 'layout.html'}}
+
+<div class="row-fluid">
+    <div class="span8">
+        <div class="widget-box">
+            <div class="widget-title">
+              <span class="icon">
+                <i class="icon-road"></i>
+              </span>
+              <h5>{{=response.title or request.application}}</h5>
+            </div>
+            <div class="widget-content">
+                <div class="alert alert-error alert-block">
+                    <p><strong>WARNING!</strong></p>
+                    <p>Redirecting to an external site may have unknown HTML or Javascript code. Visiting it
+                    may place your browser and Kvasir data at risk. It is recommended to use your browser's private
+                    isolation mode (Private, Incognito, etc) when viewing external pages.</p>
+                </div>
+                <div class="alert alert-info alert-block">
+                    <p>Redirect to <a rel="noreferrer" href="{{=redirect_url}}">{{=redirect_url}}</a>
+                        <button id="btn-countdown" class="btn btn-mini btn-warning">
+                            <span id="countdown-status">Pause</span> (<span id="countdown">{{=settings.redirect_timer}}</span>)
+                        </button>
+                    </p>
+                </div>
+                {{if pwnwiki:}}
+                <div>
+                    <p>A local copy of the PwnWiki can be used instead:</p>
+                    <ul>
+                        <li><a target="_blank" rel="noreferrer" href="https://github.com/pwnwiki/pwnwiki.github.io/">
+                            Clone the repository</a> or pull the archive
+                            (<a target="_blank" rel="noreferrer" href="https://github.com/pwnwiki/pwnwiki.github.io/archive/master.zip">download
+                            zip</a>) of the repo</li>
+                        <li>Start a seprate local webserver that points to the repository directory. E.g.: python -m SimpleHTTPServer</li>
+                        <li>Change the pwnwiki_path setting in your kvasir.yaml file to the new URL</li>
+                    </ul>
+                </div>
+                {{pass}}
+            </div>
+        </div>
+    </div>
+
+</div>
+
+<script>
+    var time_left = {{=settings.redirect_timer}};
+    var cinterval;
+    var paused = false;
+
+    $("#btn-countdown").click(function () {
+        if (time_left > 0) {
+            paused = !paused;
+            if (paused) {
+                $('#countdown-status').text('Continue');
+                $('#btn-countdown').removeClass('btn-warning').addClass('btn-danger');
+            } else {
+                $('#countdown-status').text('Pause');
+                $('#btn-countdown').removeClass('btn-danger').addClass('btn-warning');
+            }
+        }
+    });
+
+    function coutdown(){
+        if (paused) {
+            return;
+        } else {
+            time_left--;
+            $('#countdown').text(time_left);
+            if(time_left == 0) {
+                window.location.replace("{{=redirect_url}}");
+                clearInterval(cinterval);
+            }
+        }
+    }
+
+    if (time_left > 0) {
+        cinterval = setInterval('coutdown()', 1000);
+    } else {
+        var elem = document.getElementById('btn-countdown');
+        elem.parentNode.removeChild(elem);
+    }
+
+</script>
diff --git a/views/nexpose/import_vulnid.html b/views/nexpose/import_vulnid.html
@@ -1,5 +1,8 @@
 {{extend 'layout.html'}}
 
+{{from skaldship.nexpose import nexpose_get_config}}
+{{nexpose_config = nexpose_get_config()}}
+
 <div class="row-fluid">
     <div class="span8">
         <div class="widget-box">
@@ -19,11 +22,11 @@ <h5>{{=response.title or request.application}}</h5>
         provided.</p>
         <dl>
             <dt>Server</dt>
-            <dd>{{=auth.user.f_nexpose_host}}</dd>
+            <dd>{{=nexpose_config['host']}}</dd>
             <dt>Port</dt>
-            <dd>{{=auth.user.f_nexpose_port}}</dd>
+            <dd>{{=nexpose_config['port']}}</dd>
             <dt>Username</dt>
-            <dd>{{=auth.user.f_nexpose_user}}</dd>
+            <dd>{{=nexpose_config['user']}}</dd>
         </dl>
     </div>
 </div>