Skip to content

Add routes for exploits, modules, and dashboards #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ProjectZeroDays wants to merge 1 commit into from
Closed

Add routes for exploits, modules, and dashboards #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,13 @@
cloud_security_frameworks,
)

from exploits.exploits2 import deploy_exploit_route, deploy_sms_message_route, deploy_email_message_route
from modules.exploits2 import control_device_remote_route, privilege_escalation_route, advanced_commands_route
from modules.zero_day_exploits import identify_vulnerability_route, develop_exploit_route, deploy_exploit_route as zero_day_deploy_exploit_route
from c2_dashboard import render_c2_dashboard
from dashboard.dashboard import dashboard, admin_dashboard, compliance_dashboard, training_dashboard
from gui.dashboard import Dashboard

pn.extension(design="bootstrap", sizing_mode="stretch_width")

ICON_URLS = {
Expand Down
8 changes: 8 additions & 0 deletions c2_dashboard.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
import panel as pn
from flask import Flask, jsonify

app = Flask(__name__)

class C2Dashboard:
def render(self):
Expand Down Expand Up @@ -36,3 +39,8 @@ def render(self):
pn.pane.Markdown("#### Advanced Connection Methods"),
pn.widgets.DataFrame(name="Advanced Connection Methods Data")
)

@app.route('/c2_dashboard', methods=['GET'])
def render_c2_dashboard():
c2_dashboard = C2Dashboard()
return jsonify({"dashboard": c2_dashboard.render()})
23 changes: 22 additions & 1 deletion exploits/exploits2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
import paramiko
from flask import Flask, jsonify

app = Flask(__name__)

def deploy_exploit(ip, port, phone, email):
ssh = paramiko.SSHClient()
ssh.connect(ip, port, username="user", password="password")
# ...

@app.route('/deploy_exploit', methods=['POST'])
def deploy_exploit_route():
# Extract parameters from request and call deploy_exploit function
return jsonify({"status": "success"})

def deploy_sms_message(ip, port, phone_number, message):
# Send SMS message using twilio
twilio_client = twilio.rest.Client(twilio_account_sid, twilio_auth_token)
Expand All @@ -14,6 +22,11 @@
to=phone_number
)

@app.route('/deploy_sms_message', methods=['POST'])
def deploy_sms_message_route():
# Extract parameters from request and call deploy_sms_message function
return jsonify({"status": "success"})

def deploy_email_message(ip, port, email_address, message):
# Send email message using sendgrid
sg_client = SendGridAPIClient(sendgrid_api_key)
Expand All @@ -25,6 +38,11 @@
)
response = sg_client.send(message)

@app.route('/deploy_email_message', methods=['POST'])
def deploy_email_message_route():
# Extract parameters from request and call deploy_email_message function
return jsonify({"status": "success"})

def control_device_remote(ip, port, phone, email):
# Control device remotely using paramiko
ssh = paramiko.SSHClient()
Expand All @@ -37,4 +55,7 @@

def advanced_commands():
# Return list of advanced commands
return jsonify({"commands": ["get_user_info", "get_system_info", "get_network_info"]})
return jsonify({"commands": ["get_user_info", "get_system_info", "get_network_info"]})

if __name__ == '__main__':
app.run(debug=True)

Check failure

Code scanning / CodeQL

Flask app is run in debug mode High

A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. The best way to achieve this is to use an environment variable to control the debug mode. This way, the application can run in debug mode during development but will have debugging disabled in production.

We will modify the app.run() call to check an environment variable (e.g., FLASK_DEBUG) to determine whether to enable debug mode. This change will be made in the if __name__ == '__main__': block.

Suggested changeset 1
exploits/exploits2.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/exploits/exploits2.py b/exploits/exploits2.py
--- a/exploits/exploits2.py
+++ b/exploits/exploits2.py
@@ -60,2 +60,4 @@
 if __name__ == '__main__':
-    app.run(debug=True)
+    import os
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
+    app.run(debug=debug_mode)
EOF
@@ -60,2 +60,4 @@
if __name__ == '__main__':
app.run(debug=True)
import os
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
app.run(debug=debug_mode)
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
9 changes: 9 additions & 0 deletions gui/dashboard.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
from tkinter import ttk
from matplotlib.figure import Figure
from matplotlib.backends.backend_tkagg import FigureCanvasTkAgg
from flask import Flask, jsonify

app = Flask(__name__)

class Dashboard:
def __init__(self, root):
Expand Down Expand Up @@ -39,6 +42,12 @@ def refresh_metrics(self):
self.metrics["Resolved Alerts"] += 2
self.update_chart()

@app.route('/gui_dashboard', methods=['GET'])
def render_gui_dashboard():
root = tk.Tk()
app = Dashboard(root)
root.mainloop()
return jsonify({"status": "GUI dashboard rendered"})

if __name__ == "__main__":
root = tk.Tk()
Expand Down
10 changes: 10 additions & 0 deletions main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
import os
import subprocess
from flask import Flask
from exploits.exploits2 import deploy_exploit_route, deploy_sms_message_route, deploy_email_message_route
from modules.exploits2 import control_device_remote_route, privilege_escalation_route, advanced_commands_route
from modules.zero_day_exploits import identify_vulnerability_route, develop_exploit_route, deploy_exploit_route as zero_day_deploy_exploit_route
from c2_dashboard import render_c2_dashboard
from dashboard.dashboard import dashboard, admin_dashboard, compliance_dashboard, training_dashboard
from gui.dashboard import Dashboard

app = Flask(__name__)

def start_all_services():
services = [
Expand Down Expand Up @@ -31,4 +40,5 @@
print("All services started!")

if __name__ == "__main__":
app.run(debug=True)

Check failure

Code scanning / CodeQL

Flask app is run in debug mode High

A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. This can be achieved by using an environment variable to control the debug mode. We will modify the code to check the environment variable and set the debug mode accordingly. This way, the application can run in debug mode during development but will be secure in a production environment.

  1. Import the os module to access environment variables.
  2. Modify the app.run() call to set the debug parameter based on an environment variable.
Suggested changeset 1
main.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/main.py b/main.py
--- a/main.py
+++ b/main.py
@@ -42,3 +42,4 @@
 if __name__ == "__main__":
-    app.run(debug=True)
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
+    app.run(debug=debug_mode)
     start_all_services()
EOF
@@ -42,3 +42,4 @@
if __name__ == "__main__":
app.run(debug=True)
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
app.run(debug=debug_mode)
start_all_services()
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
start_all_services()
22 changes: 21 additions & 1 deletion modules/exploits2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
import paramiko
from flask import Flask, jsonify

app = Flask(__name__)

def deploy_exploit(ip, port, phone, email):
ssh = paramiko.SSHClient()
Expand All @@ -25,16 +28,33 @@
)
response = sg_client.send(message)

@app.route('/control_device_remote', methods=['POST'])
def control_device_remote_route():
# Extract parameters from request and call control_device_remote function
return jsonify({"status": "success"})

def control_device_remote(ip, port, phone, email):
# Control device remotely using paramiko
ssh = paramiko.SSHClient()
ssh.connect(ip, port, username="user", password="password")
# ...

@app.route('/privilege_escalation', methods=['POST'])
def privilege_escalation_route():
# Extract parameters from request and call privilege_escalation function
return jsonify({"status": "success"})

def privilege_escalation(ip, port, phone, email):
# Perform privilege escalation
# ...

@app.route('/advanced_commands', methods=['GET'])
def advanced_commands_route():
return advanced_commands()

def advanced_commands():
# Return list of advanced commands
return jsonify({"commands": ["get_user_info", "get_system_info", "get_network_info"]})
return jsonify({"commands": ["get_user_info", "get_system_info", "get_network_info"]})

if __name__ == '__main__':
app.run(debug=True)

Check failure

Code scanning / CodeQL

Flask app is run in debug mode High

A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. The best way to achieve this is to use an environment variable to control the debug mode. This way, we can easily switch between development and production configurations without changing the code.

  1. Modify the app.run(debug=True) line to check an environment variable to determine whether to run in debug mode.
  2. Import the os module to access environment variables.
  3. Set the default value of the debug mode to False to ensure it is not enabled by default.
Suggested changeset 1
modules/exploits2.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/exploits2.py b/modules/exploits2.py
--- a/modules/exploits2.py
+++ b/modules/exploits2.py
@@ -59,2 +59,4 @@
 if __name__ == '__main__':
-    app.run(debug=True)
+    import os
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
+    app.run(debug=debug_mode)
EOF
@@ -59,2 +59,4 @@
if __name__ == '__main__':
app.run(debug=True)
import os
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
app.run(debug=debug_mode)
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
28 changes: 28 additions & 0 deletions modules/zero_day_exploits.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
import logging
import random
from flask import Flask, jsonify, request

app = Flask(__name__)

class ZeroDayExploits:
def __init__(self):
Expand Down Expand Up @@ -31,3 +34,28 @@

def render(self):
return "Zero-Day Exploits Module: Ready to identify and exploit zero-day vulnerabilities in software and hardware."

@app.route('/identify_vulnerability', methods=['POST'])
def identify_vulnerability_route():
target = request.json.get('target')
zero_day_exploits = ZeroDayExploits()
vulnerabilities = zero_day_exploits.identify_vulnerability(target)
return jsonify({"vulnerabilities": vulnerabilities})

@app.route('/develop_exploit', methods=['POST'])
def develop_exploit_route():
vulnerability = request.json.get('vulnerability')
zero_day_exploits = ZeroDayExploits()
exploit_code = zero_day_exploits.develop_exploit(vulnerability)
return jsonify({"exploit_code": exploit_code})

@app.route('/deploy_exploit', methods=['POST'])
def deploy_exploit_route():
target = request.json.get('target')
exploit_code = request.json.get('exploit_code')
zero_day_exploits = ZeroDayExploits()
result = zero_day_exploits.deploy_exploit(target, exploit_code)
return jsonify({"result": result})

if __name__ == '__main__':
app.run(debug=True)

Check failure

Code scanning / CodeQL

Flask app is run in debug mode High

A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that the Flask application does not run in debug mode in a production environment. The best way to achieve this is by using environment variables to control the debug mode. This way, we can enable debug mode during development and disable it in production without changing the code.

  1. Import the os module to access environment variables.
  2. Modify the app.run() call to set the debug parameter based on an environment variable.
  3. Set a default value for the environment variable to ensure the application does not run in debug mode by default.
Suggested changeset 1
modules/zero_day_exploits.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/zero_day_exploits.py b/modules/zero_day_exploits.py
--- a/modules/zero_day_exploits.py
+++ b/modules/zero_day_exploits.py
@@ -60,2 +60,4 @@
 if __name__ == '__main__':
-    app.run(debug=True)
+    import os
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
+    app.run(debug=debug_mode)
EOF
@@ -60,2 +60,4 @@
if __name__ == '__main__':
app.run(debug=True)
import os
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
app.run(debug=debug_mode)
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
16 changes: 16 additions & 0 deletions templates/dashboard.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,5 +88,21 @@ <h2>Advanced Connection Methods</h2>
<p>Connection Method 1: {{ data["connection_method_1"] }}</p>
<p>Connection Method 2: {{ data["connection_method_2"] }}</p>
</div>
<div class="dashboard-section">
<h2>Main Dashboard</h2>
<a href="{{ url_for('dashboard') }}">Go to Main Dashboard</a>
</div>
<div class="dashboard-section">
<h2>Admin Dashboard</h2>
<a href="{{ url_for('admin_dashboard') }}">Go to Admin Dashboard</a>
</div>
<div class="dashboard-section">
<h2>Compliance Dashboard</h2>
<a href="{{ url_for('compliance_dashboard') }}">Go to Compliance Dashboard</a>
</div>
<div class="dashboard-section">
<h2>Training Dashboard</h2>
<a href="{{ url_for('training_dashboard') }}">Go to Training Dashboard</a>
</div>
</body>
</html>
Loading