diff --git a/README.md b/README.md
index c2c05fd..d1cdc4c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+
+
# [Fi]*regex 🔥
@@ -7,13 +9,21 @@ Firegex is a firewall that includes different functionalities, created for CTF A
## Get started firegex
What you need is a linux machine and docker ( + docker-compose )
+```bash
+curl https://raw.githubusercontent.com/Pwnzer0tt1/firegex/main/start.py -o firegex.py && python3 firegex.py
```
+With this command you will download firegex.py, and run it, it will require you the password to use for firegex and start it with docker-compose
+
+Or, you can start in a similar way firegex, cloning this repository and executing this command
+```bash
python3 start.py
```
-This command will generate the docker-compose configuration and start it with docker-compose, read the help with -h to customize you firegex instance.
-We recommend to use -t paramether and specify the number of threads to use for each service running on firegex, this will make you network more stable with multiple connections `python3 start.py -t 4`.
+Cloning the repository you could use the `--build` option that will build a new image of firegex, this can be usefull if you need change some code of firegex, and run it with the new code.
+Image building of firegex will require more time, so it's recommended to use the version just builded and available in the github packages
+By default firegex will start in a multithread configuration using the number of threads available in your system.
The default port of firegex is 4444. At the startup you will choose a password, that is essential for your security.
+All the configuration at the startup are customizable in [firegex.py](./start.py) or directly in the firegex interface.
@@ -52,6 +62,5 @@ Initiially the project was based only on regex filters, and also now the main fu
- Create hijacking port to proxy
- Explanation about tools in the dedicated pages making them more user-friendly
-- Give the permission to set a startup password in start.py protecting firegex also at the first run
- buffering the TCP and(/or) the UDP stream to avoid to bypass the proxy dividing the information in more packets
- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables
diff --git a/backend/app.py b/backend/app.py
index 0b56fa2..bb6efbb 100644
--- a/backend/app.py
+++ b/backend/app.py
@@ -23,6 +23,10 @@ utils.socketio = SocketManager(app, "/sock", socketio_path="")
def APP_STATUS(): return "init" if db.get("password") is None else "run"
def JWT_SECRET(): return db.get("secret")
+def set_psw(psw: str):
+ hash_psw = crypto.hash(psw)
+ db.put("password",hash_psw)
+
@utils.socketio.on("update")
async def updater(): pass
@@ -78,8 +82,7 @@ async def set_password(form: PasswordForm):
if APP_STATUS() != "init": raise HTTPException(status_code=400)
if form.password == "":
return {"status":"Cannot insert an empty password!"}
- hash_psw = crypto.hash(form.password)
- db.put("password",hash_psw)
+ set_psw(form.password)
await refresh_frontend()
return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
@@ -93,8 +96,7 @@ async def change_password(form: PasswordChangeForm):
if form.expire:
db.put("secret", secrets.token_hex(32))
- hash_psw = crypto.hash(form.password)
- db.put("password",hash_psw)
+ set_psw(form.password)
await refresh_frontend()
return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
@@ -110,6 +112,8 @@ reset, startup, shutdown = load_routers(api)
@app.on_event("startup")
async def startup_event():
db.init()
+ if os.getenv("HEX_SET_PSW"):
+ set_psw(bytes.fromhex(os.getenv("HEX_SET_PSW")).decode())
await startup()
if not JWT_SECRET(): db.put("secret", secrets.token_hex(32))
await refresh_frontend()
diff --git a/docs/FiregexLogo.png b/docs/FiregexLogo.png
new file mode 100755
index 0000000..f44f144
Binary files /dev/null and b/docs/FiregexLogo.png differ
diff --git a/start.py b/start.py
index 70bd061..ce15ad2 100755
--- a/start.py
+++ b/start.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
-import argparse, sys, platform, os
+import argparse, sys, platform, os, multiprocessing
pref = "\033["
reset = f"{pref}0m"
@@ -19,24 +19,41 @@ def puts(text, *args, color=colors.white, is_bold=False, **kwargs):
print(f'{pref}{1 if is_bold else 0};{color}' + text + reset, *args, **kwargs)
def sep(): puts("-----------------------------------", is_bold=True)
+
parser = argparse.ArgumentParser()
parser.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444)
-parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=1)
-parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Auto-execute "docker-compose up -d --build"', default=False)
+parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=-1)
+parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Save docker-compose file and not start the container', default=False)
+parser.add_argument('--keep','-k', required=False, action="store_true", help='Keep the docker-compose file generated', default=False)
parser.add_argument('--build', "-b", required=False, action="store_true", help='Build the container locally', default=False)
+parser.add_argument('--stop', '-s', required=False, action="store_true", help='Stop firegex execution', default=False)
+parser.add_argument('--psw-no-interactive',type=str, required=False, help='Password for no-interactive mode', default=None)
+parser.add_argument('--startup-psw', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False)
args = parser.parse_args()
-sep()
-puts(f"Firegex", color=colors.yellow, end="")
-puts(" will start on port ", end="")
-puts(f"{args.port}", color=colors.cyan)
-
-if args.threads < 1:
- puts("Insert a valid number of threads", color=colors.red)
- exit()
-
os.chdir(os.path.dirname(os.path.realpath(__file__)))
+if args.build and not os.path.isfile("./Dockerfile"):
+ puts("This is not a clone of firegex, to build firegex the clone of the repository is needed!", color=colors.red)
+ exit()
+
+if args.threads < 1:
+ args.threads = multiprocessing.cpu_count()
+
+if not args.stop:
+ sep()
+ puts(f"Firegex", color=colors.yellow, end="")
+ puts(" will start on port ", end="")
+ puts(f"{args.port}", color=colors.cyan)
+
+psw_set = None
+if not args.stop:
+ if args.psw_no_interactive:
+ psw_set = args.psw_no_interactive
+ elif not args.startup_psw:
+ puts("Insert the password for firegex: ", end="" , color=colors.yellow, is_bold=True)
+ psw_set = input()
+
with open("docker-compose.yml","wt") as compose:
if "linux" in sys.platform and not 'microsoft-standard' in platform.uname().release: #Check if not is a wsl also
@@ -51,6 +68,7 @@ services:
environment:
- PORT={args.port}
- NTHREADS={args.threads}
+ {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
volumes:
- /execute/db
cap_add:
@@ -73,17 +91,24 @@ services:
environment:
- PORT={args.port}
- NTHREADS={args.threads}
+ {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
volumes:
- /execute/db
cap_add:
- NET_ADMIN
""")
-
sep()
if not args.no_autostart:
- puts("Running 'docker-compose up -d --build'\n", color=colors.green)
- os.system("docker-compose up -d --build")
+ try:
+ if args.stop:
+ puts("Running 'docker-compose down'\n", color=colors.green)
+ os.system("docker-compose -p firegex down")
+ else:
+ puts("Running 'docker-compose up -d --build'\n", color=colors.green)
+ os.system("docker-compose -p firegex up -d --build")
+ finally:
+ if not args.keep:
+ os.remove("docker-compose.yml")
else:
- puts("Done! You can start firegex with docker-compose up -d --build", color=colors.yellow)
+ puts("Done! You can start/stop firegex with docker-compose up -d --build", color=colors.yellow)
sep()
-