0xb00b5/firegex-traffic-viewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from Pwnzer0tt1/dev

Browse Source 
Added password request in start.py
This commit is contained in:
Domingo Dirutigliano
2022-08-09 17:17:19 +02:00
committed by GitHub
parent ef695690b3 460cce74ad
commit fa6bbbefd5
4 changed files with 62 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@@ -1,3 +1,5 @@
<img align="left" src="./docs/FiregexLogo.png" width="130" height="130"/>
# [Fi]*regex 🔥 # [Fi]*regex 🔥
<a href="https://github.com/Pwnzer0tt1/firegex/releases/latest"><img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/pwnzer0tt1/firegex?color=D62246&style=flat-square"></a> <img alt="GitHub" src="https://img.shields.io/github/license/pwnzer0tt1/firegex?style=flat-square"> <a href="https://discord.gg/79NNVJBK5Z" target="_blank"><img alt="Discord" src="https://img.shields.io/discord/860223571594051605?color=%237289DA&label=Discord&style=flat-square"></a> <img alt="GitHub top language" src="https://img.shields.io/github/languages/top/pwnzer0tt1/firegex?style=flat-square&color=44AA44"> <a href="https://github.com/Pwnzer0tt1/firegex/releases/latest"><img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/pwnzer0tt1/firegex?color=D62246&style=flat-square"></a> <img alt="GitHub" src="https://img.shields.io/github/license/pwnzer0tt1/firegex?style=flat-square"> <a href="https://discord.gg/79NNVJBK5Z" target="_blank"><img alt="Discord" src="https://img.shields.io/discord/860223571594051605?color=%237289DA&label=Discord&style=flat-square"></a> <img alt="GitHub top language" src="https://img.shields.io/github/languages/top/pwnzer0tt1/firegex?style=flat-square&color=44AA44">
@@ -7,13 +9,21 @@ Firegex is a firewall that includes different functionalities, created for CTF A
## Get started firegex ## Get started firegex
What you need is a linux machine and docker ( + docker-compose ) What you need is a linux machine and docker ( + docker-compose )
```bash
curl https://raw.githubusercontent.com/Pwnzer0tt1/firegex/main/start.py -o firegex.py && python3 firegex.py
``` ```
With this command you will download firegex.py, and run it, it will require you the password to use for firegex and start it with docker-compose
Or, you can start in a similar way firegex, cloning this repository and executing this command
```bash
python3 start.py python3 start.py
``` ```
This command will generate the docker-compose configuration and start it with docker-compose, read the help with -h to customize you firegex instance. Cloning the repository you could use the `--build` option that will build a new image of firegex, this can be usefull if you need change some code of firegex, and run it with the new code.
We recommend to use -t paramether and specify the number of threads to use for each service running on firegex, this will make you network more stable with multiple connections `python3 start.py -t 4`. Image building of firegex will require more time, so it's recommended to use the version just builded and available in the github packages
By default firegex will start in a multithread configuration using the number of threads available in your system.
The default port of firegex is 4444. At the startup you will choose a password, that is essential for your security. The default port of firegex is 4444. At the startup you will choose a password, that is essential for your security.
All the configuration at the startup are customizable in [firegex.py](./start.py) or directly in the firegex interface.
![Firegex Network scheme](docs/Firegex_Screenshot.jpg) ![Firegex Network scheme](docs/Firegex_Screenshot.jpg)
@@ -52,6 +62,5 @@ Initiially the project was based only on regex filters, and also now the main fu
- Create hijacking port to proxy - Create hijacking port to proxy
- Explanation about tools in the dedicated pages making them more user-friendly - Explanation about tools in the dedicated pages making them more user-friendly
- Give the permission to set a startup password in start.py protecting firegex also at the first run
- buffering the TCP and(/or) the UDP stream to avoid to bypass the proxy dividing the information in more packets - buffering the TCP and(/or) the UDP stream to avoid to bypass the proxy dividing the information in more packets
- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables - Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables

12
backend/app.py
View File

@@ -23,6 +23,10 @@ utils.socketio = SocketManager(app, "/sock", socketio_path="")
def APP_STATUS(): return "init" if db.get("password") is None else "run" def APP_STATUS(): return "init" if db.get("password") is None else "run"
def JWT_SECRET(): return db.get("secret") def JWT_SECRET(): return db.get("secret")
def set_psw(psw: str):
hash_psw = crypto.hash(psw)
db.put("password",hash_psw)
@utils.socketio.on("update") @utils.socketio.on("update")
async def updater(): pass async def updater(): pass
@@ -78,8 +82,7 @@ async def set_password(form: PasswordForm):
if APP_STATUS() != "init": raise HTTPException(status_code=400) if APP_STATUS() != "init": raise HTTPException(status_code=400)
if form.password == "": if form.password == "":
return {"status":"Cannot insert an empty password!"} return {"status":"Cannot insert an empty password!"}
hash_psw = crypto.hash(form.password) set_psw(form.password)
db.put("password",hash_psw)
await refresh_frontend() await refresh_frontend()
return {"status":"ok", "access_token": create_access_token({"logged_in": True})} return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
@@ -93,8 +96,7 @@ async def change_password(form: PasswordChangeForm):
if form.expire: if form.expire:
db.put("secret", secrets.token_hex(32)) db.put("secret", secrets.token_hex(32))
hash_psw = crypto.hash(form.password) set_psw(form.password)
db.put("password",hash_psw)
await refresh_frontend() await refresh_frontend()
return {"status":"ok", "access_token": create_access_token({"logged_in": True})} return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
@@ -110,6 +112,8 @@ reset, startup, shutdown = load_routers(api)
@app.on_event("startup") @app.on_event("startup")
async def startup_event(): async def startup_event():
db.init() db.init()
if os.getenv("HEX_SET_PSW"):
set_psw(bytes.fromhex(os.getenv("HEX_SET_PSW")).decode())
await startup() await startup()
if not JWT_SECRET(): db.put("secret", secrets.token_hex(32)) if not JWT_SECRET(): db.put("secret", secrets.token_hex(32))
await refresh_frontend() await refresh_frontend()

BIN
docs/FiregexLogo.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

55
start.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import argparse, sys, platform, os import argparse, sys, platform, os, multiprocessing
pref = "\033[" pref = "\033["
reset = f"{pref}0m" reset = f"{pref}0m"
@@ -19,23 +19,40 @@ def puts(text, *args, color=colors.white, is_bold=False, **kwargs):
print(f'{pref}{1 if is_bold else 0};{color}' + text + reset, *args, **kwargs) print(f'{pref}{1 if is_bold else 0};{color}' + text + reset, *args, **kwargs)
def sep(): puts("-----------------------------------", is_bold=True) def sep(): puts("-----------------------------------", is_bold=True)
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444) parser.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444)
parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=1) parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=-1)
parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Auto-execute "docker-compose up -d --build"', default=False) parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Save docker-compose file and not start the container', default=False)
parser.add_argument('--keep','-k', required=False, action="store_true", help='Keep the docker-compose file generated', default=False)
parser.add_argument('--build', "-b", required=False, action="store_true", help='Build the container locally', default=False) parser.add_argument('--build', "-b", required=False, action="store_true", help='Build the container locally', default=False)
parser.add_argument('--stop', '-s', required=False, action="store_true", help='Stop firegex execution', default=False)
parser.add_argument('--psw-no-interactive',type=str, required=False, help='Password for no-interactive mode', default=None)
parser.add_argument('--startup-psw', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False)
args = parser.parse_args() args = parser.parse_args()
sep() os.chdir(os.path.dirname(os.path.realpath(__file__)))
puts(f"Firegex", color=colors.yellow, end="")
puts(" will start on port ", end="")
puts(f"{args.port}", color=colors.cyan)
if args.threads < 1: if args.build and not os.path.isfile("./Dockerfile"):
puts("Insert a valid number of threads", color=colors.red) puts("This is not a clone of firegex, to build firegex the clone of the repository is needed!", color=colors.red)
exit() exit()
os.chdir(os.path.dirname(os.path.realpath(__file__))) if args.threads < 1:
args.threads = multiprocessing.cpu_count()
if not args.stop:
sep()
puts(f"Firegex", color=colors.yellow, end="")
puts(" will start on port ", end="")
puts(f"{args.port}", color=colors.cyan)
psw_set = None
if not args.stop:
if args.psw_no_interactive:
psw_set = args.psw_no_interactive
elif not args.startup_psw:
puts("Insert the password for firegex: ", end="" , color=colors.yellow, is_bold=True)
psw_set = input()
with open("docker-compose.yml","wt") as compose: with open("docker-compose.yml","wt") as compose:
@@ -51,6 +68,7 @@ services:
environment: environment:
- PORT={args.port} - PORT={args.port}
- NTHREADS={args.threads} - NTHREADS={args.threads}
{"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
volumes: volumes:
- /execute/db - /execute/db
cap_add: cap_add:
@@ -73,17 +91,24 @@ services:
environment: environment:
- PORT={args.port} - PORT={args.port}
- NTHREADS={args.threads} - NTHREADS={args.threads}
{"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
volumes: volumes:
- /execute/db - /execute/db
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
""") """)
sep() sep()
if not args.no_autostart: if not args.no_autostart:
puts("Running 'docker-compose up -d --build'\n", color=colors.green) try:
os.system("docker-compose up -d --build") if args.stop:
puts("Running 'docker-compose down'\n", color=colors.green)
os.system("docker-compose -p firegex down")
else:
puts("Running 'docker-compose up -d --build'\n", color=colors.green)
os.system("docker-compose -p firegex up -d --build")
finally:
if not args.keep:
os.remove("docker-compose.yml")
else: else:
puts("Done! You can start firegex with docker-compose up -d --build", color=colors.yellow) puts("Done! You can start/stop firegex with docker-compose up -d --build", color=colors.yellow)
sep() sep()