Merge pull request #3 from Pwnzer0tt1/dev
Added password request in start.py
This commit is contained in:
Domingo Dirutigliano
15
README.md
15
README.md
@@ -1,3 +1,5 @@
|
||||
<img align="left" src="./docs/FiregexLogo.png" width="130" height="130"/>
|
||||
|
||||
# [Fi]*regex 🔥
|
||||
|
||||
<a href="https://github.com/Pwnzer0tt1/firegex/releases/latest"><img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/pwnzer0tt1/firegex?color=D62246&style=flat-square"></a> <img alt="GitHub" src="https://img.shields.io/github/license/pwnzer0tt1/firegex?style=flat-square"> <a href="https://discord.gg/79NNVJBK5Z" target="_blank"><img alt="Discord" src="https://img.shields.io/discord/860223571594051605?color=%237289DA&label=Discord&style=flat-square"></a> <img alt="GitHub top language" src="https://img.shields.io/github/languages/top/pwnzer0tt1/firegex?style=flat-square&color=44AA44">
|
||||
@@ -7,13 +9,21 @@ Firegex is a firewall that includes different functionalities, created for CTF A
|
||||
|
||||
## Get started firegex
|
||||
What you need is a linux machine and docker ( + docker-compose )
|
||||
```bash
|
||||
curl https://raw.githubusercontent.com/Pwnzer0tt1/firegex/main/start.py -o firegex.py && python3 firegex.py
|
||||
```
|
||||
With this command you will download firegex.py, and run it, it will require you the password to use for firegex and start it with docker-compose
|
||||
|
||||
Or, you can start in a similar way firegex, cloning this repository and executing this command
|
||||
```bash
|
||||
python3 start.py
|
||||
```
|
||||
This command will generate the docker-compose configuration and start it with docker-compose, read the help with -h to customize you firegex instance.
|
||||
We recommend to use -t paramether and specify the number of threads to use for each service running on firegex, this will make you network more stable with multiple connections `python3 start.py -t 4`.
|
||||
Cloning the repository you could use the `--build` option that will build a new image of firegex, this can be usefull if you need change some code of firegex, and run it with the new code.
|
||||
Image building of firegex will require more time, so it's recommended to use the version just builded and available in the github packages
|
||||
|
||||
By default firegex will start in a multithread configuration using the number of threads available in your system.
|
||||
The default port of firegex is 4444. At the startup you will choose a password, that is essential for your security.
|
||||
All the configuration at the startup are customizable in [firegex.py](./start.py) or directly in the firegex interface.
|
||||
|
||||
|
||||
|
||||
@@ -52,6 +62,5 @@ Initiially the project was based only on regex filters, and also now the main fu
|
||||
|
||||
- Create hijacking port to proxy
|
||||
- Explanation about tools in the dedicated pages making them more user-friendly
|
||||
- Give the permission to set a startup password in start.py protecting firegex also at the first run
|
||||
- buffering the TCP and(/or) the UDP stream to avoid to bypass the proxy dividing the information in more packets
|
||||
- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables
|
||||
|
||||
@@ -23,6 +23,10 @@ utils.socketio = SocketManager(app, "/sock", socketio_path="")
|
||||
def APP_STATUS(): return "init" if db.get("password") is None else "run"
|
||||
def JWT_SECRET(): return db.get("secret")
|
||||
|
||||
def set_psw(psw: str):
|
||||
hash_psw = crypto.hash(psw)
|
||||
db.put("password",hash_psw)
|
||||
|
||||
@utils.socketio.on("update")
|
||||
async def updater(): pass
|
||||
|
||||
@@ -78,8 +82,7 @@ async def set_password(form: PasswordForm):
|
||||
if APP_STATUS() != "init": raise HTTPException(status_code=400)
|
||||
if form.password == "":
|
||||
return {"status":"Cannot insert an empty password!"}
|
||||
hash_psw = crypto.hash(form.password)
|
||||
db.put("password",hash_psw)
|
||||
set_psw(form.password)
|
||||
await refresh_frontend()
|
||||
return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
|
||||
|
||||
@@ -93,8 +96,7 @@ async def change_password(form: PasswordChangeForm):
|
||||
if form.expire:
|
||||
db.put("secret", secrets.token_hex(32))
|
||||
|
||||
hash_psw = crypto.hash(form.password)
|
||||
db.put("password",hash_psw)
|
||||
set_psw(form.password)
|
||||
await refresh_frontend()
|
||||
return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
|
||||
|
||||
@@ -110,6 +112,8 @@ reset, startup, shutdown = load_routers(api)
|
||||
@app.on_event("startup")
|
||||
async def startup_event():
|
||||
db.init()
|
||||
if os.getenv("HEX_SET_PSW"):
|
||||
set_psw(bytes.fromhex(os.getenv("HEX_SET_PSW")).decode())
|
||||
await startup()
|
||||
if not JWT_SECRET(): db.put("secret", secrets.token_hex(32))
|
||||
await refresh_frontend()
|
||||
|
||||
BIN
docs/FiregexLogo.png
Executable file
BIN
docs/FiregexLogo.png
Executable file
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
51
start.py
51
start.py
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import argparse, sys, platform, os
|
||||
import argparse, sys, platform, os, multiprocessing
|
||||
|
||||
pref = "\033["
|
||||
reset = f"{pref}0m"
|
||||
@@ -19,23 +19,40 @@ def puts(text, *args, color=colors.white, is_bold=False, **kwargs):
|
||||
print(f'{pref}{1 if is_bold else 0};{color}' + text + reset, *args, **kwargs)
|
||||
|
||||
def sep(): puts("-----------------------------------", is_bold=True)
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444)
|
||||
parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=1)
|
||||
parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Auto-execute "docker-compose up -d --build"', default=False)
|
||||
parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=-1)
|
||||
parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Save docker-compose file and not start the container', default=False)
|
||||
parser.add_argument('--keep','-k', required=False, action="store_true", help='Keep the docker-compose file generated', default=False)
|
||||
parser.add_argument('--build', "-b", required=False, action="store_true", help='Build the container locally', default=False)
|
||||
parser.add_argument('--stop', '-s', required=False, action="store_true", help='Stop firegex execution', default=False)
|
||||
parser.add_argument('--psw-no-interactive',type=str, required=False, help='Password for no-interactive mode', default=None)
|
||||
parser.add_argument('--startup-psw', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False)
|
||||
|
||||
args = parser.parse_args()
|
||||
os.chdir(os.path.dirname(os.path.realpath(__file__)))
|
||||
|
||||
if args.build and not os.path.isfile("./Dockerfile"):
|
||||
puts("This is not a clone of firegex, to build firegex the clone of the repository is needed!", color=colors.red)
|
||||
exit()
|
||||
|
||||
if args.threads < 1:
|
||||
args.threads = multiprocessing.cpu_count()
|
||||
|
||||
if not args.stop:
|
||||
sep()
|
||||
puts(f"Firegex", color=colors.yellow, end="")
|
||||
puts(" will start on port ", end="")
|
||||
puts(f"{args.port}", color=colors.cyan)
|
||||
|
||||
if args.threads < 1:
|
||||
puts("Insert a valid number of threads", color=colors.red)
|
||||
exit()
|
||||
|
||||
os.chdir(os.path.dirname(os.path.realpath(__file__)))
|
||||
psw_set = None
|
||||
if not args.stop:
|
||||
if args.psw_no_interactive:
|
||||
psw_set = args.psw_no_interactive
|
||||
elif not args.startup_psw:
|
||||
puts("Insert the password for firegex: ", end="" , color=colors.yellow, is_bold=True)
|
||||
psw_set = input()
|
||||
|
||||
with open("docker-compose.yml","wt") as compose:
|
||||
|
||||
@@ -51,6 +68,7 @@ services:
|
||||
environment:
|
||||
- PORT={args.port}
|
||||
- NTHREADS={args.threads}
|
||||
{"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
|
||||
volumes:
|
||||
- /execute/db
|
||||
cap_add:
|
||||
@@ -73,17 +91,24 @@ services:
|
||||
environment:
|
||||
- PORT={args.port}
|
||||
- NTHREADS={args.threads}
|
||||
{"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
|
||||
volumes:
|
||||
- /execute/db
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
""")
|
||||
|
||||
sep()
|
||||
if not args.no_autostart:
|
||||
puts("Running 'docker-compose up -d --build'\n", color=colors.green)
|
||||
os.system("docker-compose up -d --build")
|
||||
try:
|
||||
if args.stop:
|
||||
puts("Running 'docker-compose down'\n", color=colors.green)
|
||||
os.system("docker-compose -p firegex down")
|
||||
else:
|
||||
puts("Done! You can start firegex with docker-compose up -d --build", color=colors.yellow)
|
||||
puts("Running 'docker-compose up -d --build'\n", color=colors.green)
|
||||
os.system("docker-compose -p firegex up -d --build")
|
||||
finally:
|
||||
if not args.keep:
|
||||
os.remove("docker-compose.yml")
|
||||
else:
|
||||
puts("Done! You can start/stop firegex with docker-compose up -d --build", color=colors.yellow)
|
||||
sep()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user