Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

This tool runs scripts and display the result in a Web Interface.

License

NotificationsYou must be signed in to change notification settings

mauricelambert/WebScripts

Repository files navigation

WebScripts Logo

WebScripts

PyPIDownloadsGitHub branch checks statePyPI - StatusPyPI - Python VersionGitHub commit activityGitHub top languageGitHub issuesGitHub closed issuesGitHubGitHub repo sizeLibraries.io SourceRankCompatibilityContainersCode style: black

Description

This tool run scripts and display the result in a Web Interface (a little presentation is available here and on mygithub.io).

Goals

Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.

  • Secure
    • SAST - Static Application Security Testing (wiki) usingbandit, semgrep, CodeQL and Pycharm Security.
    • DAST - Dynamic Application Security Testing (wiki) usingZAP(Baseline && full scan), nuclei and some Kali Linux tools.
    • Web pentest (wiki) using Kali Linux Web tools and my little experience in Web Hacking. Tools areskipfish,nikto,dirb andwhatweb.
    • Hardening(wiki), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports:
    • File integrity checks(wiki), the WebScripts server implements a daemon thread to check file integrity hourly.
    • Logs with centralization (using Syslog on Linux and Event Viewer on Windows), some levels and differents files for easiest supervision, controls and investigations
    • Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python external package)
    • Easy to deploy securely (with docker or on your Linux system with Apache and UWSGI or NGINX as reverse proxy)
    • Easy to configure securely(read the documentation) (wiki), hardening checks and reports for unsecure configurations
    • Unittest - 99% Code Coverage (2104/2108 lines) (wiki), tests with python3.8 - python3.12
    • Javascript parser and formatter fortext,json andcsv content type (XSS protection)
    • XSS active protection forhtml content type based on user inputs analysis and script outputs
  • Customizable
  • Highly configurable and scalable with apython module system (wiki) and configurations
  • Pre-installed and configured scripts and modules (user and authentication, secure file sharing with permissions, error pages with requests to administrator system, temporary and secure password share, logs viewer and analyser)

Demo

Demo WebScripts - Youtube

Demonstration of WebScripts use - Youtube video

Requirements

This package require:

  • python3
  • python3 Standard Library

Optional on Windows:

  • pywin32 (to centralize logs in Event Viewer)

Installation

python3 -m venv WebScripts# Make a virtual environment for WebScriptssource WebScripts/bin/activate# Activate your virtual environmentsudo WebScripts/bin/python3 -m pip install --use-pep517 WebScripts --install-option"--admin-password=<your password>" --install-option"--owner=<owner>" --install-option"--directory=<directory>"# Install WebScripts using setup.py with pipsudo WebScripts/bin/python3 -m WebScripts.harden -p'<my admin password>' -o'<my webscripts user>' -d'WebScripts/'# Harden default configurationscd WebScripts# Use your virtual environment to start WebScriptsWebScripts# Start WebScripts server for demonstration (for production see deployment documentation)

Basic Usages

Command line

WebScriptspython3 -m WebScriptsWebScripts --helpWebScripts -h# Print help message and command line optionsWebScripts --interface"192.168.1.2" --port 80WebScripts -i"192.168.1.2" -p 80# Change interface and port# /!\ do not use the --debug option on the production environmentWebScripts --debugWebScripts -d# Print informations about server configuration in errors pages (404 and 500)# /!\ do not use the --security option on the production environmentWebScripts --securityWebScripts -s# Do not use HTTP security headers (for debugging)WebScripts --accept-unauthenticated-user --accept-unknow-user# Accept unauthenticated user

Python script

importWebScriptsWebScripts.main()
fromWebScriptsimportConfiguration,Server,mainfromwsgirefimportsimple_serverconfig=Configuration()config.add_conf(interface="",port=8000,scripts_path= ["./scripts/account","./scripts/passwords"    ],json_scripts_config= ["./config/scripts/*.json"    ],ini_scripts_config= ["./config/scripts/*.ini"    ],documentations_path= ["./doc/*.html"    ],js_path= ["./static/js/*.js"    ],statics_path= ["./static/html/*.html","./static/css/*.css","./static/images/*.jpg","./static/pdf/*.pdf"    ],)config.set_defaults()config.check_required()config.get_unexpecteds()config.build_types()server=Server(config)httpd=simple_server.make_server(server.interface,server.port,server.app)httpd.serve_forever()

Compatibility

Python3.8

git clone https://github.com/mauricelambert/WebScripts.gitcd WebScriptspython3.8 WebScripts/scripts/to_3.8/to_3.8.pypython3.8 setup38.py installpython3.8 -m WebScripts38
# Launch this commands line:#   - git clone https://github.com/mauricelambert/WebScripts.git#   - cd WebScripts#   - python3.8 WebScripts/scripts/to_3.8/to_3.8.py#   - python3.8 setup38.py install# And use the package:importWebScripts38WebScripts38.main()

Documentation

Links

Screenshots

Index page (dark)Index page (dark)Text script (dark)Text script (dark)HTML script (light)HTML script (light)

License

Licensed under theGPL, version 3.

[8]ページ先頭
©2009-2025 Movatter.jp