This tool run scripts and display the result in a Web Interface (a little presentation is available here and on mygithub.io).

Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.

• Secure
  • SAST - Static Application Security Testing (wiki) usingbandit, semgrep, CodeQL and Pycharm Security.
  • DAST - Dynamic Application Security Testing (wiki) usingZAP(Baseline && full scan), nuclei and some Kali Linux tools.
  • Web pentest (wiki) using Kali Linux Web tools and my little experience in Web Hacking. Tools areskipfish,nikto,dirb andwhatweb.
  • Hardening(wiki), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports:
    • Linux HTML report,
    • Windows HTML report,
    • docker with Apache and mod_wsgi HTML report,
    • docker with Nginx as HTTPS proxy HTML report,
    • docker HTML report
  • File integrity checks(wiki), the WebScripts server implements a daemon thread to check file integrity hourly.
  • Logs
    • Centralization (using Syslog on Linux and Event Viewer on Windows)
    • Levels
      • Trace (5) [Specific file]
      • Debug (10) [Specific file, full logs file, console, centralization]
      • Info (20) [Specific file, full logs file, console, centralization]
      • Request (26) [Specific file, full logs file, console, centralization]
      • Response (27) [Specific file, full logs file, console, centralization]
      • Command (28) [Specific file, full logs file, console, centralization]
      • Warning (30) [Specific file, full logs file, console, centralization]
      • Error (40) [Specific file, full logs file, console, centralization]
      • Critical (50) [Specific file, full logs file, console, centralization]
  • Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python package)
  • Easy to deploy securely
    • Docker with Apache and mod_wsgi (github)
    • Docker with Nginx as HTTPS proxy (github)
    • Docker (github)
    • Apache and mod_wsgi (wiki)
    • Nginx as HTTPS proxy (wiki)
  • Easy to configure securely(read the documentation) (wiki)
    • INI/CFG syntax
    • JSON syntax
  • Unittest - 99% Code Coverage (2104/2108 lines) (wiki)
    • ubuntu && python [3.8, 3.9, 3.10, 3.11]
    • windows && python [3.8, 3.9, 3.10, 3.11]
    • MacOS && python [3.8, 3.9, 3.10, 3.11]
  • Javascript parser and formatter fortext,json andcsv content type (XSS protection)
  • XSS active protection forhtml content type based on user inputs analysis and script outputs
• Customizable
  • Authentication (wiki) -example (wiki)
  • Web Interface: HTML, CSS and JSfiles (wiki)
  • URL, request, response and error pages usingpython modules (wiki) -example (wiki)
• Highly configurable and scalable
  • Modules (wiki)
  • Configurations:
    • server (wiki)
    • scripts (wiki)
• Pre-installed and configured scripts and modules
  • Account,permissions (wiki) andauthentication system (wiki)
  • Share files (wiki): upload and download files with permissions (examplehere,wiki)
  • HTTP Error Page Request and Reporting System
  • Temporary and secure password sharing
  • Logs viewer and analysis

Demonstration of WebScripts use - Youtube video

This package require:

• python3
• python3 Standard Library

Optional on Windows:

• pywin32 (to centralize logs in Event Viewer)

python3 -m venv WebScripts# Make a virtual environment for WebScriptssource WebScripts/bin/activate# Activate your virtual environmentsudo WebScripts/bin/python3 -m pip install --use-pep517 WebScripts --install-option"--admin-password=<your password>" --install-option"--owner=<owner>" --install-option"--directory=<directory>"# Install WebScripts using setup.py with pipsudo WebScripts/bin/python3 -m WebScripts.harden -p'<my admin password>' -o'<my webscripts user>' -d'WebScripts/'# Harden default configurationscd WebScripts# Use your virtual environment to start WebScriptsWebScripts# Start WebScripts server for demonstration (for production see deployment documentation)

WebScriptspython3 -m WebScriptsWebScripts --helpWebScripts -h# Print help message and command line optionsWebScripts --interface"192.168.1.2" --port 80WebScripts -i"192.168.1.2" -p 80# Change interface and port# /!\ do not use the --debug option on the production environmentWebScripts --debugWebScripts -d# Print informations about server configuration in errors pages (404 and 500)# /!\ do not use the --security option on the production environmentWebScripts --securityWebScripts -s# Do not use HTTP security headers (for debugging)WebScripts --accept-unauthenticated-user --accept-unknow-user# Accept unauthenticated user

importWebScriptsWebScripts.main()

fromWebScriptsimportConfiguration,Server,mainfromwsgirefimportsimple_serverconfig=Configuration()config.add_conf(interface="",port=8000,scripts_path= ["./scripts/account","./scripts/passwords"    ],json_scripts_config= ["./config/scripts/*.json"    ],ini_scripts_config= ["./config/scripts/*.ini"    ],documentations_path= ["./doc/*.html"    ],js_path= ["./static/js/*.js"    ],statics_path= ["./static/html/*.html","./static/css/*.css","./static/images/*.jpg","./static/pdf/*.pdf"    ],)config.set_defaults()config.check_required()config.get_unexpecteds()config.build_types()server=Server(config)httpd=simple_server.make_server(server.interface,server.port,server.app)httpd.serve_forever()

git clone https://github.com/mauricelambert/WebScripts.gitcd WebScriptspython3.8 WebScripts/scripts/to_3.8/to_3.8.pypython3.8 setup38.py installpython3.8 -m WebScripts38

# Launch this commands line:#   - git clone https://github.com/mauricelambert/WebScripts.git#   - cd WebScripts#   - python3.8 WebScripts/scripts/to_3.8/to_3.8.py#   - python3.8 setup38.py install# And use the package:importWebScripts38WebScripts38.main()

• Home:wiki,readthedocs
• Installation:wiki,readthedocs
• Configurations:
  • Usages:wiki,readthedocs
  • Server Configurations:wiki,readthedocs
  • Scripts Configurations:wiki,readthedocs
  • Arguments Configurations:wiki,readthedocs
• Logs:wiki,readthedocs
• Authentication:wiki,readthedocs
• Default Database:wiki,readthedocs
• Access and Permissions:wiki,readthedocs
• API:wiki,readthedocs
• Development and Administration Tools:wiki,readthedocs
• Customize:
  • WEB Interface:wiki,readthedocs
  • Modules:wiki,readthedocs
• Security:
  • Security Considerations:wiki,readthedocs
  • Code analysis for security (SAST and DAST):wiki,readthedocs
  • Security checks and tests (pentest):wiki,readthedocs
• Examples:
  • Deployment:wiki,readthedocs
  • Add a bash script (for authentication):wiki,readthedocs
  • Add a module:wiki,readthedocs
  • Make a custom API client:wiki,readthedocs

• __init__
• WebScripts
• Pages
• commons
• utils
• Errors
• Default Database Manager
• Default Upload Manager
• Default Request Manager
• Default module errors
• Default module share
• Default module csp

• Pypi
• Github
• ReadTheDocs
• RSS Feedpypi,libraries
• WebScripts Server presentation

Index page (dark)Text script (dark)HTML script (light)

Licensed under theGPL, version 3.