Home

WebScripts

Description

This tools run scripts and display the result in a Web Interface.

Goals

Create a safe, secure and easy way to share console scripts and scripting environnments with your team or people without IT knowledge.

• Secure
  • SAST - Static Application Security Testing (wiki) using bandit, semgrep, CodeQL and Pycharm Security.
  • DAST - Dynamic Application Security Testing (wiki) using ZAP (Baseline && full scan), nuclei and some Kali Linux tools.
  • Web pentest (wiki) using Kali Linux Web tools and my little experience in Web Hacking. Tools are skipfish, nikto, dirb and whatweb.
  • Hardening(wiki), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports:
    • Linux HTML report,
    • Windows HTML report,
    • docker with Apache and mod_wsgi HTML report,
    • docker with Nginx as HTTPS proxy HTML report,
    • docker HTML report
  • Centralization of logs (using Syslog on Linux and Event Viewer on Windows)
  • Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python package)
  • Easy to deploy securely
    • Docker with Apache and mod_wsgi (github)
    • Docker with Nginx as HTTPS proxy (github)
    • Docker (github)
    • Apache and mod_wsgi (wiki)
    • Nginx as HTTPS proxy (wiki)
  • Easy to configure securely (read the documentation) (wiki)
    • INI/CFG syntax
    • JSON syntax
  • Unittest (wiki)
• Customizable
  • Authentication (wiki) - example (wiki)
  • Web Interface: HTML, CSS and JS files (wiki)
  • URL, request, response and error pages using python modules (wiki) - example (wiki)
• Highly configurable and scalable
  • Modules (wiki)
  • Configurations:
    • server (wiki)
    • scripts (wiki)
• Pre-installed and configured scripts and modules
  • Account, permissions and authentication system (wiki)
  • Share files (wiki): upload and download files with permissions (example here, wiki)
  • HTTP Error Page Request and Reporting System
  • Temporary and secure password sharing
  • Logs viewer and analysis

Demo

Demonstration of WebScripts use - Youtube video

Installation

Requirements

This package require:

• python3
• python3 Standard Library

Optional on Windows:

• pywin32 (to centralize logs in Event Viewer)

Linux

python3 -m pip install WebScripts --install-option "--admin-password=<your password>"

Windows

python -m pip install WebScripts --install-option "--admin-password=<your password>"

Optional

To centralize logs in Event Viewer.

python -m pip install pywin32

Start the server

You can now start the server with this simple command:

WebScripts

First connection

1. Install without --admin-password= option: to log in for the first time, use the Admin account (username: Admin, password: Admin). I recommend changing the password immediately. The Admin account is restricted on 127.0.*,192.168.*,172.16.*,10.* by default.
2. Install with --admin-password= option: to log in for the first time, use the Admin account (username: Admin).

License

Licensed under the GPL, version 3.