{"id":13468292,"url":"https://github.com/bugy/script-server","last_synced_at":"2025-03-26T05:31:00.403Z","repository":{"id":38628398,"uuid":"57911358","full_name":"bugy/script-server","owner":"bugy","description":"Web UI for your scripts with execution management","archived":false,"fork":false,"pushed_at":"2025-01-17T10:28:59.000Z","size":7239,"stargazers_count":1648,"open_issues_count":264,"forks_count":253,"subscribers_count":43,"default_branch":"master","last_synced_at":"2025-01-17T11:27:16.451Z","etag":null,"topics":["bash","material-design","python","scripting","ssh","vuejs","web-gui","web-server","websockets"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bugy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["bugy"],"custom":["paypal.me/IaroslavShepilov"]}},"created_at":"2016-05-02T18:27:43.000Z","updated_at":"2025-01-17T11:12:49.000Z","dependencies_parsed_at":"2023-11-11T10:26:08.335Z","dependency_job_id":"d176b015-10ff-45b7-bf83-9c4933ce0a29","html_url":"https://github.com/bugy/script-server","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugy%2Fscript-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugy%2Fscript-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugy%2Fscript-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugy%2Fscript-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bugy","download_url":"https://codeload.github.com/bugy/script-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245597201,"owners_count":20641859,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","material-design","python","scripting","ssh","vuejs","web-gui","web-server","websockets"],"created_at":"2024-07-31T15:01:08.317Z","updated_at":"2025-03-26T05:30:59.530Z","avatar_url":"https://github.com/bugy.png","language":"Python","readme":"[![Build Status](https://travis-ci.com/bugy/script-server.svg?branch=master\u0026status=passed)](https://travis-ci.com/bugy/script-server) [![Gitter](https://badges.gitter.im/script-server/community.svg)](https://gitter.im/script-server/community?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge)\n\n# script-server\nScript-server is a Web UI for scripts.  \n\nAs an administrator, you add your existing scripts into Script server and other users would be able to execute them via a web interface.\nThe UI is very straightforward and can be used by non-tech people.\n\nNo script modifications are needed - you configure each script in Script server and it creates the corresponding UI with parameters and takes care of validation, execution, etc.  \n\n[DEMO server](https://script-server.net/)\n\n[Admin interface screenshots](https://github.com/bugy/script-server/wiki/Admin-interface)\n\n## Features\n- Different types of script parameters (text, flag, dropdown, file upload, etc.)\n- Real-time script output\n- Users can send input during script execution\n- Auth (optional): LDAP, Google OAuth, htpasswd file\n- Access control\n- Alerts\n- Logging and auditing\n- Formatted output support (colors, styles, cursor positioning, clearing)\n- Download of script output files\n- Execution history\n- Admin page for script configuration\n\nFor more details check [how to configure a script](https://github.com/bugy/script-server/wiki/Script-config)\nor [how to configure the server](https://github.com/bugy/script-server/wiki/Server-configuration)\n\n## Requirements\n\n### Server-side\n\nPython 3.7 or higher with the following modules:\n\n* Tornado 5 / 6\n\nSome features can require additional modules. Such requirements are specified in a corresponding feature description.\n\nOS support:\n\n- Linux (main). Tested and working on Debian 10,11\n- Windows (additional). Light testing\n- macOS (additional). Light testing\n\n### Client-side\n\nAny more or less up to date browser with enabled JS\n\nInternet connection is **not** needed. All the files are loaded from the server.\n\n## Installation\n### For production\n1. Download script-server.zip file from [Latest release](https://github.com/bugy/script-server/releases/latest) or [Dev release](https://github.com/bugy/script-server/releases/tag/dev)\n2. Create script-server folder anywhere on your PC and extract zip content to this folder\n\n(For detailed steps on linux with virtualenv, please see [Installation guide](https://github.com/bugy/script-server/wiki/Installing-on-virtualenv-(linux)))\n\n##### As a docker container\nPlease find pre-built images here: https://hub.docker.com/r/bugy/script-server/tags  \nFor the usage please check [this ticket](https://github.com/bugy/script-server/issues/171#issuecomment-461620836)\n\n### For development\n1. Clone/download the repository\n2. Run 'tools/init.py --no-npm' script\n\n`init.py` script should be run after pulling any new changes\n\nIf you are making changes to web files, use `npm run build` or `npm run serve`\n\n### A issue running on OpenBSD and maybe other UNIX systems\nSee [A issue running on OpenBSD and maybe other UNIX systems](https://github.com/bugy/script-server/wiki/OpenBSD-process-termination-issues).\n\n\n## Setup and run\n1. Create configurations for your scripts in *conf/runners/* folder (see [script config page](https://github.com/bugy/script-server/wiki/Script-config) for details)\n2. Launch launcher.py from script-server folder\n  * Windows command: launcher.py\n  * Linux command: ./launcher.py\n3. Add/edit scripts on the admin page\n\nBy default, the server will run on http://localhost:5000\n\n### Server config\nAll the features listed above and some other minor features can be configured in *conf/conf.json* file. \nIt is allowed not to create this file. In this case, default values will be used.\nSee [server config page](https://github.com/bugy/script-server/wiki/Server-configuration) for details\n\n### Admin panel\nAdmin panel is accessible on admin.html page (e.g. http://localhost:5000/admin.html)\n\n## Logging\n\nAll web/operating logs are written to the *logs/server.log*\nAdditionally each script logs are written to separate file in *logs/processes*. File name format is\n{script\\_name}\\_{client\\_address}\\_{date}\\_{time}.log.\n\n## Testing/demo\n\nScript-server has bundled configs/scripts for testing/demo purposes, which are located in samples folder. You can\nlink/copy these config files (samples/configs/\\*.json) to server config folder (conf/runners).\n\n## Security\n\nI do my best to make script-server secure and invulnerable to attacks, injections or user data security. However to be\non the safe side, it's better to run Script server only on a trusted network.  \nAny security leaks report or recommendations are greatly appreciated!\n\n### Shell commands injection\n\nScript server guarantees that all user parameters are passed to an executable script as arguments and won't be executed\nunder any conditions. There is no way to inject fraud command from a client-side. However, user parameters are not\nescaped, so scripts should take care of not executing them also (general recommendation for bash is at least to wrap all\narguments in double-quotes). It's recommended to use typed parameters when appropriate, because they are validated for\nproper values and so they are harder to be subject of commands injection. Such attempts would be easier to detect also.\n\n_Important!_ Command injection protection is fully supported for Linux, but _only_ for .bat and .exe files on Windows\n\n### XSS and CSRF\n\n_(v1.0 - v1.16)_  \nScript server _is_ vulnerable to these attacks.\n\n_(v1.17+)_  \nScript server is protected against XSRF attacks via a special token.      \nXSS protection: the code is written according to\n[OWASP Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html)\nand the only **known** vulnerabilities are:\n\n* `output_format`=`html_iframe`, see the reasoning in the\n  linked [Wiki page]((https://github.com/bugy/script-server/wiki/Script-config#output_format))\n\n## Contribution\n\nIf you like the project and think you could help with making it better, there are many ways you can do it:\n\n- Create a new issue for new feature proposal or a bug\n- Implement existing issues (there are quite some of them: frontend/backend, simple/complex, choose whatever you like)\n- Help with improving the documentation\n- Set up a demo server\n- Spread a word about the project to your colleagues, friends, blogs or any other channels\n- Any other things you could imagine\n\nAny contribution would be of great help and I will highly appreciate it! \nIf you have any questions, please create a new issue, or contact me via buggygm@gmail.com\n\n## Asking questions\nIf you have any questions, feel free to:\n- Ask in gitter: https://gitter.im/script-server/community\n- or [create a ticket](https://github.com/bugy/script-server/issues/new)\n- or contact me via email: buggygm@gmail.com (for some non-shareable questions)\n\n## Special thanks\n![JetBrains logo](https://github.com/JetBrains/logos/blob/master/web/jetbrains/jetbrains.svg)\n","funding_links":["https://github.com/sponsors/bugy","paypal.me/IaroslavShepilov"],"categories":["Python","\u003ca id=\"tag-dev\" href=\"#tag-dev\"\u003eDev\u003c/a\u003e","bash"],"sub_categories":["\u003ca id=\"tag-dev-other\" href=\"#tag-dev-other\"\u003eOther Dev projects\u003c/a\u003e"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugy%2Fscript-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbugy%2Fscript-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugy%2Fscript-server/lists"}