Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/mauricelambert/webscripts

This tool runs scripts and display the result in a Web Interface.
https://github.com/mauricelambert/webscripts
admin-tools devops-tools devsecops environment-share pypi-package python3 script-executor scripts-share security security-tools soc-tools teams-tools webserver website wsgi-server
Last synced: about 1 month ago
JSON representation
This tool runs scripts and display the result in a Web Interface.
Host: GitHub
URL: https://github.com/mauricelambert/webscripts
Owner: mauricelambert
License: gpl-3.0
Created: 2021-10-23T09:11:22.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-06-28T16:45:07.000Z (6 months ago)
Last Synced: 2024-11-13T17:50:00.836Z (about 2 months ago)
Topics: admin-tools, devops-tools, devsecops, environment-share, pypi-package, python3, script-executor, scripts-share, security, security-tools, soc-tools, teams-tools, webserver, website, wsgi-server
Language: Python
Homepage: https://webscripts.readthedocs.io/en/latest/
Size: 2.75 MB
Stars: 10
Watchers: 2
Forks: 2
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Security: docs/Security_Considerations.md
Awesome Lists containing this project

README

        ![WebScripts Logo](https://mauricelambert.github.io/info/python/code/WebScripts/small_logo.png "WebScripts logo")

# WebScripts

![PyPI](https://img.shields.io/pypi/v/WebScripts?color=orange)

[![Downloads](https://static.pepy.tech/personalized-badge/webscripts?period=total&units=none&left_color=grey&right_color=orange&left_text=Downloads)](https://pepy.tech/project/webscripts)

![GitHub branch checks state](https://img.shields.io/github/checks-status/mauricelambert/WebScripts/main?color=orange)

![PyPI - Status](https://img.shields.io/pypi/status/WebScripts?color=orange)

![PyPI - Python Version](https://img.shields.io/pypi/pyversions/WebScripts?color=orange)

![GitHub commit activity](https://img.shields.io/github/commit-activity/y/mauricelambert/WebScripts?color=orange)

![GitHub top language](https://img.shields.io/github/languages/top/mauricelambert/WebScripts?color=orange)

![GitHub issues](https://img.shields.io/github/issues/mauricelambert/WebScripts?color=orange)

![GitHub closed issues](https://img.shields.io/github/issues-closed/mauricelambert/WebScripts?color=orange)

![GitHub](https://img.shields.io/github/license/mauricelambert/WebScripts?color=orange)

![GitHub repo size](https://img.shields.io/github/repo-size/mauricelambert/WebScripts?color=orange)

![Libraries.io SourceRank](https://img.shields.io/librariesio/sourcerank/pypi/webscripts?color=orange)

[![Compatibility](https://img.shields.io/badge/compatibility-python3.8-orange)](https://webscripts.readthedocs.io/en/latest/Installation/#python38)

[![Containers](https://img.shields.io/badge/containers-docker-orange)](https://github.com/mauricelambert/WebScriptsContainers)

[![Code style: black](https://img.shields.io/badge/code%20style-black-orange.svg)](https://github.com/psf/black)

## Description

This tool run scripts and display the result in a Web Interface ([a little presentation is available here](https://www.slideshare.net/MauriceLambert1/webscripts-server-251581216) and on my [github.io](https://mauricelambert.github.io/info/python/code/WebScripts/WebScripts.pdf)).

## Goals

Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.

 - Secure

    - [SAST - Static Application Security Testing](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/#sast-alerts) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security)) using [bandit](https://mauricelambert.github.io/info/python/code/WebScripts/bandit.txt), semgrep, CodeQL and Pycharm Security.

    - [DAST - Dynamic Application Security Testing](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/#dast-alerts) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security)) using [ZAP](https://mauricelambert.github.io/info/python/code/WebScripts/ZAP.html) [(Baseline && full scan)](https://github.com/mauricelambert/WebScripts/issues/4), nuclei and some Kali Linux tools.

    - [Web pentest](https://webscripts.readthedocs.io/en/latest/Pentest/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Pentest)) using Kali Linux Web tools and my little experience in Web Hacking. Tools are [skipfish](https://mauricelambert.github.io/info/python/code/WebScripts/skipfish/index.html), [nikto](https://mauricelambert.github.io/info/python/code/WebScripts/nikto.html), [dirb](https://mauricelambert.github.io/info/python/code/WebScripts/dirb.txt) and [whatweb](https://mauricelambert.github.io/info/python/code/WebScripts/whatweb.json).

    - [Hardening](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#hardening-audit)([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#hardening-audit)), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports: 

    - [File integrity checks](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#file-integrity)([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#file-integrity)), the WebScripts server implements a daemon thread to check file integrity hourly.

    - Logs with centralization (using Syslog on Linux and Event Viewer on Windows), some levels and differents files for easiest supervision, controls and investigations

    - Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python external package)

    - Easy to deploy securely (with docker or on your Linux system with Apache and UWSGI or NGINX as reverse proxy)

    - Easy to configure securely [(read the documentation)](https://webscripts.readthedocs.io/en/latest/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/)), hardening checks and reports for unsecure configurations

    - [Unittest - 99% Code Coverage (2104/2108 lines)](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#unittest) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#unittest)), tests with python3.8 - python3.12

    - Javascript parser and formatter for `text`, `json` and `csv` content type (XSS protection)

    - XSS active protection for `html` content type based on user inputs analysis and script outputs

 - Customizable

    - [Authentication](https://webscripts.readthedocs.io/en/latest/Authentication/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Authentication)) - [example](https://webscripts.readthedocs.io/en/latest/Add_Script/#build-the-script) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Script#build-the-script))

    - Web Interface: HTML, CSS and JS [files](https://webscripts.readthedocs.io/en/latest/WEB_Interface/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/WEB-Interface))

    - URL, request, response and error pages using [python modules](https://webscripts.readthedocs.io/en/latest/Modules/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules)) - [example](https://webscripts.readthedocs.io/en/latest/Add_Module/#build-the-module) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Module))

 - Highly configurable and scalable with a [python module system](https://webscripts.readthedocs.io/en/latest/Modules/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules)) and configurations

 - Pre-installed and configured scripts and modules (user and authentication, secure file sharing with permissions, error pages with requests to administrator system, temporary and secure password share, logs viewer and analyser)

## Demo

[![Demo WebScripts - Youtube](https://img.youtube.com/vi/2_hRBTRzl5w/0.jpg)](http://www.youtube.com/watch?v=2_hRBTRzl5w)

*Demonstration of WebScripts use - Youtube video*

## Requirements

This package require:

 - python3

 - python3 Standard Library

Optional on Windows:

 - pywin32 (to centralize logs in Event Viewer)

## Installation

```bash

python3 -m venv WebScripts        # Make a virtual environment for WebScripts

source WebScripts/bin/activate    # Activate your virtual environment

sudo WebScripts/bin/python3 -m pip install --use-pep517 WebScripts --install-option "--admin-password=" --install-option "--owner=" --install-option "--directory="     # Install WebScripts using setup.py with pip

sudo WebScripts/bin/python3 -m WebScripts.harden -p '' -o '' -d 'WebScripts/'  # Harden default configurations

cd WebScripts                     # Use your virtual environment to start WebScripts

WebScripts                        # Start WebScripts server for demonstration (for production see deployment documentation)

```

## Basic Usages

### Command line

```bash

WebScripts

python3 -m WebScripts

WebScripts --help

WebScripts -h # Print help message and command line options

WebScripts --interface "192.168.1.2" --port 80

WebScripts -i "192.168.1.2" -p 80 # Change interface and port

# /!\ do not use the --debug option on the production environment

WebScripts --debug

WebScripts -d # Print informations about server configuration in errors pages (404 and 500)

# /!\ do not use the --security option on the production environment

WebScripts --security

WebScripts -s # Do not use HTTP security headers (for debugging)

WebScripts --accept-unauthenticated-user --accept-unknow-user

# Accept unauthenticated user

```

### Python script

```python

import WebScripts

WebScripts.main()

```

```python

from WebScripts import Configuration, Server, main

from wsgiref import simple_server

config = Configuration()

config.add_conf(

    interface="", 

    port=8000, 

    scripts_path = [

        "./scripts/account",

        "./scripts/passwords"

    ],

    json_scripts_config = [

        "./config/scripts/*.json"

    ],

    ini_scripts_config = [

        "./config/scripts/*.ini"

    ],

    documentations_path = [

        "./doc/*.html"

    ],

    js_path = [

        "./static/js/*.js"

    ],

    statics_path = [

        "./static/html/*.html",

        "./static/css/*.css",

        "./static/images/*.jpg",

        "./static/pdf/*.pdf"

    ],

)

config.set_defaults()

config.check_required()

config.get_unexpecteds()

config.build_types()

server = Server(config)

httpd = simple_server.make_server(server.interface, server.port, server.app)

httpd.serve_forever()

```

## Compatibility

### Python3.8

```bash

git clone https://github.com/mauricelambert/WebScripts.git

cd WebScripts

python3.8 WebScripts/scripts/to_3.8/to_3.8.py

python3.8 setup38.py install

python3.8 -m WebScripts38

```

```python

# Launch this commands line:

#   - git clone https://github.com/mauricelambert/WebScripts.git

#   - cd WebScripts

#   - python3.8 WebScripts/scripts/to_3.8/to_3.8.py

#   - python3.8 setup38.py install

# And use the package:

import WebScripts38

WebScripts38.main()

```

## Documentation

 - Home: [wiki](https://github.com/mauricelambert/WebScripts/wiki/), [readthedocs](https://webscripts.readthedocs.io/en/latest/)

 - Installation: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Installation), [readthedocs](https://webscripts.readthedocs.io/en/latest/Installation/)

 - Configurations:

    - Usages: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Usages), [readthedocs](https://webscripts.readthedocs.io/en/latest/Usages/)

    - Server Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Server-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Server_Configuration/)

    - Scripts Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Script-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Script_Configuration/)

    - Arguments Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Argument-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Argument_Configuration/)

 - Logs: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Logs), [readthedocs](https://webscripts.readthedocs.io/en/latest/Logs/)

 - Authentication: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Authentication), [readthedocs](https://webscripts.readthedocs.io/en/latest/Authentication/)

 - Default Database: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Default-Database), [readthedocs](https://webscripts.readthedocs.io/en/latest/Default_Database/)

 - Access and Permissions: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Access-and-Permissions), [readthedocs](https://webscripts.readthedocs.io/en/latest/Users_Access_and_Rights/)

 - API: [wiki](https://github.com/mauricelambert/WebScripts/wiki/API), [readthedocs](https://webscripts.readthedocs.io/en/latest/API/)

 - Development and Administration Tools: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools), [readthedocs](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/)

 - Customize:

    - WEB Interface: [wiki](https://github.com/mauricelambert/WebScripts/wiki/WEB-Interface), [readthedocs](https://webscripts.readthedocs.io/en/latest/WEB_Interface/)

    - Modules: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules), [readthedocs](https://webscripts.readthedocs.io/en/latest/Modules/)

 - Security:

    - Security Considerations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Security-Considerations), [readthedocs](https://webscripts.readthedocs.io/en/latest/Security_Considerations/)

    - Code analysis for security (SAST and DAST): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security), [readthedocs](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/)

    - Security checks and tests (pentest): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Pentest), [readthedocs](https://webscripts.readthedocs.io/en/latest/Pentest/)

 - Examples:

    - Deployment: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Deployment), [readthedocs](https://webscripts.readthedocs.io/en/latest/Deployment/)

    - Add a bash script (for authentication): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Script), [readthedocs](https://webscripts.readthedocs.io/en/latest/Add_Script/)

    - Add a module: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Module), [readthedocs](https://webscripts.readthedocs.io/en/latest/Add_Module/)

    - Make a custom API client: [wiki](https://github.com/mauricelambert/WebScripts/wiki/API-Client), [readthedocs](https://webscripts.readthedocs.io/en/latest/API_Client/)

## Links

 - [Pypi](https://pypi.org/project/WebScripts)

 - [Github](https://github.com/mauricelambert/WebScripts)

 - [ReadTheDocs](https://webscripts.readthedocs.io/en/latest/)

 - RSS Feed [pypi](https://pypi.org/rss/project/webscripts/releases.xml), [libraries](https://libraries.io/pypi/WebScripts/versions.atom)

 - [WebScripts Server presentation](https://www.slideshare.net/MauriceLambert1/webscripts-server-251581216)

## Screenshots

![Index page (dark)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_dark_mode_index.PNG "Index page (dark)")

*Index page (dark)*

![Text script (dark)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_dark_mode_script_text.PNG "Text script (dark)")

*Text script (dark)*

![HTML script (light)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_light_mode_script_html.PNG "HTML script (light)")

*HTML script (light)*

## License

Licensed under the [GPL, version 3](https://www.gnu.org/licenses/).