Metadata-Version: 2.1
Name: WebScripts
Version: 3.0.39
Summary: This tool runs CLI scripts and displays output in a Web Interface.
Home-page: https://github.com/mauricelambert/WebScripts
Author: Maurice Lambert
Author-email: mauricelambert434@gmail.com
Maintainer: Maurice Lambert
Maintainer-email: mauricelambert434@gmail.com
License: GPL-3.0 License
Project-URL: Documentation, https://webscripts.readthedocs.io/en/latest/
Project-URL: Wiki, https://github.com/mauricelambert/WebScripts/wiki
Project-URL: Presentation, https://www.slideshare.net/MauriceLambert1/webscripts-server-251581216
Keywords: Server,Web,Scripts,SOC,Administration,DevOps,WebScripts
Platform: Windows
Platform: Linux
Platform: MacOS
Classifier: Programming Language :: Python
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Server
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Communications :: File Sharing
Classifier: Topic :: Utilities
Classifier: Topic :: Security
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX :: Linux
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE.txt

![WebScripts Logo](https://mauricelambert.github.io/info/python/code/WebScripts/small_logo.png "WebScripts logo")

# WebScripts

![PyPI](https://img.shields.io/pypi/v/WebScripts?color=orange)
[![Downloads](https://static.pepy.tech/personalized-badge/webscripts?period=total&units=none&left_color=grey&right_color=orange&left_text=Downloads)](https://pepy.tech/project/webscripts)
![GitHub branch checks state](https://img.shields.io/github/checks-status/mauricelambert/WebScripts/main?color=orange)
![PyPI - Status](https://img.shields.io/pypi/status/WebScripts?color=orange)
![PyPI - Python Version](https://img.shields.io/pypi/pyversions/WebScripts?color=orange)
![GitHub commit activity](https://img.shields.io/github/commit-activity/y/mauricelambert/WebScripts?color=orange)
![GitHub top language](https://img.shields.io/github/languages/top/mauricelambert/WebScripts?color=orange)
![GitHub issues](https://img.shields.io/github/issues/mauricelambert/WebScripts?color=orange)
![GitHub closed issues](https://img.shields.io/github/issues-closed/mauricelambert/WebScripts?color=orange)
![GitHub](https://img.shields.io/github/license/mauricelambert/WebScripts?color=orange)
![GitHub repo size](https://img.shields.io/github/repo-size/mauricelambert/WebScripts?color=orange)
![Libraries.io SourceRank](https://img.shields.io/librariesio/sourcerank/pypi/webscripts?color=orange)
[![Compatibility](https://img.shields.io/badge/compatibility-python3.8-orange)](https://webscripts.readthedocs.io/en/latest/Installation/#python38)
[![Containers](https://img.shields.io/badge/containers-docker-orange)](https://github.com/mauricelambert/WebScriptsContainers)
[![Code style: black](https://img.shields.io/badge/code%20style-black-orange.svg)](https://github.com/psf/black)

## Description

This tool run scripts and display the result in a Web Interface ([a little presentation is available here](https://www.slideshare.net/MauriceLambert1/webscripts-server-251581216) and on my [github.io](https://mauricelambert.github.io/info/python/code/WebScripts/WebScripts.pdf)).

## Goals

Create a safe, secure and easy way to share CLI (console) scripts and scripting environnments with your team or people without IT knowledge.

 - Secure
    - [SAST - Static Application Security Testing](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/#sast-alerts) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security)) using [bandit](https://mauricelambert.github.io/info/python/code/WebScripts/bandit.txt), semgrep, CodeQL and Pycharm Security.
    - [DAST - Dynamic Application Security Testing](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/#dast-alerts) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security)) using [ZAP](https://mauricelambert.github.io/info/python/code/WebScripts/ZAP.html) [(Baseline && full scan)](https://github.com/mauricelambert/WebScripts/issues/4), nuclei and some Kali Linux tools.
    - [Web pentest](https://webscripts.readthedocs.io/en/latest/Pentest/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Pentest)) using Kali Linux Web tools and my little experience in Web Hacking. Tools are [skipfish](https://mauricelambert.github.io/info/python/code/WebScripts/skipfish/index.html), [nikto](https://mauricelambert.github.io/info/python/code/WebScripts/nikto.html), [dirb](https://mauricelambert.github.io/info/python/code/WebScripts/dirb.txt) and [whatweb](https://mauricelambert.github.io/info/python/code/WebScripts/whatweb.json).
    - [Hardening](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#hardening-audit)([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#hardening-audit)), the WebScripts installation is pre-hardened, an audit is performed at the launch of the WebScripts server and reports are generated. Defaults/examples HTML reports: 
    - [File integrity checks](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#file-integrity)([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#file-integrity)), the WebScripts server implements a daemon thread to check file integrity hourly.
    - Logs with centralization (using Syslog on Linux and Event Viewer on Windows), some levels and differents files for easiest supervision, controls and investigations
    - Easy to update and patch security issues on Linux (critical functions are implemented in Standard Library and are updated with your system) (WebScripts does not require any python external package)
    - Easy to deploy securely (with docker or on your Linux system with Apache and UWSGI or NGINX as reverse proxy)
    - Easy to configure securely [(read the documentation)](https://webscripts.readthedocs.io/en/latest/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/)), hardening checks and reports for unsecure configurations
    - [Unittest - 99% Code Coverage (2104/2108 lines)](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/#unittest) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools#unittest)), tests with python3.8 - python3.12
    - Javascript parser and formatter for `text`, `json` and `csv` content type (XSS protection)
    - XSS active protection for `html` content type based on user inputs analysis and script outputs
 - Customizable
    - [Authentication](https://webscripts.readthedocs.io/en/latest/Authentication/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Authentication)) - [example](https://webscripts.readthedocs.io/en/latest/Add_Script/#build-the-script) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Script#build-the-script))
    - Web Interface: HTML, CSS and JS [files](https://webscripts.readthedocs.io/en/latest/WEB_Interface/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/WEB-Interface))
    - URL, request, response and error pages using [python modules](https://webscripts.readthedocs.io/en/latest/Modules/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules)) - [example](https://webscripts.readthedocs.io/en/latest/Add_Module/#build-the-module) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Module))
 - Highly configurable and scalable with a [python module system](https://webscripts.readthedocs.io/en/latest/Modules/) ([wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules)) and configurations
 - Pre-installed and configured scripts and modules (user and authentication, secure file sharing with permissions, error pages with requests to administrator system, temporary and secure password share, logs viewer and analyser)

## Demo

[![Demo WebScripts - Youtube](https://img.youtube.com/vi/2_hRBTRzl5w/0.jpg)](http://www.youtube.com/watch?v=2_hRBTRzl5w)

*Demonstration of WebScripts use - Youtube video*

## Requirements
This package require:

 - python3
 - python3 Standard Library

Optional on Windows:

 - pywin32 (to centralize logs in Event Viewer)

## Installation

```bash
python3 -m venv WebScripts        # Make a virtual environment for WebScripts
source WebScripts/bin/activate    # Activate your virtual environment
sudo WebScripts/bin/python3 -m pip install --use-pep517 WebScripts --install-option "--admin-password=<your password>" --install-option "--owner=<owner>" --install-option "--directory=<directory>"     # Install WebScripts using setup.py with pip
sudo WebScripts/bin/python3 -m WebScripts.harden -p '<my admin password>' -o '<my webscripts user>' -d 'WebScripts/'  # Harden default configurations
cd WebScripts                     # Use your virtual environment to start WebScripts
WebScripts                        # Start WebScripts server for demonstration (for production see deployment documentation)
```

## Basic Usages

### Command line

```bash
WebScripts
python3 -m WebScripts

WebScripts --help
WebScripts -h # Print help message and command line options

WebScripts --interface "192.168.1.2" --port 80
WebScripts -i "192.168.1.2" -p 80 # Change interface and port

# /!\ do not use the --debug option on the production environment
WebScripts --debug
WebScripts -d # Print informations about server configuration in errors pages (404 and 500)

# /!\ do not use the --security option on the production environment
WebScripts --security
WebScripts -s # Do not use HTTP security headers (for debugging)

WebScripts --accept-unauthenticated-user --accept-unknow-user
# Accept unauthenticated user
```

### Python script

```python
import WebScripts
WebScripts.main()
```

```python
from WebScripts import Configuration, Server, main
from wsgiref import simple_server

config = Configuration()
config.add_conf(
    interface="", 
    port=8000, 
    scripts_path = [
        "./scripts/account",
        "./scripts/passwords"
    ],
    json_scripts_config = [
        "./config/scripts/*.json"
    ],
    ini_scripts_config = [
        "./config/scripts/*.ini"
    ],
    documentations_path = [
        "./doc/*.html"
    ],
    js_path = [
        "./static/js/*.js"
    ],
    statics_path = [
        "./static/html/*.html",
        "./static/css/*.css",
        "./static/images/*.jpg",
        "./static/pdf/*.pdf"
    ],
)
config.set_defaults()
config.check_required()
config.get_unexpecteds()
config.build_types()

server = Server(config)
httpd = simple_server.make_server(server.interface, server.port, server.app)
httpd.serve_forever()
```

## Compatibility

### Python3.8

```bash
git clone https://github.com/mauricelambert/WebScripts.git
cd WebScripts
python3.8 WebScripts/scripts/to_3.8/to_3.8.py
python3.8 setup38.py install
python3.8 -m WebScripts38
```

```python
# Launch this commands line:
#   - git clone https://github.com/mauricelambert/WebScripts.git
#   - cd WebScripts
#   - python3.8 WebScripts/scripts/to_3.8/to_3.8.py
#   - python3.8 setup38.py install
# And use the package:

import WebScripts38
WebScripts38.main()
```

## Documentation

 - Home: [wiki](https://github.com/mauricelambert/WebScripts/wiki/), [readthedocs](https://webscripts.readthedocs.io/en/latest/)
 - Installation: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Installation), [readthedocs](https://webscripts.readthedocs.io/en/latest/Installation/)
 - Configurations:
    - Usages: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Usages), [readthedocs](https://webscripts.readthedocs.io/en/latest/Usages/)
    - Server Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Server-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Server_Configuration/)
    - Scripts Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Script-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Script_Configuration/)
    - Arguments Configurations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Argument-Configuration), [readthedocs](https://webscripts.readthedocs.io/en/latest/Argument_Configuration/)
 - Logs: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Logs), [readthedocs](https://webscripts.readthedocs.io/en/latest/Logs/)
 - Authentication: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Authentication), [readthedocs](https://webscripts.readthedocs.io/en/latest/Authentication/)
 - Default Database: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Default-Database), [readthedocs](https://webscripts.readthedocs.io/en/latest/Default_Database/)
 - Access and Permissions: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Access-and-Permissions), [readthedocs](https://webscripts.readthedocs.io/en/latest/Users_Access_and_Rights/)
 - API: [wiki](https://github.com/mauricelambert/WebScripts/wiki/API), [readthedocs](https://webscripts.readthedocs.io/en/latest/API/)
 - Development and Administration Tools: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Development-and-Administration-Tools), [readthedocs](https://webscripts.readthedocs.io/en/latest/Development_and_Administration_Tools/)
 - Customize:
    - WEB Interface: [wiki](https://github.com/mauricelambert/WebScripts/wiki/WEB-Interface), [readthedocs](https://webscripts.readthedocs.io/en/latest/WEB_Interface/)
    - Modules: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Modules), [readthedocs](https://webscripts.readthedocs.io/en/latest/Modules/)
 - Security:
    - Security Considerations: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Security-Considerations), [readthedocs](https://webscripts.readthedocs.io/en/latest/Security_Considerations/)
    - Code analysis for security (SAST and DAST): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Code-Analysis-for-Security), [readthedocs](https://webscripts.readthedocs.io/en/latest/Code_Analysis_for_Security/)
    - Security checks and tests (pentest): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Pentest), [readthedocs](https://webscripts.readthedocs.io/en/latest/Pentest/)
 - Examples:
    - Deployment: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Deployment), [readthedocs](https://webscripts.readthedocs.io/en/latest/Deployment/)
    - Add a bash script (for authentication): [wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Script), [readthedocs](https://webscripts.readthedocs.io/en/latest/Add_Script/)
    - Add a module: [wiki](https://github.com/mauricelambert/WebScripts/wiki/Add-Module), [readthedocs](https://webscripts.readthedocs.io/en/latest/Add_Module/)
    - Make a custom API client: [wiki](https://github.com/mauricelambert/WebScripts/wiki/API-Client), [readthedocs](https://webscripts.readthedocs.io/en/latest/API_Client/)

## Links

 - [Pypi](https://pypi.org/project/WebScripts)
 - [Github](https://github.com/mauricelambert/WebScripts)
 - [ReadTheDocs](https://webscripts.readthedocs.io/en/latest/)
 - RSS Feed [pypi](https://pypi.org/rss/project/webscripts/releases.xml), [libraries](https://libraries.io/pypi/WebScripts/versions.atom)
 - [WebScripts Server presentation](https://www.slideshare.net/MauriceLambert1/webscripts-server-251581216)

## Screenshots

![Index page (dark)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_dark_mode_index.PNG "Index page (dark)")
*Index page (dark)*
![Text script (dark)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_dark_mode_script_text.PNG "Text script (dark)")
*Text script (dark)*
![HTML script (light)](https://mauricelambert.github.io/info/python/code/WebScripts/images/WebScripts3_light_mode_script_html.PNG "HTML script (light)")
*HTML script (light)*

## License

Licensed under the [GPL, version 3](https://www.gnu.org/licenses/).

