Old poc examples were full of injections due to migration strategy. Will be rewritten in doc.

2019-11-12 13:16:30 +01:00
parent 049081c8b0
commit 19bc0df968
15 changed files with 0 additions and 367 deletions
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST '/eval' -c '$($(kapow get /request/body) | kapow set /response/stream)'
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-
-curl -X POST --data-binary @- http://localhost:8080/eval <<EOF
-touch /tmp/kapow_was_here
-EOF
-
-echo 'Proof of success:'
-ls -l /tmp/kapow_was_here
@@ -1,35 +0,0 @@
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta charset="UTF-8">
-        <title>Nmap</title>
-    </head>
-    <body>
-        <form id="nmap-params" method="post" action="nmap.xml">
-            <fieldset>
-                <legend>Nmap parameters</legend>
-                <div>
-                    <label for="target_spec">Target Specification:</label>
-                    <input name="target_spec" type="text" placeholder="ip, domain, network, range" value="127.0.0.1" required autofocus>
-                    <p>
-                        Can pass hostnames, IP addresses, networks, etc. e.g.:
-                        scanme.nmap.org, microsoft.com/24, 192.168.0.1;
-                        10.0.0-255.1-254
-                    </p>
-                </div>
-                <div>
-                    <label for="port_ranges">Port Ranges:</label>
-                    <input name="port_ranges" type="text" placeholder="port, range, list" value="8080" required>
-                    <p>
-                        Only scan specified ports. e.g.: 22; 1-65535;
-                        U:53,111,137,T:21-25,80,139,8080,S:9
-                    </p>
-                </div>
-                <div>
-                    <input name="scan" type="submit" value="Scan">
-                    <input name="reset" type="reset" value="Reset">
-                </div>
-            </fieldset>
-        </form>
-    </body>
-</html>
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Nmap produces an XML report, suitable for rendering in a web browser
-#
-
-# Call examples:
-#
-# $ browser http://localhost:8080
-#
-# $ curl -v http://localhost:8080/nmap.xml -d 'target_spec=127.0.0.1&port_ranges=9000'
-#
-
-kapow route add -X GET / - <<-'EOF'
-	cat nmap-web.html | kapow set /response/body
-EOF
-
-kapow route add -X GET /nmap.xsl - <<-'EOF'
-	curl --silent https://svn.nmap.org/nmap/docs/nmap.xsl	\
-	| kapow set /response/body
-EOF
-
-kapow route add -X POST /nmap.xml - <<-'EOF'
-
-	TARGET_SPEC=$(kapow get /request/form/target_spec)
-	: ${TARGET_SPEC:=127.0.0.1}
-
-	PORT_RANGES=$(kapow get /request/form/port_ranges)
-	: ${PORT_RANGES:=8080}
-
-	nmap					\
-		-Pn				\
-		-n				\
-		-p "$PORT_RANGES"		\
-		-oX -				\
-		--stylesheet /nmap.xsl		\
-		"$TARGET_SPEC"			\
-	| kapow set /response/body
-EOF
@@ -1,7 +0,0 @@
-FROM bbvalabsci/kapow:latest
-
-RUN apk add nmap
-
-COPY nmap.pow /tmp/
-
-CMD ["server", "/tmp/nmap.pow"]
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X GET '/list/{ip}' -c 'nmap -sL "$(kapow get /request/matches/ip)" | kapow set /response/body'
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add /list/files -c 'ls -la $(kapow get /request/params/path) | kapow set /response/body'
-
-kapow route add /list/processes -c 'ps -aux | kapow set /response/body'
-
-kapow route add /show/cpuinfo -c 'kapow set /response/body < /proc/cpuinfo'
-
-kapow route add /show/memory -c 'free -m | kapow set /response/body'
-
-kapow route add /show/disk -c 'df -h | kapow set /response/body'
-
-kapow route add /show/connections -c 'ss -pluton | kapow set /response/body'
-
-kapow route add /show/mounts -c 'mount | kapow set /response/body'
-
-kapow route add /tail/dmesg - <<-'EOF'
-	kapow set /response/headers/Content-Type text/plain
-	dmesg -w | kapow set /response/stream
-EOF
-
-kapow route add /tail/journal - <<-'EOF'
-	kapow set /response/headers/Content-Type text/plain
-	journalctl -f | kapow set /response/stream
-EOF
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST --entrypoint '/bin/zsh -c' '/convert/{from}/{to}' - <<-'EOF'
-	pandoc --from="$(kapow get /request/matches/from)" \
-	       --to="$(kapow get /request/matches/to)" \
-	       --output=>(kapow set /response/body) \
-	       =(kapow get /request/body)
-EOF
-kapow route add -X GET '/formats/input' -c 'pandoc --list-input-formats | kapow set /response/body'
-kapow route add -X GET '/formats/output' -c 'pandoc --list-output-formats | grep -v pdf | kapow set /response/body'
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-
-curl -X POST --data-binary @- http://localhost:8080/convert/markdown/man <<EOF
-# This is not a pipe
-
-1. hello
-1. goodbye
-EOF
@@ -1,41 +0,0 @@
-<html>
-  <head>
-  <title>PDF Editor</title>
-  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/siimple/dist/siimple.min.css">
-  <head>
-  <body>
-    <div class="siimple-content siimple-content--extra-large">
-      <div class="siimple-grid">
-	<div class="siimple-grid-row">
-	  <div class="siimple-grid-col siimple-grid-col--12">
-	    <div class="siimple-grid-col siimple-grid-col--6">
-	      <div class="siimple-form">
-		<form action="/editor/pdf" method="post" target="result" id="editor">
-		  <div class="siimple-form-title">AWYSIWYG PDF Editor</div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-form-field-label">InputFormat</div>
-		    <select name="from">
-		      <option value="markdown">Markdown</option>
-		      <option value="rst">ReStructuredText</option>
-		    </select>
-		  </div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-form-field-label">InputFormat</div>
-		    <textarea class="siimple-textarea siimple-textarea--fluid" rows="25" name="content">Example text</textarea>
-		  </div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-btn siimple-btn--blue" onclick="document.getElementById('editor').submit();">Preview!</div>
-		  </div>
-		</form>
-	      </div>
-	    </div>
-	    <div class="siimple-grid-col siimple-grid-col--6">
-	      <iframe name="result" src="" style="height: 100%; width: 100%;"></iframe>
-	    </div>
-	  </div>
-	</div>
-      </div>
-    </div>
-  </body>
-</html>
-
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST --entrypoint ./topdf '/editor/pdf'
-kapow route add / -c 'kapow set /response/headers/Content-Type text/html && kapow set /response/body < pdfeditor.html'
@@ -1,28 +0,0 @@
-#!/usr/bin/zsh
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-tmpfile=$(mktemp --suffix=.pdf)
-pandoc --from="$(kapow get /request/form/from)" --to=pdf --output=${tmpfile} -t latex =(kapow get /request/form/content)
-if [ $? -eq 0 ]; then
-	kapow set /response/headers/Content-Type application/pdf
-	kapow set /response/body < ${tmpfile}
-	kapow set /response/status 200
-else
-	kapow set /response/status 500
-fi
-rm -f ${tmpfile}
@@ -1,16 +0,0 @@
-Remote tcpdump sniffer with source filtering
-============================================
-
-1. Add any filter you want to the `tcpdump` command inside `tcpdump.pow` to filter
-   any traffic you don't want to be sniffed!
-2. For the sake of simplicity, run `sudo -E kapow server tcpdump.pow`. In a
-   production environment, `tcpdump` should be run with the appropiate permissions,
-   but kapow can (and should) run as an unprivileged user.
-3. In your local machine run:
-   ```bash
-   curl http://localhost:8080/sniff/<network-interface> | sudo -E wireshark -k -i -
-   ```
-   Again, for the sake of simplicity, `Wireshark` is running as root. If you don't want
-   to run it this way, follow this guide:
-   https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
-4. Profit!
@@ -1 +0,0 @@
-kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" | kapow set /response/stream'
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add / - <<-'EOF'
-	kapow set /response/headers/Content-Type text/html
-	kapow set /response/body <<-HTML
-		<html>
-		<body>
-		<a href='javascript: Array.from(document.querySelectorAll("a")).filter(x => x.href.indexOf("magnet") != -1 ).map(x => x.href = "http://localhost:8080/save/magnet?link="+encodeURI(x.href))'>Add me to your bookmarks!</a>
-		</body>
-		</html>
-	HTML
-EOF
-
-kapow route add /save/magnet -e '/bin/bash -c' - <<-'EOF'
-	link=$(kapow get /request/params/link)
-	[ -z $link ] && kapow set /response/status 400 && exit 0
-
-	watch_folder=/tmp
-	cd $watch_folder
-	[[ "$link" =~ xt=urn:btih:([^&/]+) ]] || exit;
-	echo "d10:magnet-uri${#link}:${link}e" > "meta-${BASH_REMATCH[1]}.torrent"
-
-	kapow set /response/status 302
-	kapow set /response/headers/Location /torrent/list
-EOF
-
-kapow route add /torrent/list -c 'kapow set /response/body "Not Implemented Yet"'
				`@@ -1 +0,0 @@`
				`kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" \| kapow set /response/stream'`