owtf.api.handlers package

Submodules

owtf.api.handlers.auth module

owtf.api.handlers.auth

class owtf.api.handlers.auth.AccountActivationGenerateHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Creates an email confirmation mail and sends it to the user for account confirmation.

SUPPORTED_METHODS = ['POST']
post()[source]

Post an email verification link to the specified email.

Example request:

POST /api/v1/generate/confirm_email/ HTTP/1.1

{
    "email": "test@test.com",
}

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "Email send successful"
}
class owtf.api.handlers.auth.AccountActivationValidateHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Validates an email confirmation mail which was sent to the user.

SUPPORTED_METHODS = ['GET']
get(key_value)[source]

Get the email link to verify and activate user account.

Example request:

GET /api/v1/verify/confirm_email/<link> HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "Email Verified"
}
class owtf.api.handlers.auth.LogInHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

LogIn using the correct credentials (email, password). After successfull login a JWT Token is generated.

SUPPORTED_METHODS = ['POST']
post()[source]

Post login data and return jwt token based on user credentials.

Example request:

POST /api/v1/login/ HTTP/1.1
Content-Type: application/json; charset=UTF-8

{
    "emailOrUsername": "test@test.com",
    "password": "Test@34335",
}

Example successful login response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": {
        "jwt-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjozNSwiZXhwIjoxNjIzMjUyMjQwfQ.FjTpJySn3wprlaS26dC9LGBOMrtHJeJsTDJnyCKNmBk"
    }
}

Example failed login response;

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "fail",
    "message": "Invalid login credentials"
}
class owtf.api.handlers.auth.LogOutHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Logs out the current user and clears the cookie.

get()[source]

Get user log out of the system.

Example request:

GET /api/v1/logout/ HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "Logged out"
}
class owtf.api.handlers.auth.OtpGenerateHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Creates an otp and sends it to the user for password change

SUPPORTED_METHODS = ['POST']
post()[source]

Example request:

POST /api/v1/generate/otp/ HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "Otp Send Successful"
}
class owtf.api.handlers.auth.OtpVerifyHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Validates an otp which was sent to the user

SUPPORTED_METHODS = ['POST']
post()[source]

Example request:

POST /api/v1/verify/otp/ HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "OTP Verified"
}
class owtf.api.handlers.auth.PasswordChangeHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Handles setting a new password for the verified user

SUPPORTED_METHODS = ['POST']
post()[source]

Example request:

POST /api/v1/new-password/ HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "Password Change Successful"
}
class owtf.api.handlers.auth.RegisterHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Registers a new user when he provides email, name, password and confirm password.

SUPPORTED_METHODS = ['POST']
post()[source]

Post data for creating a new user as per the data given by user.

Example request:

POST /api/v1/register/ HTTP/1.1
Content-Type: application/json; charset=UTF-8

{
    "email": "test@test.com",
    "password": "Test@34335",
    "confirm_password": "Test@34335",
    "name": "test"
}

Example Successful registration response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "success",
    "message": "User created successfully"
}

Example Failed registration response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=UTF-8

{
    "status": "fail",
    "message": "Email already exists"
}
owtf.api.handlers.auth.send_email_using_smtp(email_to, html, subject, logging_info)[source]

Used for sending the email to the specified email with the given html and subject

owtf.api.handlers.base module

owtf.api.handlers.base

class owtf.api.handlers.base.APIRequestHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: BaseRequestHandler

error(message, data=None, code=None)[source]

An error occurred in processing the request, i.e. an exception was thrown.

Parameters:

  • data (A JSON-serializable object) – A generic container for any other information about the error, i.e. the conditions that caused the error, stack traces, etc.

  • message (A JSON-serializable object) – A meaningful, end-user-readable (or at the least log-worthy) message, explaining what went wrong

  • code (int) – A numeric code corresponding to the error, if applicable

fail(data)[source]

There was a problem with the data submitted, or some pre-condition of the API call wasn’t satisfied.

Parameters:

data (A JSON-serializable object) – Provides the wrapper for the details of why the request failed. If the reasons for failure correspond to POST values, the response object’s keys SHOULD correspond to those POST values.

get_auth_token()[source]

Get the authorization token from Authorization header

initialize()[source]

  • Set Content-type for JSON

on_finish()[source]

Called after the end of a request.

Override this method to perform cleanup, logging, etc. This method is a counterpart to prepare. on_finish may not produce any output, as it is called after the response has been sent to the client.

success(data)[source]

When an API call is successful, the JSend object is used as a simple envelope for the results, using the data key.

Parameters:

data (A JSON-serializable object) – Acts as the wrapper for any data returned by the API call. If the call returns no data, data should be set to null.

write(chunk)[source]

Writes the given chunk to the output buffer.

To write the output to the network, use the flush() method below.

If the given chunk is a dictionary, we write it as JSON and set the Content-Type of the response to be application/json. (if you want to send JSON as a different Content-Type, call set_header after calling write()).

Note that lists are not converted to JSON because of a potential cross-site security vulnerability. All JSON output should be wrapped in a dictionary. More details at http://haacked.com/archive/2009/06/25/json-hijacking.aspx/ and https://github.com/facebook/tornado/issues/1009

write_error(status_code, **kwargs)[source]

Override of RequestHandler.write_error Calls error() or fail() from JSendMixin depending on which exception was raised with provided reason and status code. :type status_code: int :param status_code: HTTP status code

class owtf.api.handlers.base.FileRedirectHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: BaseRequestHandler

SUPPORTED_METHODS = ['GET']
get(file_url)[source]
class owtf.api.handlers.base.UIRequestHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: BaseRequestHandler

Get the session id from a cookie Returns None if no session id is stored

reverse_url(name, *args)[source]

Alias for Application.reverse_url.

Set a new session id cookie new session id is returned Session id cookie is not encrypted, so other services on this domain can read it.

property template_context

owtf.api.handlers.config module

owtf.api.handlers.config

class owtf.api.handlers.config.ConfigurationHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Update framework settings and tool paths.

SUPPORTED_METHODS = ['GET', 'PATCH', 'OPTIONS']
get()[source]

Return all configuration items.

Example request:

GET /api/v1/configuration HTTP/1.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json


{
    "status": "success",
    "data": [
        {
            "dirty": false,
            "key": "ATTACHMENT_NAME",
            "descrip": "Filename for the attachment to be sent",
            "section": "AUX_PLUGIN_DATA",
            "value": "report"
        },
        {
            "dirty": false,
            "key": "BRUTEFORCER",
            "descrip": "",
            "section": "DICTIONARIES",
            "value": "hydra"
        },
    ]
}
patch()[source]

Update configuration item

Example request:

PATCH /api/v1/configuration/ HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest

Example response:

HTTP/1.1 200 OK
Content-Type: application/json


{
    "status": "success",
    "data": null
}

owtf.api.handlers.health module

owtf.api.handlers.health

class owtf.api.handlers.health.HealthCheckHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

API server health check

SUPPORTED_METHODS = ['GET']
get()[source]

A debug endpoint to check whether the application is alive.

Example request:

GET /debug/health HTTP/1.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "status": "success",
    "data": {
        "status": "ok"
    }
}

owtf.api.handlers.index module

owtf.api.handlers.index

class owtf.api.handlers.index.IndexHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: UIRequestHandler

Serves the main webapp

SUPPORTED_METHODS = ['GET']
get(path)[source]

Render the homepage with all JavaScript and context.

Example request:

GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Example response:

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Server: TornadoServer/5.0.1
Content-Type: text/html; charset=UTF-8

owtf.api.handlers.jwtauth module

JSON Web Token auth for Tornado

owtf.api.handlers.jwtauth.jwtauth(handler_class)[source]

Decorator to handle Tornado JWT Authentication

owtf.api.handlers.misc module

owtf.api.handlers.plugin module

owtf.api.handlers.report module

owtf.api.handlers.session module

owtf.api.handlers.session

class owtf.api.handlers.session.OWTFSessionHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]

Bases: APIRequestHandler

Handles OWTF sessions.

SUPPORTED_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']
delete(session_id=None, action=None)[source]

Delete a session.

Example request:

DELETE /api/v1/sessions/2 HTTP/1.1
X-Requested-With: XMLHttpRequest

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "status": "success",
    "data": null
}
get(session_id=None, action=None)[source]

Get all registered sessions.

Example request:

GET /api/v1/sessions/ HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "status": "success",
    "data": [
        {
            "active": true,
            "name": "default session",
            "id": 1
        }
    ]
}
patch(session_id=None, action=None)[source]

Change session.

Example request:

PATCH /api/v1/sessions/1/activate HTTP/1.1
X-Requested-With: XMLHttpRequest

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "status": "success",
    "data": null
}
post(session_id=None, action=None)[source]

Create a new session.

Example request:

POST /api/v1/sessions/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest


name=google-vrp

Example response:

HTTP/1.1 201 Created
Content-Type: application/json

{
    "status": "success",
    "data": null
}

owtf.api.handlers.targets module

owtf.api.handlers.transactions module

owtf.api.handlers.work module

Module contents