Merge branch 'dev'

# Conflicts:
#	CHANGELOG/2.0.2/fix_bug_invalid_executor_name.md
#	CHANGELOG/2.0.2/update_readme.md

.gitlab-ci.yml

@@ -40,7 +40,7 @@ flake8:
     stage: .pre
     script:
       - pip install .[dev]
-      - flake8 .
+      - flake8 --max-line-length=120 .
 
 
 black:

.pre-commit-config.yaml

@@ -20,3 +20,6 @@ repos:
     hooks:
     -   id: flake8
         additional_dependencies: [flake8-typing-imports==1.9.0]
+        args: # arguments to configure flake8
+            # making isort line length compatible with black
+            - "--max-line-length=120"

CHANGELOG/2.0.2/add_create_workspace_parameter.md

@@ -0,0 +1 @@
+add --create-workspace parameter for tool command

CHANGELOG/2.0.2/ask_for_executive_report_template.md

@@ -0,0 +1 @@
+Ask for executive report template if not provided

CHANGELOG/2.0.2/ask_for_executor_parameters.md

@@ -0,0 +1 @@
+Add for executor parameters if not provided

CHANGELOG/2.0.2/date.md

@@ -0,0 +1 @@
+Aug 9th, 2021

CHANGELOG/2.0.2/fix_bug_invalid_executor_name.md

@@ -0,0 +1 @@
+[FIX] Bug using an invalid executor name

CHANGELOG/2.0.2/update_readme.md

@@ -0,0 +1 @@
+Update readme to fix some examples

RELEASE.md

@@ -1,3 +1,11 @@
+2.0.2 [Aug 9th, 2021]:
+---
+ * add --create-workspace parameter for tool command
+ * Ask for executive report template if not provided
+ * Add for executor parameters if not provided
+ * [FIX] Bug using an invalid executor name
+ * Update readme to fix some examples
+
 2.0.1 [Jun 29th, 2021]:
 ---
  * [FIX] Show help if no subcommand is provided

docs/docs/commands.md

@@ -411,6 +411,7 @@ Different stats about the vulnerabilities in Faraday.
 | Syntax      | Description |
 |:-----	|------:	|
 | `-w WORKSPACE_NAME`     | Workspace name    |
+| `--create-workspace`     | if -w is used and the workspace dont exists, it will create it    |
 | `--ignore-info`   | Ignore informational/unclassified vulnerabilities       |
 | `--severity [SEVERITY [SEVERITY ...]]`      | Filter by severity informational/critical/high/medium/low/unclassified     |
 | `--confirmed`   | Confirmed vulnerabilities       |
@@ -443,13 +444,14 @@ $ faraday-cli tool report $HOME/Downloads/openvas-report.xml
 | Syntax      | Description |
 |:-----	|------:	|
 | `-w WORKSPACE_NAME`     | Workspace name    |
+| `--create-workspace`     | if -w is used and the workspace dont exists, it will create it    |
 | `--plugin-id PLUGIN_ID`   | Plugin ID (force detection)       |
 | `-j/--json-output`   | Show output in json (dont send it to faraday)       |
 | `--tag-vuln TAG_VULN`   | Tag to add to vulnerabilities       |
 | `--tag-host TAG_HOST`   | Tag to add to hosts       |
 | `--tag-service TAG_SERVICE`   | Tag to add to services      |
 
-### process_tool
+### run tool
 
 Execute a tool and upload the information into faraday.
 
@@ -619,12 +621,40 @@ Run an executor.
     ```
     $ echo '{"target": "www.google.com"}' | faraday-cli agent run -a 1 -e nmap --stdin
     ```
+    If no ```-p``` or ```--stdin``` argument is provided, then the executor parameters will be asked one by one.
+
+    You can store the parameters in env variables and will be auto loaded.
+
+    Example:
+    ```
+    For the TARGET parameter of the NMAP executor save the variable FARADAY_CLI_EXECUTOR_NMAP_TARGET
+    ```
+
+    You can store the parameters in a file and use it as a 'profile' to repeat scans
+    ```
+    $ cat scan_test.com_nmap.vars
+    FARADAY_CLI_EXECUTOR_NMAP_TARGET=test.com
+    FARADAY_CLI_EXECUTOR_NMAP_OPTION_PN=true
+    FARADAY_CLI_EXECUTOR_NMAP_OPTION_SC=false
+    FARADAY_CLI_EXECUTOR_NMAP_OPTION_SV=true
+    FARADAY_CLI_EXECUTOR_NMAP_PORT_LIST=
+    FARADAY_CLI_EXECUTOR_NMAP_TOP_PORTS=
+    FARADAY_CLI_EXECUTOR_NMAP_HOST_TIMEOUT=
+    FARADAY_CLI_EXECUTOR_NMAP_SCRIPT_TIMEOUT=
+
+    $ source scan_test.com_nmap.vars && faraday-cli agent run -a 2 -e nmap -w test
+    Running executor: unnamed_agent/nmap
+    Parameters: {"TARGET": "test.com", "OPTION_PN": "true", "OPTION_SC": "false", "OPTION_SV": "true"}
+    Generated Command: 14
+    ```
 
 !!! warning
     If you pass the executor parameters as an argument it needs to be escaped like this (only in command mode, not in shell mode).
     ```
     $ faraday-cli  agent run -a 1 -e nmap -p \''{"target": "www.google.com"}'\'
-    Run executor: agent/nmap [{'command_id': 5}]
+    Running executor: unnamed_agent/nmap
+    Parameters: {"TARGET": "www.google.com"}
+    Generated Command: 13
     ```
 
 *Required Arguments:*
@@ -679,7 +709,7 @@ $ faraday-cli executive_report list-templates -p
 Generate an executive report with a given template.
 
 ```
-$ faraday-cli executive_report create -t \'"generic_default.html (generic) (PDF)"\'  --title title --summary summary --enterprise company  -o /tmp/test.pdf  --ignore-info
+$ faraday-cli executive_report create -t \'"generic_default.html (generic) (PDF)"\'  --title title --summary summary --enterprise company  -d /tmp/test.pdf  --ignore-info
 Report created: /tmp/test.pdf
 ```
 
@@ -695,7 +725,7 @@ Report created: /tmp/test.pdf
 | `--confirmed`   | Confirmed vulnerabilities      |
 | `--severity [SEVERITY [SEVERITY ...]]`   | Filter by severity informational/critical/high/medium/low/unclassified      |
 | `--ignore-info`   | Ignore informational/unclassified vulnerabilities     |
-| `-o/--output OUTPUT`   | Report output      |
+| `-d/--destination DESTINATION`   | Report destination      |
 
 
 ## help

faraday_cli/api_client/faraday_api.py

@@ -77,7 +77,9 @@ def hanlde(self, *args, **kwargs):
                         e.response.headers["content-type"]
                         == "application/json"
                     ):
-                        raise RequestError(e.response.body["message"])
+                        raise RequestError(
+                            e.response.body.get("message", e.response.body)
+                        )
                     else:
                         raise RequestError(e)
             except Exception as e:
@@ -406,7 +408,7 @@ def delete_workspace(self, workspace_name: str):
         return response
 
     @handle_errors
-    def is_workspace_valid(self, workspace_name):
+    def is_workspace_available(self, workspace_name):
         workspaces = self.get_workspaces()
         available_workspaces = [
             ws for ws in map(lambda x: x["name"], workspaces)

faraday_cli/shell/modules/agent.py

@@ -1,9 +1,11 @@
 import json
 import argparse
 import sys
+import os
 from collections import OrderedDict
 
 import cmd2
+import click
 from tabulate import tabulate
 from simple_rest_client.exceptions import NotFoundError
 
@@ -189,12 +191,14 @@ def get_agent(self, args: argparse.Namespace):
     )
     def run_executor(self, args):
         """Run executor"""
+        ask_for_parameters = False
         if args.stdin:
             executor_params = sys.stdin.read()
         else:
             if not args.executor_params:
-                self._cmd.perror("Missing executor params")
-                return
+                ask_for_parameters = True
+                # self._cmd.perror("Missing executor params")
+                # return
             else:
                 executor_params = args.executor_params
         if not args.workspace_name:
@@ -227,6 +231,38 @@ def run_executor(self, args):
                         f"Invalid executor name [{args.executor_name}]"
                     )
                     return
+                if ask_for_parameters:
+                    executor_params = {}
+                    types_mapping = {
+                        "boolean": click.BOOL,
+                        "integer": click.INT,
+                    }
+                    for parameter, parameter_data in executor[
+                        "parameters_metadata"
+                    ].items():
+                        value = os.getenv(
+                            f"FARADAY_CLI_EXECUTOR_{executor['name'].upper()}_{parameter}",
+                            None,
+                        )
+                        if value is None:
+                            if parameter_data["mandatory"]:
+                                value = click.prompt(
+                                    f"{parameter} ({parameter_data['type']})",
+                                    type=types_mapping.get(
+                                        parameter_data["type"], click.STRING
+                                    ),
+                                    show_default=False,
+                                )
+                            else:
+                                value = click.prompt(
+                                    f"{parameter} ({parameter_data['type']})",
+                                    default="",
+                                    show_default=False,
+                                )
+                        if type(value) == str and value == "":
+                            continue
+                        executor_params[parameter] = str(value)
+                    executor_params = json.dumps(executor_params)
                 executor_parameters_schema = {
                     "type": "object",
                     "properties": {
@@ -236,7 +272,7 @@ def run_executor(self, args):
                     "required": [
                         i[0]
                         for i in filter(
-                            lambda x: x[1] is True,
+                            lambda x: x[1]["mandatory"] is True,
                             executor["parameters_metadata"].items(),
                         )
                     ],
@@ -248,6 +284,16 @@ def run_executor(self, args):
                 except InvalidJsonSchema as e:
                     self._cmd.perror(e)
                 else:
+                    run_message = (
+                        f"Running executor: {agent['name']}/{executor['name']}"
+                        f"\nParameters: {executor_params}"
+                    )
+                    self._cmd.poutput(
+                        cmd2.style(
+                            run_message,
+                            fg="green",
+                        )
+                    )
                     try:
                         response = self._cmd.api_client.run_executor(
                             workspace_name,
@@ -256,11 +302,11 @@ def run_executor(self, args):
                             json.loads(executor_params),
                         )
                     except Exception as e:
-                        print(e)
+                        self._cmd.perror(str(e))
                     else:
                         self._cmd.poutput(
                             cmd2.style(
-                                f"Run executor: {agent['name']}/{executor['name']} [{response}]",  # noqa: E501
+                                f"Generated Command: {response['command_id']}",  # noqa: E501
                                 fg="green",
                             )
                         )