Skip to content

Web GUI for your scripts and remote execution facility.

License

Notifications You must be signed in to change notification settings

zakabluk/script-server

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

script-server

Script-server provides Web GUI for your scripts and remote execution facility.

All you need to do, is create link/configuration to your scripts and start the server. Users will be able to access your scripts via web-browser and execute them. Everything will run on your machine, so users shouldn't care about setting up an environment or working via ssh.

GUI is very straightforward and easy-to-use for anyone. Example of the user interface: Example of user interface

Features

  1. Users can specify script parameters. Different parameter types are supported [conf-script]
  2. Providing immediate output to the user and reading his input (if script is interactive)
  3. LDAP authentication support [conf-server]
  4. Alerting in case of script execution failures (email or web hook) [conf-server]
  5. HTTPS support [conf-server]
  6. Transparent logging and auditing
  7. Bash colors/styles support [conf-script]
  8. Download script execution results [conf-script]

[conf-script] These features are configurable per script, see script config page for details

[conf-server] These features are configurable for the whole server, see server config page for details

Requirements

Server-side

Python 3.4+ with following modules:

  • Tornado

Some features can require additional modules. Such requirements are specified in a corresponding feature description.

OS support:

  • Linux (main). Tested and working on Debian 8,9
  • Windows (additional). Light testing on Windows 7
  • MacOS (additional). Not tested. Most probably some fixes are needed

Client-side

Any more or less up to date browser with enabled JS

Internet connection is not needed. All the files are loaded from the server.

Installation

Non-developer mode

  1. Download script-server.zip file from Latest release
  2. Create script-server folder anywhere on your PC and extract zip content to this folder

Developer mode

  1. Clone/download the repository
  2. Run tools/init.py script (this will download javascript libraries)

Setup and run

  1. Create json configurations for your scripts in conf/runners/ folder (see script config page for details)
  2. Launch launcher.py from script-server folder
  • Windows command: launcher.py
  • Linux command: ./launcher.py

By default, server will run on 5000 port, over HTTP protocol.

Server config

All the features listed above and some other minor features can be configured in conf/conf.json file. It is allowed not to create this file. In this case default values will be used. See server config page for details

Logging

All web/operating logs are written to the logs/server.log Additionally each script logs are written to separate file in logs/processes. File name format is {script_name}_{client_address}_{date}_{time}.log.

Testing/demo

Script-server has bundled configs/scripts for testing/demo purposes, which are located in samples folder. You can link/copy these config files (samples/configs/*.json) to server config folder (conf/runners).

Security

General note: for different security reasons it's recommended to run script server only on a trusted network.

Shell commands injection

Script server guarantees that all user parameters are passed to an executable script as arguments and won't be executed under any conditions. There is no way to inject fraud command from a client side. However user parameters are not escaped, so scripts should take care of not executing them also (general recommendation for bash is at least to wrap all arguments in double quotes). It's recommended to use typed parameters when appropriate, because they are validated for proper values and so they are harder to be subject of commands injection. Such attempts would be easier to detect also.

Important! Command injection protection is fully supported for linux, but only for .bat and .exe files on Windows

XSS and CSRF

At the moment script server is vulnerable to these attacks.

About

Web GUI for your scripts and remote execution facility.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 69.4%
  • JavaScript 21.9%
  • CSS 6.5%
  • HTML 2.2%