API tools faq
paste
WhosYourDaddySec

Web Fortress

WhosYourDaddySec
Jan 27th, 2024
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.87 KB | None | 0 0
raw download clone embed print report
  1. // GhostSec Web Fortress Template by Michael Errington
  2.  
  3. // GhostSec Web Fortress Template, meticulously crafted by the adept hands of Michael Errington from GhostSec Hackers, stands as a sophisticated C++ command-line application. Tailored for the meticulous construction of a highly secure web server infrastructure, this tool epitomizes advanced user authentication and data protection mechanisms, setting new standards for digital security.
  4.  
  5. // Unveiling the Arsenal
  6.  
  7. // 1. Cryptographic Brilliance - AES Encryption Implementation
  8. // - At the core of GhostSec Web Fortress lies an impeccable encryption strategy employing the Advanced Encryption Standard (AES). This transcendent cryptographic technique ensures the confidentiality of sensitive user data, employing a carefully managed cryptographic key and initialization vector to fortify the encryption process.
  9.  
  10. // 2. User Authentication Mastery
  11. // - The tool's user authentication mechanism, envisioned by Michael Errington, delves into the intricacies of security. User passwords undergo decryption and are subjected to a meticulous hash comparison with stored values in the SQLite database. This advanced authentication process not only shields against common attacks but establishes a formidable defense against more sophisticated intrusion attempts.
  12.  
  13. // 3. Crow Framework's Dynamic Rate Limiting
  14. // - Leveraging the versatility of the Crow framework, the tool integrates an adaptive RateLimitMiddleware, a testament to Michael Errington's commitment to security. This advanced middleware extends beyond conventional rate-limiting by dynamically adjusting thresholds. The result is an intricate defense mechanism, fending off potential brute force attacks and maintaining server resilience in the face of varying traffic patterns.
  15.  
  16. // 4. Holistic HTTPS Security Envelope
  17. // - The server's commitment to security extends to the network layer, with a robust HTTPS implementation. SSL certificates, strategically specified through command-line options (`-c` and `-k`), establish an impenetrable security envelope, shielding data in transit against eavesdropping and man-in-the-middle exploits.
  18.  
  19. // 5. Configurability Empowerment through Command-Line Options
  20. // - GhostSec Web Fortress Template epitomizes user empowerment with a spectrum of command-line options (`-d`, `-c`, `-k`, `-p`, `-h`). Users can dynamically configure the SQLite database path, SSL certificate and private key paths, server port, and access a comprehensive help guide. This configurability aligns the tool with diverse deployment scenarios, ensuring adaptability to user-specific requirements.
  21.  
  22. // Expert-level Recommendations and Advanced Usage Insights
  23.  
  24. // 1. Key Management Evolution
  25. // - Michael Errington's vision for the template's key management can be further fortified through a transition from hardcoded keys to a dynamic management strategy. Loading encryption keys from a secure external source introduces an additional layer of resilience, particularly against potential key compromise scenarios.
  26.  
  27. // 2. Parameterized Input Validation and Tactical Threat Mitigation
  28. // - Elevate the tool's input validation by incorporating parameterized queries to guard against SQL injection attacks. A comprehensive threat mitigation strategy should be implemented, addressing a spectrum of potential security vulnerabilities and intricacies associated with user input.
  29.  
  30. // 3. Granular Logging and Proactive Error Handling Tactics
  31. // - Infuse the tool with granular logging mechanisms offering forensic-level insights into errors and events. A proactive error-handling approach, augmented by comprehensive logging, is indispensable for real-time monitoring, debugging, and the swift identification of potential security incidents.
  32.  
  33. // 4. Continuous Security Surveillance Infrastructure
  34. // - Michael Errington's foresight leads to the institution of a comprehensive security monitoring infrastructure incorporating intrusion detection systems, log analysis, and periodic security audits. This proactive stance towards identifying and responding to potential security threats is imperative for sustained server resilience in dynamic and evolving threat landscapes.
  35.  
  36. // 5. Dependency Management Excellence and Proactive Patching
  37. // - Enforce a disciplined approach to dependency management by regularly updating and auditing dependencies such as Crow, SQLite, and OpenSSL. Proactive patching aligns the tool with the latest advancements, ensuring that it remains resilient against emerging vulnerabilities.
  38.  
  39. // Fortifying Digital Bastions
  40.  
  41. // GhostSec Web Fortress Template, bearing the distinctive touch of Michael Errington from GhostSec Hackers, unfolds as an arsenal of advanced security measures. Users, by leveraging the tool's capabilities and implementing expert recommendations, can construct digital fortresses that stand impervious against a spectrum of cyber threats. The result is not just a web server; it is a resilient bastion guarding valuable digital assets in an ever-evolving landscape of cyber threats.
  42. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
  43. #include <iostream>
  44. #include <crow.h>
  45. #include <sqlite3.h>
  46. #include <openssl/aes.h>
  47. #include <openssl/rand.h>
  48. #include <fstream>
  49. #include <thread>
  50.  
  51. // AES encryption key and IV (Initialization Vector)
  52. static const unsigned char aesKey[] = "your_aes_key_here";
  53. static const unsigned char aesIv[] = "your_aes_iv_here";
  54.  
  55. // Define a RateLimitMiddleware for Crow
  56. class RateLimitMiddleware : public crow::Middleware<RateLimitMiddleware> {
  57. public:
  58. void before_handle(crow::request& req, crow::response& res, context& ctx) override {
  59. // Implement advanced rate-limiting logic here based on req
  60. // Set res accordingly to handle rate-limiting violations
  61. // Example: Check request frequency, IP address, or user agent
  62. }
  63. };
  64.  
  65. // Function to create a user in the 'users' table
  66. bool createUser(const std::string& username, const std::string& password, const std::string& role, sqlite3* db) {
  67. // Implement advanced user creation logic using AES-encrypted SQLite storage
  68. // Example: Encrypt password using AES before storing in the database
  69. // Return true on success, false on failure
  70. unsigned char encryptedPassword[AES_BLOCK_SIZE];
  71. encryptAES(reinterpret_cast<const unsigned char*>(password.c_str()), encryptedPassword, aesKey, aesIv);
  72.  
  73. std::string encryptedPasswordStr(reinterpret_cast<char*>(encryptedPassword));
  74. std::string query = "INSERT INTO users (username, password, role) VALUES ('" + username + "', '" + encryptedPasswordStr + "', '" + role + "')";
  75.  
  76. int rc = sqlite3_exec(db, query.c_str(), 0, 0, 0);
  77. return rc == SQLITE_OK;
  78. }
  79.  
  80. // Function to authenticate a user based on username and password
  81. bool authenticateUser(const std::string& username, const std::string& password, sqlite3* db) {
  82. // Implement advanced user authentication logic using AES-encrypted SQLite storage
  83. // Example: Decrypt and compare the stored hash with the provided password
  84. unsigned char encryptedPassword[AES_BLOCK_SIZE];
  85. encryptAES(reinterpret_cast<const unsigned char*>(password.c_str()), encryptedPassword, aesKey, aesIv);
  86.  
  87. std::string encryptedPasswordStr(reinterpret_cast<char*>(encryptedPassword));
  88. std::string query = "SELECT * FROM users WHERE username='" + username + "' AND password='" + encryptedPasswordStr + "'";
  89.  
  90. sqlite3_stmt* stmt;
  91. int rc = sqlite3_prepare_v2(db, query.c_str(), -1, &stmt, 0);
  92. if (rc != SQLITE_OK) {
  93. return false;
  94. }
  95.  
  96. rc = sqlite3_step(stmt);
  97. sqlite3_finalize(stmt);
  98.  
  99. return rc == SQLITE_ROW;
  100. }
  101.  
  102. void encryptAES(const unsigned char *plaintext, unsigned char *ciphertext, const AES_KEY& key, const unsigned char *iv) {
  103. AES_cbc_encrypt(plaintext, ciphertext, AES_BLOCK_SIZE, &key, iv, AES_ENCRYPT);
  104. }
  105.  
  106. void decryptAES(const unsigned char *ciphertext, unsigned char *plaintext, const AES_KEY& key, const unsigned char *iv) {
  107. AES_cbc_encrypt(ciphertext, plaintext, AES_BLOCK_SIZE, &key, iv, AES_DECRYPT);
  108. }
  109.  
  110. void printHelp() {
  111. std::cout << "------------------------\n"
  112. << "Your App Command Line Tool\n"
  113. << "------------------------\n"
  114. << "Usage: ./your_app [options]\n"
  115. << "Options:\n"
  116. << " -d, --database <path> Set the SQLite database path (default: path/to/default/database.db)\n"
  117. << " -c, --cert <path> Set the path to SSL certificate file (default: path/to/default/certificate.pem)\n"
  118. << " -k, --key <path> Set the path to SSL private key file (default: path/to/default/private_key.pem)\n"
  119. << " -p, --port <port> Set the port for HTTPS (default: 443)\n"
  120. << " -h, --help Show this help message\n"
  121. << "Examples:\n"
  122. << " ./your_app -d /path/to/database.db -c /path/to/certificate.pem -k /path/to/private_key.pem -p 8080\n"
  123. << " ./your_app --help\n"
  124. << "------------------------\n";
  125. }
  126.  
  127. void loadKeyFromFile(const std::string& filePath, unsigned char* key) {
  128. std::ifstream keyFile(filePath, std::ios::binary);
  129. if (keyFile) {
  130. keyFile.read(reinterpret_cast<char*>(key), AES_BLOCK_SIZE);
  131. keyFile.close();
  132. } else {
  133. std::cerr << "Error: Unable to read key file: " << filePath << std::endl;
  134. }
  135. }
  136.  
  137. int main(int argc, char** argv) {
  138. // Default values
  139. std::string databasePath = "path/to/default/database.db";
  140. std::string certPath = "path/to/default/certificate.pem";
  141. std::string keyPath = "path/to/default/private_key.pem";
  142. int port = 443;
  143.  
  144. // Parse command line arguments
  145. for (int i = 1; i < argc; ++i) {
  146. std::string arg = argv[i];
  147. if (arg == "-d" || arg == "--database") {
  148. if (++i < argc) {
  149. databasePath = argv[i];
  150. } else {
  151. std::cerr << "Error: Database path not provided.\n";
  152. printHelp();
  153. return 1;
  154. }
  155. } else if (arg == "-c" || arg == "--cert") {
  156. if (++i < argc) {
  157. certPath = argv[i];
  158. } else {
  159. std::cerr << "Error: Certificate path not provided.\n";
  160. printHelp();
  161. return 1;
  162. }
  163. } else if (arg == "-k" || arg == "--key") {
  164. if (++i < argc) {
  165. keyPath = argv[i];
  166. } else {
  167. std::cerr << "Error: Private key path not provided.\n";
  168. printHelp();
  169. return 1;
  170. }
  171. } else if (arg == "-p" || arg == "--port") {
  172. if (++i < argc) {
  173. port = std::atoi(argv[i]);
  174. } else {
  175. std::cerr << "Error: Port not provided.\n";
  176. printHelp();
  177. return 1;
  178. }
  179. } else if (arg == "-h" || arg == "--help") {
  180. printHelp();
  181. return 0;
  182. } else {
  183. std::cerr << "Error: Unknown option '" << arg << "'.\n";
  184. printHelp();
  185. return 1;
  186. }
  187. }
  188.  
  189. // Open or create SQLite database
  190. sqlite3* db;
  191. int rc = sqlite3_open(databasePath.c_str(), &db);
  192. if (rc != SQLITE_OK) {
  193. std::cerr << "Error: Cannot open database: " << sqlite3_errmsg(db) << std::endl;
  194. return 1;
  195. }
  196.  
  197. // Create the 'users' table if it doesn't exist
  198. const char* createTableSQL = "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT NOT NULL, password TEXT NOT NULL, role TEXT NOT NULL)";
  199. rc = sqlite3_exec(db, createTableSQL, 0, 0, 0);
  200. if (rc != SQLITE_OK) {
  201. std::cerr << "Error: Cannot create table: " << sqlite3_errmsg(db) << std::endl;
  202. sqlite3_close(db);
  203. return 1;
  204. }
  205.  
  206. // Set up HTTPS with SSL certificates
  207. crow::ssl_context_t sslCtx;
  208. sslCtx.set_certificate_file(certPath, crow::ssl_context_t::pem);
  209. sslCtx.set_private_key_file(keyPath, crow::ssl_context_t::pem);
  210.  
  211. // Create a Crow app with advanced RateLimitMiddleware
  212. crow::App<RateLimitMiddleware> app(sslCtx);
  213.  
  214. // Define routes for advanced user registration and login
  215. CROW_ROUTE(app, "/register")
  216. .methods("POST"_method)
  217. ([&](const crow::request& req) {
  218. try {
  219. auto x = crow::json::load(req.body);
  220. if (!x) {
  221. throw std::runtime_error("Error: Invalid JSON data");
  222. }
  223. std::string username = x["username"].s();
  224. std::string password = x["password"].s();
  225. std::string role = "user";
  226.  
  227. // Encrypt password before storing in the database
  228. unsigned char encryptedPassword[AES_BLOCK_SIZE];
  229. encryptAES(reinterpret_cast<const unsigned char*>(password.c_str()), encryptedPassword, aesKey, aesIv);
  230.  
  231. if (createUser(username, std::string(reinterpret_cast<char*>(encryptedPassword)), role, db)) {
  232. return crow::response(201);
  233. } else {
  234. throw std::runtime_error("Error: Failed to create user");
  235. }
  236. } catch (const std::exception& ex) {
  237. std::cerr << "Error: " << ex.what() << std::endl;
  238. return crow::response(500);
  239. }
  240. });
  241.  
  242. CROW_ROUTE(app, "/login")
  243. .methods("POST"_method)
  244. ([&](const crow::request& req) {
  245. try {
  246. auto x = crow::json::load(req.body);
  247. if (!x) {
  248. throw std::runtime_error("Error: Invalid JSON data");
  249. }
  250. std::string username = x["username"].s();
  251. std::string password = x["password"].s();
  252.  
  253. // Decrypt and compare stored hash with the provided password
  254. unsigned char encryptedPassword[AES_BLOCK_SIZE];
  255. encryptAES(reinterpret_cast<const unsigned char*>(password.c_str()), encryptedPassword, aesKey, aesIv);
  256.  
  257. if (authenticateUser(username, std::string(reinterpret_cast<char*>(encryptedPassword)), db)) {
  258. return crow::response(200);
  259. } else {
  260. return crow::response(401);
  261. }
  262. } catch (const std::exception& ex) {
  263. std::cerr << "Error: " << ex.what() << std::endl;
  264. return crow::response(500);
  265. }
  266. });
  267.  
  268. // Run the app on the specified port for HTTPS
  269. std::thread([&]() {
  270. app.port(port).multithreaded().run();
  271. }).detach();
  272.  
  273. // Close the database connection
  274. sqlite3_close(db);
  275.  
  276. // Keep the main thread running or perform other tasks as needed
  277. while (true) {
  278. std::this_thread::sleep_for(std::chrono::seconds(1));
  279. // Add additional logic or tasks here
  280. }
  281.  
  282. return 0;
  283. }
  284.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!