/sparrow

CSEC 731 Python Web Server

Primary LanguagePython

Sparrow

CSEC 731 Python Web Server

Author: Jason Howe

Installation

Clone the repository done
git clone https://github.com/P0nt14c/sparrow.git

Usage

There are three different modes for Sparrow to run in:

Request Checking

To check a HTTP Request in a file:
python3 sparrow.py <path/to/request>

HTTP Mode

To use Sparrow in HTTP only: python3 sparrow.py <ip> <port>

HTTPS Mode

To use Sparrow in HTTPS only: python3 sparrow.py <ip> <port> <crt.file> <key.file>

Structure

Ansible

The Ansible directory contains the ansible code that will deploy the sparrow webserver on localhost.
There are some weird permissioning errors with TMP, so that may prevent pages from being served. However, Sparrow works.
The ansible will deploy Sparrow as a systemd service, which requires elevated permissions. Make sure to change the credentials specified in the inventory file to be able to run the playbook successful.
The command to run the playbook, from the ansible directory is: ansible-playbook -t sparrow sparrow.yaml

Code

The code directory contains all of the code written to complete this project. See usage above to use sparrow.
The files within the directory contain small explantations about what function they serve.
As of right now, most funcitons are documented properly.

Docker

The docker directory contains the docker-compose file to deploy Sparrow as a container.
See the readme in the docker directory for more information.

Documentation

The documentation directory contains all 10 progress reports for this project.

Documets

The Docuemnts directory contains certificates and web requests used for testing.

Log

The log directory was used for logging the requests. The logging functionality has since been updated to log to /tmp/good.txt and /tmp/bad.txt

Tests

The tests directory has an non-comprehensive set of tests that was used for testing. It should be extended and fully comprehensive in the future.

Main

In the top level directory, you will find:

  • assessment.md which is the risk assessment
  • writeup.md which is the technical write up for the vulnerability
  • this readme

Hopefully this description of the structure aids a developer or user in using this tool.

Future Work

This project could benefit from the following:

  • documentation review
  • full testing
  • develop documentation