jaredhendrickson13 / pfsense-automator Goto Github PK
View Code? Open in Web Editor NEWpfSense Automator - a command line tool to make pfSense configurations
pfSense Automator - a command line tool to make pfSense configurations
The --set-wc-sslcert flag is writing over the existing configuration at /system_advanced_admin.php. this is due to the webconfigurator expecting the prefilled values when the save button is hit. Making direct POST requests requires us to fill this in specifically.
Hi Jared,
I dont know if this is the good way to contact you.
I’m trying use pfsense-automator.py to connect from client (kali) to pfsense but it respone with :Error: Connection dropped by remote host.
Could you point me in the good direction?
Thanks.
An executable should be included in the next build that is compatible with FreeBSD/pfSense out of the box. This would be helpful for those who want to make Ansible configurations or configurations via SSH/command line
Functions to manage VLAN configuration on pfSense have been requested. Create a function to read VLAN configurations and write VLAN configurations.
Hi Jared,
I dont know if this is the good way to contact you. please be patient.
I’m trying to test pfa_automator on a test pfsense 2.4.4 installation, using ubuntu as a client to connect from.
I have downloaded the executable from github code releases pfsense-automator (beta) v0.0.3
then following the instruction I did a tar xvzf on pfsense-automator_v0.0.3_ubuntu1804.tar.gz
Now I have a pfsense-automator_v0.0.3_ubuntu1804 folder : inside there is a pfsense-automator executable
I don’t see a pfa_installer
Now it seems to me that some command are not working:
this one works
./pfsense-automator 192.168.204.1 --read-interfaces
Please enter username: admin
Please enter password:
NAME-------------------------- INTERFACE--------- ID------ TYPE------ CIDR---------------- ENABLED-
WAN0 em0 wan staticv4 10.0.5.1/24 yes
LAN em2 lan staticv4 10.0.2.1/24 yes
SEGM3 em3 opt1 staticv4 192.168.204.1/24 yes
SYNC em4 opt2 staticv4 10.0.4.1/24 yes
WAN1 em1 opt3 staticv4 10.0.0.1/24 yes
this one fails
./pfsense-automator 192.168.204.1 --read-rules
Error: Invalid argument. Unknown action `--read-rules`
this one fails too
./pfsense-automator 192.168.204.1 --read-rules --all
Error: Invalid argument. Unknown action `--read-rules`
Where I’m wrong?
Can you point me in the good direction?
Thanks.
The version function must be updated to reflect the v0.0.4 version tag
Currently we have no method of verifying existing Firewall Aliases. We need a function to pull existing Alias configuration that we can use to verify aliases were created, modified or removed.
I have received a request to add general pfSense setup functions. We should add functions to accomplish the following:
Function to configure System > General Setup
Function to configure System > Advanced
Function to configure System > Advanced > System Tunables
Function to configure Interfaces > Assignments
These should cover the basics on a base configuration.
Requests made to non-pfSense pages are still processed and parsing attempts are made. This is because we are only checking that the pfSense webUI port is open and not any content that is specific to pfSense. Perhaps we should implement a function that makes a basic GET request to check for expected pfSense content and return an expected error when pfSense content is not found:
$ python3 pfsense-automator.py www.google.com --add-dns test jh.co 0.0.0.0 default -u admin -p pfsense
Traceback (most recent call last):
File "pfsense-automator.py", line 1007, in <module>
main()
File "pfsense-automator.py", line 726, in main
addDnsExitCode = add_dns_entry(pfsenseServer, user, key, hostToAdd, domainToAdd, ipToAdd, descrToAdd)
File "pfsense-automator.py", line 396, in add_dns_entry
authCheckData = {"__csrf_magic": get_csrf_token(url + "/index.php", "GET"), "usernamefld": user, "passwordfld": key, "login": "Sign In"} # Define our login POST data
File "pfsense-automator.py", line 305, in get_csrf_token
csrfParsed = "sid:" + csrfResponse['text'].split("sid:")[1].split(";")[0].replace(" ", "").replace("\n", "").replace("\"", "")
IndexError: list index out of range
There is no check to see whether or not the user has permission to run a certain command or access a certain page:
python3 pfsense-automator.py test.jh.co --read-aliases -a -u admin -p pfsense
Traceback (most recent call last):
File "pfsense-automator.py", line 1611, in <module>
main()
File "pfsense-automator.py", line 1337, in main
getAliasData = get_firewall_aliases(pfsenseServer, user, key) # Get our alias data dictionary
File "pfsense-automator.py", line 877, in get_firewall_aliases
name = getAliasIdInfo["text"].split("<input class=\"form-control\" name=\"name\" id=\"name\" type=\"text\" value=\"")[1].split("\"")[0] # Save our alias name
IndexError: list index out of range
A check to should be put in place and a proper error should be thrown if user does not obtain permissions to the run the task.
It appears that supplying -u -p on the CLI does not get read unless you have a significantly long arg list.
./pfsense-automator.py 192.168.1.1 --check-auth -u admin -p pfsense
WARNING: Large numbers of authentication failures will enforce a pfSense lockout for your IP address. Proceed with caution.
Please enter username: admin
Please enter password:
Authentication successful
Reviewing the code it appears that you have opted not to use the python argparse utility to capture and enforce command line parameters and have instead opted to hardcode the positional arguments using sys.argv is there a reason for this?
A better way is to read all the variables in via argparse and then use them throughout where needed, this way you avoided repeating your self multiple times.
Running from Windows 10, user has experienced traceback when sigint (ctl+c) is passed during input. This does not disrupt functionality but is an unintended annoyance.
C:\Users\jhendrickson\pfsense-automator_v0.0.2_windows10>pfsense-automator.exe test.jh.co --check-auth -u admin
WARNING: Large numbers of authentication failures will enforce a pfSense lockout for your IP address. Proceed with caution.
Please enter password:
Traceback (most recent call last):
File "pfsense-automator.py", line 1016, in <module>
File "pfsense-automator.py", line 945, in main
File "Users\jhendrickson\AppData\Local\Programs\Python\Python37\lib\getpass.py", line 110, in win_getpass
KeyboardInterrupt
[10708] Failed to execute script pfsense-automator
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.