Autarch Will Control The Internet

2026-03-13 15:17:15 -07:00
commit 4d3570781e
401 changed files with 484494 additions and 0 deletions
--- a/web/routes/targets.py
+++ b/web/routes/targets.py
@@ -0,0 +1,167 @@
+"""Targets — scope and target management for pentest engagements."""
+
+import json
+import uuid
+from datetime import datetime, timezone
+from pathlib import Path
+
+from flask import Blueprint, render_template, request, jsonify, Response
+from web.auth import login_required
+
+targets_bp = Blueprint('targets', __name__, url_prefix='/targets')
+
+# ── Storage helpers ────────────────────────────────────────────────────────────
+
+def _targets_file() -> Path:
+    from core.paths import get_data_dir
+    d = get_data_dir()
+    d.mkdir(parents=True, exist_ok=True)
+    return d / 'targets.json'
+
+
+def _load() -> list:
+    f = _targets_file()
+    if not f.exists():
+        return []
+    try:
+        return json.loads(f.read_text(encoding='utf-8'))
+    except Exception:
+        return []
+
+
+def _save(targets: list) -> None:
+    _targets_file().write_text(json.dumps(targets, indent=2), encoding='utf-8')
+
+
+def _now() -> str:
+    return datetime.now(timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ')
+
+
+def _new_target(data: dict) -> dict:
+    host = data.get('host', '').strip()
+    now = _now()
+    return {
+        'id':         str(uuid.uuid4()),
+        'name':       data.get('name', '').strip() or host,
+        'host':       host,
+        'type':       data.get('type', 'ip'),
+        'status':     data.get('status', 'active'),
+        'os':         data.get('os', 'Unknown'),
+        'tags':       [t.strip() for t in data.get('tags', '').split(',') if t.strip()],
+        'ports':      data.get('ports', '').strip(),
+        'notes':      data.get('notes', '').strip(),
+        'created_at': now,
+        'updated_at': now,
+    }
+
+
+# ── Routes ─────────────────────────────────────────────────────────────────────
+
+@targets_bp.route('/')
+@login_required
+def index():
+    return render_template('targets.html', targets=_load())
+
+
+@targets_bp.route('/add', methods=['POST'])
+@login_required
+def add():
+    data = request.get_json(silent=True) or {}
+    if not data.get('host', '').strip():
+        return jsonify({'error': 'Host/IP is required'})
+    targets = _load()
+    t = _new_target(data)
+    targets.append(t)
+    _save(targets)
+    return jsonify({'ok': True, 'target': t})
+
+
+@targets_bp.route('/update/<tid>', methods=['POST'])
+@login_required
+def update(tid):
+    data = request.get_json(silent=True) or {}
+    targets = _load()
+    for t in targets:
+        if t['id'] == tid:
+            for field in ('name', 'host', 'type', 'status', 'os', 'ports', 'notes'):
+                if field in data:
+                    t[field] = str(data[field]).strip()
+            if 'tags' in data:
+                t['tags'] = [x.strip() for x in str(data['tags']).split(',') if x.strip()]
+            t['updated_at'] = _now()
+            _save(targets)
+            return jsonify({'ok': True, 'target': t})
+    return jsonify({'error': 'Target not found'})
+
+
+@targets_bp.route('/delete/<tid>', methods=['POST'])
+@login_required
+def delete(tid):
+    targets = _load()
+    before = len(targets)
+    targets = [t for t in targets if t['id'] != tid]
+    if len(targets) < before:
+        _save(targets)
+        return jsonify({'ok': True})
+    return jsonify({'error': 'Not found'})
+
+
+@targets_bp.route('/status/<tid>', methods=['POST'])
+@login_required
+def set_status(tid):
+    data = request.get_json(silent=True) or {}
+    status = data.get('status', '')
+    valid = {'active', 'pending', 'completed', 'out-of-scope'}
+    if status not in valid:
+        return jsonify({'error': f'Invalid status — use: {", ".join(sorted(valid))}'})
+    targets = _load()
+    for t in targets:
+        if t['id'] == tid:
+            t['status'] = status
+            t['updated_at'] = _now()
+            _save(targets)
+            return jsonify({'ok': True})
+    return jsonify({'error': 'Not found'})
+
+
+@targets_bp.route('/export')
+@login_required
+def export():
+    targets = _load()
+    return Response(
+        json.dumps(targets, indent=2),
+        mimetype='application/json',
+        headers={'Content-Disposition': 'attachment; filename="autarch_targets.json"'},
+    )
+
+
+@targets_bp.route('/import', methods=['POST'])
+@login_required
+def import_targets():
+    data = request.get_json(silent=True) or {}
+    incoming = data.get('targets', [])
+    if not isinstance(incoming, list):
+        return jsonify({'error': 'Expected JSON array'})
+    existing = _load()
+    existing_ids = {t['id'] for t in existing}
+    now = _now()
+    added = 0
+    for item in incoming:
+        if not isinstance(item, dict) or not item.get('host', '').strip():
+            continue
+        item.setdefault('id', str(uuid.uuid4()))
+        if item['id'] in existing_ids:
+            continue
+        item.setdefault('name', item['host'])
+        item.setdefault('type', 'ip')
+        item.setdefault('status', 'active')
+        item.setdefault('os', 'Unknown')
+        item.setdefault('tags', [])
+        item.setdefault('ports', '')
+        item.setdefault('notes', '')
+        item.setdefault('created_at', now)
+        item.setdefault('updated_at', now)
+        existing.append(item)
+        added += 1
+    _save(existing)
+    return jsonify({'ok': True, 'added': added, 'total': len(existing)})