initial commit

.gitignore

@@ -0,0 +1,20 @@
+# Django settings
+settings.py
+
+# Backup files
+*.backup
+*.bak
+
+# Log files
+*.log
+
+# Python files
+*.pyc
+*.pyo
+
+# Vim files
+*.swo
+*.swp
+
+# Kate files
+*swp

LICENSE

@@ -0,0 +1,162 @@
+MIT License
+
+Copyright (c) 2017-2018 M. Stuhlmacher
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/bootstrap-4.0.0 is covered by the following license:
+
+The MIT License (MIT)
+
+Copyright (c) 2011-2018 Twitter, Inc.
+Copyright (c) 2011-2018 The Bootstrap Authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/clipboard-2.0.1 is covered by the following license:
+
+The MIT License (MIT)
+
+Copyright © 2018 Zeno Rocha <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/datatables-1.10.16 is covered by the following license:
+
+MIT license
+
+Copyright (C) 2008-2018, SpryMedia Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/icons is covered by the following license:
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Waybury
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/jquery-3.2.1 is covered by the following license:
+
+Copyright JS Foundation and other contributors, https://js.foundation/
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+------------------------------------------------------------------------------
+
+The code in dfirtrack_main/static/dfirtrack_main/popper-1.12.9 is covered by the following license:
+
+The MIT License (MIT)
+
+Copyright © 2016 Federico Zivolo and contributors
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the “Software”), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,66 @@
+# DFIRTrack
+
+DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application mainly based on [Django](https://www.djangoproject.com/) using a [PostgreSQL](https://www.postgresql.org/) database backend.
+
+In contrast to other great incident response tools, which are mainly case-based and support the work of CERTs, SOCs etc. in their daily business, DFIRTrack is focused on handling one major incident with a lot of affected systems as it is often observed in APT cases. It is meant to be used as a tool for dedicated incident response teams in large cases. So, of course, CERTs and SOCs may use DFIRTrack as well, but they may feel it will be more appropriate in special cases instead of every day work.
+
+In contrast to case-based applications, DFIRTrack works in a system-based fashion. It keeps track of the status of various systems and the tasks associated with them, keeping the analyst well-informed about the status and number of affected systems at any time during the investigation phase up to the remediation phase of the incident response process.
+
+![Systems list view](dfirtrack_docs/images/systems_list.png)
+
+## Features
+
+One focus is the fast and reliable import and export of systems and associated information. The goal for importing systems is to provide a fast and error-free procedure. Moreover, the goal for exporting systems and their status is to have multiple instances of documentation: for instance, detailed Markdown reports for technical staff vs. spreadsheets for non-technical audiences) without redundancies and deviations in the data sets. A manager whose numbers match is a happy manager! ;-)
+
+The following functions are implemented for now:
+
+* Importer
+    * Creator (fast creation of multiple related instances via web interface),
+    * CSV (simple and generic CSV based import (hostname and IP combined with a web form), should fit for the export capabilities of many tools),
+* Exporter
+    * Markdown (for use in a [MkDocs](https://www.mkdocs.org/) structure),
+    * Spreadsheet (CSV and XLS),
+    * LaTeX (planned).
+
+## Installation and dependencies
+
+DFIRTrack is developed for deploying on **Debian Stretch** or **Ubuntu 16.04**. Other *Debian* based distributions or versions may work but were not tested yet. At the moment the project will be focussed on Ubuntu LTS and Debian releases.
+
+For fast and uncomplicated installation on a dedicated server including all dependencies an [Ansible](https://docs.ansible.com/ansible/latest/) playbook and role was written (available [here](https://github.com/stuhli/dfirtrack_ansible)).
+
+For a minimal setup the following dependencies are needed:
+
+* `django` (2.0),
+* `django_q` (0.9.1),
+* `djangorestframework`,
+* `gunicorn`,
+* `postgresql`,
+* `psycopg2-binary`,
+* `python3-pip`,
+* `PyYAML`,
+* `requests`,
+* `virtualenv`,
+* `xlwt`.
+
+**Note that there is no `settings.py` in this repository.** [This file](https://github.com/stuhli/dfirtrack_ansible/blob/master/roles/dfirtrack/templates/settings.py.j2) is submitted via Ansible or has to be copied and configured by hand. That will be changed in the future (see issues for more information).
+
+## Built-in software
+
+The application was created by implementing the following libraries and code:
+
+* [Bootstrap](https://github.com/twbs/bootstrap)
+* [clipboard.js](https://github.com/zenorocha/clipboard.js)
+* [DataTables](https://github.com/DataTables/DataTables)
+* [jQuery](https://github.com/jquery/jquery)
+* [Open Iconic](https://github.com/iconic/open-iconic)
+* [Popper.js](https://github.com/FezVrasta/popper.js)
+
+## License
+
+See `LICENSE` file in the root directory.
+
+## Disclaimer
+
+This software is in an early alpha phase so a lot of work has to be done. Even if some basic error checking is implemented, as of now the usage of DFIRTrack mainly depends on proper handling.
+
+*DFIRTrack was not and most likely will never be intended for usage on publicly available servers. Nevertheless some basic security features were implemented (in particular in connection with the corresponding ansible role) always install DFIRTrack in a secured environment (e. g. a dedicated virtual machine or in a separated network)!*

dfirtrack/config.py

@@ -0,0 +1,32 @@
+#############################
+#                           #
+#   DFIRTrack config file   #
+#                           #
+#############################
+
+
+# IMPORT SYSTEMS WITH TAGS FROM CLIENT CSV FILE
+
+## add a list of strings representing the relevant tags you want to automatically import
+TAGLIST = []
+
+## add a string used as prefix for clearly identifying previously automatically imported tags (e. g. "AUTO" leads to "AUTO_TAG")
+TAGPREFIX = ''
+
+## add a headline for the systems to import by tags
+SYSTEMTAG_HEADLINE = ''
+
+## add a subheadline for the systems to import by tags
+SYSTEMTAG_SUBHEADLINE = ''
+
+
+# IMPORT REPORTITEMS FROM SERVER FILESYSTEM
+
+## add a server path (without trailing slash!) where reportitems (preferably in markdown syntax) are stored as <system_name>.md (lowercase!)
+REPORTITEMS_FILESYSTEMPATH = ''
+
+## add a headline for the reportitems to import
+REPORTITEMS_HEADLINE = ''
+
+## add a subheadline for the reportitems to import
+REPORTITEMS_SUBHEADLINE = ''

dfirtrack/urls.py

@@ -0,0 +1,33 @@
+"""dfirtrack URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/1.11/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.conf.urls import url, include
+    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
+"""
+from django.conf.urls import include, handler404, handler500, url
+from django.contrib import admin
+from django.contrib.auth.views import login, logout
+from . import views
+
+urlpatterns = [
+    url(r'^$', views.login_redirect, name='login_redirect'),
+    url(r'^admin/', admin.site.urls),
+    url(r'^', include('dfirtrack_main.urls')),
+    url(r'^api/', include('dfirtrack_api.urls')),
+    url(r'^login/', login, {'template_name': 'dfirtrack_main/login.html'}),
+    url(r'^logout/', logout, {'template_name': 'dfirtrack_main/logout.html'})
+]
+
+handler400 = views.page_400
+handler403 = views.page_403
+handler404 = views.page_404
+handler500 = views.page_500

dfirtrack/views.py

@@ -0,0 +1,25 @@
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import redirect, render
+
+def login_redirect(request):
+    return redirect('/login')
+
+@login_required(login_url="/login")
+def page_400(request):
+    data = {}
+    return render(request, 'dfirtrack_main/400.html', data)
+
+@login_required(login_url="/login")
+def page_403(request):
+    data = {}
+    return render(request, 'dfirtrack_main/403.html', data)
+
+@login_required(login_url="/login")
+def page_404(request):
+    data = {}
+    return render(request, 'dfirtrack_main/404.html', data)
+
+@login_required(login_url="/login")
+def page_500(request):
+    data = {}
+    return render(request, 'dfirtrack_main/500.html', data)

dfirtrack/wsgi.py

@@ -0,0 +1,16 @@
+"""
+WSGI config for dfirtrack project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "dfirtrack.settings")
+
+application = get_wsgi_application()

dfirtrack_api/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

dfirtrack_api/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class DfirtrackApiConfig(AppConfig):
+    name = 'dfirtrack_api'

dfirtrack_api/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.