Permalink
Browse files

fix #187 (#191)

  • Loading branch information...
rnehra01 authored and afeena committed Aug 21, 2017
1 parent 6a11703 commit 79639f8c563565c6b7baedc1aa786855f87d9d27
Showing with 28 additions and 21 deletions.
  1. +12 −5 docs/source/config.rst
  2. +2 −3 tanner/config.py
  3. +11 −12 tanner/emulators/base.py
  4. +3 −1 tanner/tests/test_config.py
View
@@ -30,9 +30,17 @@ There are 8 different sections :
* **EMULATORS**
:root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory
:emulator_enabled: This tells which emulators are enabled.
* **EMULATOR_ENABLED**
:sqli: True if this emulator is enabled else False
:rfi: True if this emulator is enabled else False
:lfi: True if this emulator is enabled else False
:xss: True if this emulator is enabled else False
:cmd_exec: True if this emulator is enabled else False
* **SQLI**
:db_name: THe name of database used in SQLI emulator
:type: Supports two types MySQL/SQLITE
:db_name: The name of database used in SQLI emulator
@@ -65,9 +73,8 @@ If no file is specified, following json will be used as default:
'WEB': {'host': '0.0.0.0', 'port': 8091},
'API': {'host': '0.0.0.0', 'port': 8092},
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner',
'emulator_enabled': {'sqli': True, 'rfi': True, 'lfi': True, 'xss': True, 'cmd_exec': True}
},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATOR_ENABLED': {'sqli': 'True', 'rfi': 'True', 'lfi': 'True', 'xss': 'True', 'cmd_exec': 'True'},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
View
@@ -11,9 +11,8 @@
'WEB': {'host': '0.0.0.0', 'port': 8091},
'API': {'host': '0.0.0.0', 'port': 8092},
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner',
'emulator_enabled': {'sqli': True, 'rfi': True, 'lfi': True, 'xss': True, 'cmd_exec': True}
},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATOR_ENABLED': {'sqli': 'True', 'rfi': 'True', 'lfi': 'True', 'xss': 'True', 'cmd_exec': 'True'},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
View
@@ -10,14 +10,13 @@
class BaseHandler:
def __init__(self, base_dir, db_name, loop=None):
self.emulator_enabled = TannerConfig.get('EMULATORS', 'emulator_enabled')
self.emulators = {
'rfi': rfi.RfiEmulator(base_dir, loop) if self.emulator_enabled['rfi'] else None,
'lfi': lfi.LfiEmulator() if self.emulator_enabled['lfi'] else None,
'xss': xss.XssEmulator() if self.emulator_enabled['xss'] else None,
'sqli': sqli.SqliEmulator(db_name, base_dir) if self.emulator_enabled['sqli'] else None,
'cmd_exec': cmd_exec.CmdExecEmulator() if self.emulator_enabled['cmd_exec'] else None
}
'rfi': rfi.RfiEmulator(base_dir, loop) if TannerConfig.get('EMULATOR_ENABLED', 'rfi') else None,
'lfi': lfi.LfiEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'lfi') else None,
'xss': xss.XssEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'xss') else None,
'sqli': sqli.SqliEmulator(db_name, base_dir) if TannerConfig.get('EMULATOR_ENABLED', 'sqli') else None,
'cmd_exec': cmd_exec.CmdExecEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'cmd_exec') else None
}
self.get_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
self.post_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
self.cookie_emulators = ['sqli']
@@ -29,7 +28,7 @@ def extract_get_data(self, path):
:return: A MultiDictProxy object containg name and value of parameters
"""
path = urllib.parse.unquote(path)
encodings = [('&&', '%26%26'), (';', '%3B')]
encodings = [('&&', '%26%26'), (';', '%3B')]
for value, encoded_value in encodings:
path = path.replace(value, encoded_value)
get_data = yarl.URL(path).query
@@ -41,21 +40,21 @@ def extract_get_data(self, path):
:param session (Session object): Current active session
:param data (MultiDictProxy object): Data to be checked
:param target_emulator (list): Emulators against which data is to be checked
:return: A dict object containing name, order and paylod to be injected for vulnerability
:return: A dict object containing name, order and paylod to be injected for vulnerability
"""
detection = dict(name='unknown', order=0)
attack_params = {}
for param_id, param_value in data.items():
for emulator in target_emulators:
if self.emulator_enabled[emulator]:
if TannerConfig.get('EMULATOR_ENABLED', emulator):
possible_detection = self.emulators[emulator].scan(param_value) if param_value else None
if possible_detection:
if detection['order'] < possible_detection['order']:
detection = possible_detection
if emulator not in attack_params:
attack_params[emulator] = []
attack_params[emulator].append(dict(id=param_id, value=param_value))
if detection['name'] in self.emulators:
emulation_result = await self.emulators[detection['name']].handle(attack_params[detection['name']], session)
detection['payload'] = emulation_result
@@ -109,7 +108,7 @@ def set_injectable_page(session):
detection = await self.handle_post(session, data)
else:
detection = await self.handle_get(session, data)
if 'payload' in detection and type(detection['payload']) is dict:
injectable_page = self.set_injectable_page(session)
if injectable_page is None:
@@ -15,7 +15,8 @@ def setUp(self):
'WEB': {'host': '0.0.0.0', 'port': '9001'},
'WEB': {'host': '0.0.0.0', 'port': '9002'},
'REDIS': {'host': 'localhost', 'port': '1337', 'poolsize': '40', 'timeout': '5'},
'EMULATORS': {'root_dir': '/tmp/user_tanner'},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATOR_ENABLED': {'sqli': 'True', 'rfi': 'True', 'lfi': 'True', 'xss': 'True', 'cmd_exec': 'True'},
'SQLI': {'type':'SQLITE', 'db_name': 'user_tanner_db', 'host':'localhost', 'user':'user_name', 'password':'user_pass'},
'DOCKER': {'host_image': 'test_image'},
'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
@@ -63,6 +64,7 @@ def test_get_when_file_dont_exists(self):
'API': {'host': '0.0.0.0', 'port': 8092},
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATOR_ENABLED': {'sqli': 'True', 'rfi': 'True', 'lfi': 'True', 'xss': 'True', 'cmd_exec': 'True'},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},

0 comments on commit 79639f8

Please sign in to comment.