Permalink
Browse files

Update docs (#178)

* update api and web docs

* some fixes

* some fixes

* Update README

* Update config

* minor updates

* Update sessions and startup
  • Loading branch information...
rnehra01 authored and afeena committed Jul 24, 2017
1 parent 0297c84 commit bf04e93fa3bfa1563d9d893def832e4103bc27e4
Showing with 97 additions and 16 deletions.
  1. +8 −0 README.md
  2. +14 −12 docs/source/api.rst
  3. +14 −1 docs/source/config.rst
  4. +2 −0 docs/source/index.rst
  5. +11 −1 docs/source/quick-start.rst
  6. +2 −2 docs/source/sessions.rst
  7. +46 −0 docs/source/web.rst
View
@@ -46,6 +46,14 @@ Getting Started
4. Install TANNER: ``python3 setup.py install``
5. Run TANNER: ``sudo tanner``
### Run Tanner Api
Run ``sudo tannerapi``
### Run Tanner WebUI
Run ``sudo tannerweb``
You obviously want to bind to 0.0.0.0 when running in <i>production</i> and on a different host than SNARE (recommended).
[See the docs for more info](docs/source/index.rst)
View
@@ -1,40 +1,42 @@
Tanner API
==========
Tanner api provides various stats related to traffic captured by snare. It can be accessed at ``locahost:8090/api/``.
Tanner api provides various stats related to traffic captured by snare. It can be accessed at ``locahost:8092/``.
api/
/
~~~~
This is the index page which shows ``tanner api``.
api/snares
/snares
~~~~~~~~~~
This shows all the snares' uuid.
api/snare/<snare-uuid>
/snare/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will show all the sessions related to that ``snare-uuid`` and their details.
api/snare-stats/<snare-uuid>
/snare-stats/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will show some stats.
* No of sessions in the sanre
* Total duration for which snare remains active
* Attack frequency, which shows no of sessions which face different attacks.
/api/sessions?filters=<filters>
/<snare-uuid>/sessions?filters=<filters>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This shows all the sessions' uuid which follow the filters.
Filters are sepatated by ``white-space`` and name-value pair are separated by ``:``. E.g ``?filters=filter1:value1 filter2:value2``.
It supports 5 filters:
* **snare_uuid** -- Sessions related to given snare. E.g ``?filters=snare_uuid:8fa6aa98-4283-4085-bfb9-a1cd3a9e56e7``
* **peer_ip** -- Sessions with given ip. E.g ``?filters=peer_ip:127.0.0.1``
* **user-agent** -- Sessions with given user-agent. E.g ``?filters=user-agent:Chrome``
* **attack_type** -- Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g ``?filters=attack_type:lfi``
* **possible_owner** -- Sessions with given owner type such as user, tool, crawler, attacker. E.g ``?filters=possible_owner:attacker``
* **time_interval** -- Sessions which are active during a given time-interval. E.g ``?filters=time_interval:1480560-1480580``
* **peer_ip** -- Sessions with given ip. E.g ``peer_ip:127.0.0.1 ``
* **user-agent** -- Sessions with given user-agent. E.g ``user-agent:Chrome``
* **attack_types** -- Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g ``attack_types:lfi``
* **possible_owners** -- Sessions with given owner type such as user, tool, crawler, attacker. E.g ``possible_owners:attacker``
* **start_time** -- Sessions which started after `start_time`. E.g ``start_time:1480560``
* **end_time** -- Sessions which ended before `end_time`. E.g ``end_time:1480560``
Multiple filters can be applied as ``peer_ip:127.0.0.1 start_time:1480560 possible_owners:attacker``
/api/session/<sess-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~
View
@@ -13,6 +13,14 @@ There are 8 different sections :
:Host: The host at which Tanner is running
:Port: The port at which Tanner is running
* **WEB**
:Host: The host at which Tanner Web UI is running
:Port: The port at which Tanner Web UI is running
* **API**
:Host: The host at which Tanner API is running
:Port: The port at which Tanner API is running
* **REDIS**
:Host: The host address at which redis is running
@@ -22,6 +30,7 @@ There are 8 different sections :
* **EMULATORS**
:root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory
:emulator_enabled: This tells which emulators are enabled.
* **SQLI**
:db_name: THe name of database used in SQLI emulator
@@ -53,8 +62,12 @@ If no file is specified, following json will be used as default:
'user_dorks': '/opt/tanner/data/user_dorks.pickle',
'vdocs': '/opt/tanner/data/vdocs.json'},
'TANNER': {'host': '0.0.0.0', 'port': 8090},
'WEB': {'host': '0.0.0.0', 'port': 8091},
'API': {'host': '0.0.0.0', 'port': 8092},
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATORS': {'root_dir': '/opt/tanner',
'emulator_enabled': {'sqli': True, 'rfi': True, 'lfi': True, 'xss': True, 'cmd_exec': True}
},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
View
@@ -17,6 +17,8 @@ Contents:
storage
dorks
config
api
web
@@ -33,4 +33,14 @@ Setup and run TANNER
#. Go to the tanner source directory ``cd tanner``
#. Install requirements: ``pip3 install -r requirements.txt``
#. Install tanner ``python3 setup.py install``
#. Run TANNER: ``sudo tanner``
#. Run TANNER: ``sudo tanner``
Run Tanner Api
""""""""""""""
#. Run ``sudo tannerapi``
Run Tanner WebUI
""""""""""""""""
#. Run ``sudo tannerweb``
View
@@ -11,7 +11,7 @@ Session class accepts ``data`` as a parameter. The ``data`` came from SNARE and
* **ip** -- peer ip address.
* **port** -- peer port.
* **user_agent** -- peer user agent.
* **sensor** -- SNARE sensor uuid.
* **snare_uuid** -- SNARE sensor uuid.
* **paths** -- list of dictionaries. Contains ``path``, ``timestamp``, ``attack_type`` and SNARE ``response status``.
* **sess_uuid** -- randomly generated session uuid.
* **start_timestamp** -- session start time.
@@ -50,7 +50,7 @@ The result contains next fields:
* **peer_ip**
* **peer_port**
* **user_agent**
* **sensor_uuid**
* **snare_uuid**
* **start_time**
* **cookies**
* **end_time** -- last session timestamp
View
@@ -0,0 +1,46 @@
Tanner WEB
==========
Tanner WEB provides various stats related to traffic captured by snare in UI form. It can be accessed at ``locahost:8091/``.
/
~~~~
This is the index page which shows ``Tanner Web``.
/snares
~~~~~~~~~~
This shows all the snares' uuid. Each snare object is clickable. Clicking displays the page **/snare/<snare-uuid>**
/snare/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~
Replace ``<snare-uuid>`` with a valid `snare-uuid` and it will provide two options:
* **Snare-Stats** -- It will move you to **/snare-stats/<snare-uuid>**
* **Sessions** -- It will move you to **/<snare-uuid>/sessions**
/snare-stats/<snare-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~~
This page shows some general stats about the snare
* **No of Sessions** - Total no of sessions of the snare
* **Total Duration** - Total durations during which sessions remain active
* **Attack Frequency** - Frequency of different attacks made on the snare
/<snare-uuid>/sessions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This shows all the sessions' uuid. Each is clickable. Clicking displays **/session/<sess-uuid>**
Filters can be on the sessions using the input box and clicking the ``Apply`` button.
Filters are sepatated by ``white-space`` and name-value pair are separated by ``:``. E.g ``filter1:value1 filter2:value2``.
It supports 5 filters:
* **peer_ip** -- Sessions with given ip. E.g ``peer_ip:127.0.0.1 ``
* **user-agent** -- Sessions with given user-agent. E.g ``user-agent:Chrome``
* **attack_types** -- Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g ``attack_types:lfi``
* **possible_owners** -- Sessions with given owner type such as user, tool, crawler, attacker. E.g ``possible_owners:attacker``
* **start_time** -- Sessions which started after `start_time`. E.g ``start_time:1480560``
* **end_time** -- Sessions which ended before `end_time`. E.g ``end_time:1480560``
Multiple filters can be applied as ``peer_ip:127.0.0.1 start_time:1480560 possible_owners:attacker``
/session/<sess-uuid>
~~~~~~~~~~~~~~~~~~~~~~~~
It gives all information about the session with given uuid. Here you may find some of the text clickable such as
``peer_ip``,``possible_owners``, ``start_time``, ``end_time``, ``attack_types``. Clicking on them will display all the sessions will same attribute value.

0 comments on commit bf04e93

Please sign in to comment.