Permalink
Browse files

Update docs for Command Execution Emulator (#145)

* Update docs for Command Execution Emulator

* update link
  • Loading branch information...
rnehra01 authored and afeena committed Jun 4, 2017
1 parent 6beb627 commit cc769fdf64b91d9369847c1a61923f1c2534315a
Showing with 24 additions and 1 deletion.
  1. +4 −0 README.md
  2. +6 −1 docs/source/config.rst
  3. +14 −0 docs/source/emulators.rst
View
@@ -31,8 +31,12 @@ Getting Started
1. For PHP Sandbox setup, see sandbox [manual] (https://github.com/mushorg/phpox)
2. In PHP Sandbox directory, run sandbox: ``sudo python3 sandbox.py``
### Setup Docker
1. Install [docker](https://docs.docker.com/engine/installation/linux/ubuntu/)
2. Pull the required image to use [default : ``busybox:latest``]
### Setup and run TANNER
View
@@ -23,12 +23,16 @@ There are 8 different sections :
:root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory
* **SQLI**
:db_name: THe name of database used in SQLI emulator
:type: Supports two types MySQL/SQLITE
:db_name: The name of database used in SQLI emulator
:host: This will be used for MySQL to get the host address
:user: This is the MySQL user which perform DB queries
:password: The password corresponding to the above user
* **CMD_EXEC**
:host_image: The image which emulates commands in Command Execution Emulator
* **LOGGER**
:log_file: Location of tanner log file
@@ -52,6 +56,7 @@ If no file is specified, following json will be used as default:
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner'},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'CMD_EXEC': {'host_image': 'busybox:latest'},
'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}
View
@@ -87,10 +87,24 @@ It supports two types of DBs.
* **MySQL**
To enable it, set SQLI type to MySQL in config and set other necessary fields - Host, User and Password
Command Execution Emulator
~~~~~~~~~~~~~~~~~~~~~~~~~~
It emulates `Command Execution`_ vulnerability. This attack is detected with pattern.
::
.*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).*
* Each param value is checked against the pattern and ``command`` is extracted.
* The ``command`` is executed in a docker container safely.
* Results from container is injected into the index page.
.. _RFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Remote_File_Inclusion
.. _PHPox: https://github.com/mushorg/phpox
.. _LFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion
.. _XSS: https://en.wikipedia.org/wiki/Cross-site_scripting
.. _SQL injection: https://en.wikipedia.org/wiki/SQL_injection
.. _Command Execution: https://www.owasp.org/index.php/Command_Injection
.. _manual: https://github.com/client9/libinjection/wiki/doc-sqli-python

0 comments on commit cc769fd

Please sign in to comment.