Permalink
Browse files

Make emulator set flexible (#175)

* fix #172
Make emulator set flexible using config setting

* fix indentation
  • Loading branch information...
rnehra01 authored and afeena committed Jul 19, 2017
1 parent 150c05c commit e82d5e49435a0fc073e7693743690aa93dc52bf9
Showing with 19 additions and 14 deletions.
  1. +3 −1 tanner/config.py
  2. +16 −13 tanner/emulators/base.py
View
@@ -9,7 +9,9 @@
'vdocs': '/opt/tanner/data/vdocs.json'},
'TANNER': {'host': '0.0.0.0', 'port': 8090},
'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATORS': {'root_dir': '/opt/tanner',
'emulator_enabled': {'sqli': True, 'rfi': True, 'lfi': True, 'xss': True, 'cmd_exec': True}
},
'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
View
@@ -4,17 +4,19 @@
import urllib.parse
import yarl
from tanner.config import TannerConfig
from tanner.emulators import lfi, rfi, sqli, xss, cmd_exec
from tanner.utils import patterns
class BaseHandler:
def __init__(self, base_dir, db_name, loop=None):
self.emulator_enabled = TannerConfig.get('EMULATORS', 'emulator_enabled')
self.emulators = {
'rfi': rfi.RfiEmulator(base_dir, loop),
'lfi': lfi.LfiEmulator(),
'xss': xss.XssEmulator(),
'sqli': sqli.SqliEmulator(db_name, base_dir),
'cmd_exec': cmd_exec.CmdExecEmulator()
'rfi': rfi.RfiEmulator(base_dir, loop) if self.emulator_enabled['rfi'] else None,
'lfi': lfi.LfiEmulator() if self.emulator_enabled['lfi'] else None,
'xss': xss.XssEmulator() if self.emulator_enabled['xss'] else None,
'sqli': sqli.SqliEmulator(db_name, base_dir) if self.emulator_enabled['sqli'] else None,
'cmd_exec': cmd_exec.CmdExecEmulator() if self.emulator_enabled['cmd_exec'] else None
}
self.get_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
self.post_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
@@ -45,13 +47,14 @@ def extract_get_data(self, path):
attack_params = {}
for param_id, param_value in data.items():
for emulator in target_emulators:
possible_detection = self.emulators[emulator].scan(param_value) if param_value else None
if possible_detection:
if detection['order'] < possible_detection['order']:
detection = possible_detection
if emulator not in attack_params:
attack_params[emulator] = []
attack_params[emulator].append(dict(id= param_id, value= param_value))
if self.emulator_enabled[emulator]:
possible_detection = self.emulators[emulator].scan(param_value) if param_value else None
if possible_detection:
if detection['order'] < possible_detection['order']:
detection = possible_detection
if emulator not in attack_params:
attack_params[emulator] = []
attack_params[emulator].append(dict(id=param_id, value=param_value))
if detection['name'] in self.emulators:
emulation_result = await self.emulators[detection['name']].handle(attack_params[detection['name']], session)
@@ -117,4 +120,4 @@ def set_injectable_page(session):
async def handle(self, data, session):
detection = await self.emulate(data, session)
return detection
return detection

0 comments on commit e82d5e4

Please sign in to comment.