Update docs (#161)

* update docs * update base emulator
mushorg · Jun 26, 2017 · 7a40933 · 7a40933
1 parent 8f096c7
commit 7a40933
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 30 deletions.
diff --git a/docs/source/config.rst b/docs/source/config.rst
@@ -30,9 +30,9 @@ There are 8 different sections :
     :host: This will be used for MySQL to get the host address
     :user: This is the MySQL user which perform DB queries
     :password: The password corresponding to the above user
-  * **CMD_EXEC**
+  * **DOCKER**
 
-    :host_image: The image which emulates commands in Command Execution Emulator
+    :host_image: The image which emulates commands in Command Execution Emulator and file system in LFI emulator
   * **LOGGER**
 
     :log_file: Location of tanner log file
@@ -56,7 +56,7 @@ If no file is specified, following json will be used as default:
      'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
      'EMULATORS': {'root_dir': '/opt/tanner'},
      'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
-     'CMD_EXEC': {'host_image': 'busybox:latest'},
+     'DOCKER': {'host_image': 'busybox:latest'},
      'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
      'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
      'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}

diff --git a/docs/source/emulators.rst b/docs/source/emulators.rst
@@ -1,5 +1,11 @@
 Emulators
 ---------
+Base emulator
+~~~~~~~~~~~~~
+This is the heart of emulation. Current emulators follow ``find and emulate`` approach where each emulator has a ``scan`` method
+which is called by base emulator against each ``GET``, ``POST`` parameter and ``cookie value``. The parameter which is affected, gets
+emulated by calling the corresponding emulator's ``handle`` method. It returns the ``payload`` along with ``injection page`` which is most recently visited ``text/html`` type page.
+
 RFI emulator
 ~~~~~~~~~~~~
 It emulates RFI_ vulnerability. This attack type is detected with pattern:
@@ -28,34 +34,10 @@ It emulates LFI_ vulnerability. This attack type is detected with pattern:
 
 .*(\/\.\.)*(home|proc|usr|etc)\/.*
 
-During initialization LFI emulator creates the virtualdocs environment in ``/opt/tanner/virtualdocs`` folder from ``vdocs.json``, which in  ``data`` folder of the project.
-
-Linux system files are stored in subdirectory ``linux``
-
-This json has next structure:
-
-.. code-block:: javascript
-
-    {
-        "directory/filename":"content"
-    }
-
-
-For example, if we want to add passwd file into the virtualdocs, we should add JSON object into ``vdocs.json``:
-
-.. code-block:: javascript
-
-    {
-        "etc/passwd":"root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n<...>"
-    }
-
-When LFI attack is detected, LFI emulator:
-
-* Get available files from the ``linux`` directory
-* Extract the ``filename`` from requested path
-* Looking for the ``filename`` in available files
-* If the ``filename`` was found, return the content of the file
+It is emualted using a docker container with Linux filesystem (default: ``busybox:latest``).
 
+When LFI attack is detected, LFI emulator executes a command ``cat **file_to_be_read**`` within the docker and it returns the contents
+of file if found else return ``No such file or directory``.
 
 XSS emulator
 ~~~~~~~~~~~~