Update docs for Command Execution Emulator (#145)

* Update docs for Command Execution Emulator * update link
mushorg · Jun 4, 2017 · cc769fd · cc769fd
1 parent 6beb627
commit cc769fd
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -31,8 +31,12 @@ Getting Started
 1. For PHP Sandbox setup, see sandbox [manual] (https://github.com/mushorg/phpox)
 2. In PHP Sandbox directory, run sandbox: ``sudo python3 sandbox.py``
 
+### Setup Docker
 
 
+1. Install [docker](https://docs.docker.com/engine/installation/linux/ubuntu/)
+2. Pull the required image to use [default : ``busybox:latest``]
+
 ### Setup and run TANNER
 
 

diff --git a/docs/source/config.rst b/docs/source/config.rst
@@ -23,12 +23,16 @@ There are 8 different sections :
 
     :root_dir: The root directory for emulators that need data storing such as SQLI and LFI. Data will be stored in this directory
   * **SQLI**
-
+
+    :db_name: THe name of database used in SQLI emulator
     :type: Supports two types MySQL/SQLITE
     :db_name: The name of database used in SQLI emulator
     :host: This will be used for MySQL to get the host address
     :user: This is the MySQL user which perform DB queries
     :password: The password corresponding to the above user
+  * **CMD_EXEC**
+
+    :host_image: The image which emulates commands in Command Execution Emulator
   * **LOGGER**
 
     :log_file: Location of tanner log file
@@ -52,6 +56,7 @@ If no file is specified, following json will be used as default:
      'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
      'EMULATORS': {'root_dir': '/opt/tanner'},
      'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
+     'CMD_EXEC': {'host_image': 'busybox:latest'},
      'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
      'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
      'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}

diff --git a/docs/source/emulators.rst b/docs/source/emulators.rst
@@ -87,10 +87,24 @@ It supports two types of DBs.
 * **MySQL**
   To enable it, set SQLI type to MySQL in config and set other necessary fields - Host, User and Password
 
+Command Execution Emulator
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+It emulates `Command Execution`_ vulnerability. This attack is detected with pattern.
+
+::
+
+.*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).*
+
+* Each param value is checked against the pattern and ``command`` is extracted.
+* The ``command`` is executed in a docker container safely.
+* Results from container is injected into the index page.
+
 
 .. _RFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Remote_File_Inclusion
 .. _PHPox: https://github.com/mushorg/phpox
 .. _LFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion
 .. _XSS: https://en.wikipedia.org/wiki/Cross-site_scripting
 .. _SQL injection: https://en.wikipedia.org/wiki/SQL_injection
+.. _Command Execution: https://www.owasp.org/index.php/Command_Injection
 .. _manual: https://github.com/client9/libinjection/wiki/doc-sqli-python