Merge branch 'develop'

.travis.yml

@@ -1,6 +1,8 @@
 sudo: required
 services:
   - docker
+before_install:
+  - docker pull busybox:latest
 language: python
 python:
   - "3.5"

docs/source/config.rst

@@ -30,9 +30,9 @@ There are 8 different sections :
     :host: This will be used for MySQL to get the host address
     :user: This is the MySQL user which perform DB queries
     :password: The password corresponding to the above user
-  * **CMD_EXEC**
+  * **DOCKER**
 
-    :host_image: The image which emulates commands in Command Execution Emulator
+    :host_image: The image which emulates commands in Command Execution Emulator and file system in LFI emulator
   * **LOGGER**
 
     :log_file: Location of tanner log file
@@ -56,7 +56,7 @@ If no file is specified, following json will be used as default:
      'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
      'EMULATORS': {'root_dir': '/opt/tanner'},
      'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
-     'CMD_EXEC': {'host_image': 'busybox:latest'},
+     'DOCKER': {'host_image': 'busybox:latest'},
      'LOGGER': {'log_file': '/opt/tanner/tanner.log'},
      'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
      'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'}

docs/source/emulators.rst

@@ -1,5 +1,11 @@
 Emulators
 ---------
+Base emulator
+~~~~~~~~~~~~~
+This is the heart of emulation. Current emulators follow ``find and emulate`` approach where each emulator has a ``scan`` method
+which is called by base emulator against each ``GET``, ``POST`` parameter and ``cookie value``. The parameter which is affected, gets
+emulated by calling the corresponding emulator's ``handle`` method. It returns the ``payload`` along with ``injection page`` which is most recently visited ``text/html`` type page.
+
 RFI emulator
 ~~~~~~~~~~~~
 It emulates RFI_ vulnerability. This attack type is detected with pattern:
@@ -28,34 +34,10 @@ It emulates LFI_ vulnerability. This attack type is detected with pattern:
 
 .*(\/\.\.)*(home|proc|usr|etc)\/.*
 
-During initialization LFI emulator creates the virtualdocs environment in ``/opt/tanner/virtualdocs`` folder from ``vdocs.json``, which in  ``data`` folder of the project.
-
-Linux system files are stored in subdirectory ``linux``
-
-This json has next structure:
-
-.. code-block:: javascript
-
-    {
-        "directory/filename":"content"
-    }
-
-
-For example, if we want to add passwd file into the virtualdocs, we should add JSON object into ``vdocs.json``:
-
-.. code-block:: javascript
-
-    {
-        "etc/passwd":"root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n<...>"
-    }
-
-When LFI attack is detected, LFI emulator:
-
-* Get available files from the ``linux`` directory
-* Extract the ``filename`` from requested path
-* Looking for the ``filename`` in available files
-* If the ``filename`` was found, return the content of the file
+It is emualted using a docker container with Linux filesystem (default: ``busybox:latest``).
 
+When LFI attack is detected, LFI emulator executes a command ``cat **file_to_be_read**`` within the docker and it returns the contents
+of file if found else return ``No such file or directory``.
 
 XSS emulator
 ~~~~~~~~~~~~

setup.py

@@ -10,6 +10,5 @@
       url='https://github.com/mushorg/tanner',
       packages=find_packages(exclude=['*.pyc']),
       scripts=['bin/tanner'],
-      data_files=[('/opt/tanner/db/',['tanner/data/db_config.json']),
-                  ('/opt/tanner/data/',['tanner/data/dorks.pickle','tanner/data/vdocs.json'])]
+      data_files=[('/opt/tanner/data/',['tanner/data/dorks.pickle'])]
       )

tanner/config.py

@@ -11,7 +11,7 @@
                    'REDIS': {'host': 'localhost', 'port': 6379, 'poolsize': 80, 'timeout': 1},
                    'EMULATORS': {'root_dir': '/opt/tanner'},
                    'SQLI': {'type':'SQLITE', 'db_name': 'tanner_db', 'host':'localhost', 'user':'root', 'password':'user_pass'},
-                   'CMD_EXEC': {'host_image': 'busybox:latest'},
+                   'DOCKER': {'host_image': 'busybox:latest'},
                    'LOGGER': {'log_debug': '/opt/tanner/tanner.log', 'log_err': '/opt/tanner/tanner.err'},
                    'MONGO': {'enabled': 'False', 'URI': 'mongodb://localhost'},
                    'LOCALLOG': {'enabled': 'False', 'PATH': '/tmp/tanner_report.json'},