Пример #1
0
 def __init__(self, base_dir, db_name):
     self.emulators = {
         'rfi': rfi.RfiEmulator(base_dir),
         'lfi': lfi.LfiEmulator(base_dir),
         'xss': xss.XssEmulator(),
         'sqli': sqli.SqliEmulator(db_name, base_dir)
     }
Пример #2
0
    def __init__(self, base_dir, db_name, loop=None):
        self.emulator_enabled = TannerConfig.get_section('EMULATOR_ENABLED')

        self.emulators = {
            'rfi':
            rfi.RfiEmulator(base_dir, loop)
            if self.emulator_enabled['rfi'] else None,
            'lfi':
            lfi.LfiEmulator() if self.emulator_enabled['lfi'] else None,
            'xss':
            xss.XssEmulator() if self.emulator_enabled['xss'] else None,
            'sqli':
            sqli.SqliEmulator(db_name, base_dir)
            if self.emulator_enabled['sqli'] else None,
            'cmd_exec':
            cmd_exec.CmdExecEmulator()
            if self.emulator_enabled['cmd_exec'] else None,
            'php_code_injection':
            php_code_injection.PHPCodeInjection(loop)
            if self.emulator_enabled['php_code_injection'] else None,
            'crlf':
            crlf.CRLFEmulator() if self.emulator_enabled['crlf'] else None
        }

        self.get_emulators = [
            'sqli', 'rfi', 'lfi', 'xss', 'php_code_injection', 'cmd_exec',
            'crlf'
        ]
        self.post_emulators = [
            'sqli', 'rfi', 'lfi', 'xss', 'php_code_injection', 'cmd_exec',
            'crlf'
        ]
        self.cookie_emulators = ['sqli']
Пример #3
0
 def setUp(self):
     d = dict(DATA={'vdocs': os.path.join(os.getcwd(), 'data/vdocs.json')})
     m = mock.MagicMock()
     m.__getitem__.side_effect = d.__getitem__
     m.__iter__.side_effect = d.__iter__
     config.TannerConfig.config = m
     self.handler = lfi.LfiEmulator('/tmp/')
Пример #4
0
 def __init__(self, base_dir, db_name, loop=None):
     self.emulators = {
         'rfi': rfi.RfiEmulator(base_dir, loop) if TannerConfig.get('EMULATOR_ENABLED', 'rfi') else None,
         'lfi': lfi.LfiEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'lfi') else None,
         'xss': xss.XssEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'xss') else None,
         'sqli': sqli.SqliEmulator(db_name, base_dir) if TannerConfig.get('EMULATOR_ENABLED', 'sqli') else None,
         'cmd_exec': cmd_exec.CmdExecEmulator() if TannerConfig.get('EMULATOR_ENABLED', 'cmd_exec') else None
         }
     self.get_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
     self.post_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'cmd_exec']
     self.cookie_emulators = ['sqli']
Пример #5
0
    def __init__(self, base_dir, db_name, loop=None):
        self.emulator_enabled = {
            'rfi': TannerConfig.get('EMULATOR_ENABLED', 'rfi'),
            'sqli': TannerConfig.get('EMULATOR_ENABLED', 'sqli'),
            'lfi': TannerConfig.get('EMULATOR_ENABLED', 'lfi'),
            'xss': TannerConfig.get('EMULATOR_ENABLED', 'xss'),
            'cmd_exec': TannerConfig.get('EMULATOR_ENABLED', 'cmd_exec'),
            'php_code_injection': TannerConfig.get('EMULATOR_ENABLED', 'php_code_injection'),
            'php_object_injection': TannerConfig.get('EMULATOR_ENABLED', 'php_object_injection'),
            'crlf': TannerConfig.get('EMULATOR_ENABLED', 'crlf'),
            'xxe_injection': TannerConfig.get('EMULATOR_ENABLED', 'xxe_injection'),
            'template_injection': TannerConfig.get('EMULATOR_ENABLED', 'template_injection')
            }

        self.emulators = {
            'rfi': rfi.RfiEmulator(base_dir, loop=loop, allow_insecure=TannerConfig.get("RFI", 'allow_insecure'))
            if self.emulator_enabled['rfi'] else None,
            'lfi': lfi.LfiEmulator() if self.emulator_enabled['lfi'] else None,
            'xss': xss.XssEmulator() if self.emulator_enabled['xss'] else None,
            'sqli': sqli.SqliEmulator(db_name, base_dir) if self.emulator_enabled['sqli'] else None,
            'cmd_exec': cmd_exec.CmdExecEmulator() if self.emulator_enabled['cmd_exec'] else None,
            'php_code_injection': php_code_injection.PHPCodeInjection(loop) if self.emulator_enabled[
                'php_code_injection'] else None,
            'php_object_injection': php_object_injection.PHPObjectInjection(loop) if self.emulator_enabled[
                'php_object_injection'] else None,
            'crlf': crlf.CRLFEmulator() if self.emulator_enabled['crlf'] else None,
            'xxe_injection': xxe_injection.XXEInjection(loop) if self.emulator_enabled['xxe_injection'] else None,
            'template_injection': template_injection.TemplateInjection(loop) if
            self.emulator_enabled['template_injection'] else None
        }

        self.get_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'php_code_injection', 'php_object_injection',
                              'cmd_exec', 'crlf', 'xxe_injection', 'template_injection']
        self.post_emulators = ['sqli', 'rfi', 'lfi', 'xss', 'php_code_injection', 'php_object_injection',
                               'cmd_exec', 'crlf', 'xxe_injection', 'template_injection']
        self.cookie_emulators = ['sqli', 'php_object_injection']
Пример #6
0
    def __init__(self, base_dir, db_name, loop=None):
        self.emulator_enabled = {
            "rfi":
            TannerConfig.get("EMULATOR_ENABLED", "rfi"),
            "sqli":
            TannerConfig.get("EMULATOR_ENABLED", "sqli"),
            "lfi":
            TannerConfig.get("EMULATOR_ENABLED", "lfi"),
            "xss":
            TannerConfig.get("EMULATOR_ENABLED", "xss"),
            "cmd_exec":
            TannerConfig.get("EMULATOR_ENABLED", "cmd_exec"),
            "php_code_injection":
            TannerConfig.get("EMULATOR_ENABLED", "php_code_injection"),
            "php_object_injection":
            TannerConfig.get("EMULATOR_ENABLED", "php_object_injection"),
            "crlf":
            TannerConfig.get("EMULATOR_ENABLED", "crlf"),
            "xxe_injection":
            TannerConfig.get("EMULATOR_ENABLED", "xxe_injection"),
            "template_injection":
            TannerConfig.get("EMULATOR_ENABLED", "template_injection"),
        }

        self.emulators = {
            "rfi":
            rfi.RfiEmulator(base_dir,
                            loop=loop,
                            allow_insecure=TannerConfig.get(
                                "RFI", "allow_insecure"))
            if self.emulator_enabled["rfi"] else None,
            "lfi":
            lfi.LfiEmulator() if self.emulator_enabled["lfi"] else None,
            "xss":
            xss.XssEmulator() if self.emulator_enabled["xss"] else None,
            "sqli":
            sqli.SqliEmulator(db_name, base_dir)
            if self.emulator_enabled["sqli"] else None,
            "cmd_exec":
            cmd_exec.CmdExecEmulator()
            if self.emulator_enabled["cmd_exec"] else None,
            "php_code_injection":
            php_code_injection.PHPCodeInjection(loop)
            if self.emulator_enabled["php_code_injection"] else None,
            "php_object_injection":
            php_object_injection.PHPObjectInjection(loop)
            if self.emulator_enabled["php_object_injection"] else None,
            "crlf":
            crlf.CRLFEmulator() if self.emulator_enabled["crlf"] else None,
            "xxe_injection":
            xxe_injection.XXEInjection(loop)
            if self.emulator_enabled["xxe_injection"] else None,
            "template_injection":
            template_injection.TemplateInjection(loop)
            if self.emulator_enabled["template_injection"] else None,
        }

        self.get_emulators = [
            "sqli",
            "rfi",
            "lfi",
            "xss",
            "php_code_injection",
            "php_object_injection",
            "cmd_exec",
            "crlf",
            "xxe_injection",
            "template_injection",
        ]
        self.post_emulators = [
            "sqli",
            "rfi",
            "lfi",
            "xss",
            "php_code_injection",
            "php_object_injection",
            "cmd_exec",
            "crlf",
            "xxe_injection",
            "template_injection",
        ]
        self.cookie_emulators = ["sqli", "php_object_injection"]
Пример #7
0
 def setUp(self):
     self.loop = asyncio.new_event_loop()
     asyncio.set_event_loop(None)
     self.handler = lfi.LfiEmulator()
     self.handler.helper.host_image = 'busybox:latest'