GSoC 2017 Project Summary: major SNARE/Tanner improvements

23 Oct 2017 Roberto Tanara gsoc snare-tanner
Student Ravinder Nehra contributed this post as a project summary of his GSoC2017 experience

MySQL Emulator

Previously, Tanner supported SQL Injection using SQLITE but since MySQL is widely used so it is badly needed in my opinion. Also with MySQL, Time-based Blind SQLI can be emulated which can’t be done in SQLITE based emulator. It is implemented using aiosql library using the same approach used in SQLITE emulation previously.

  1. MySQLI emulator  https://github.com/mushorg/tanner/commit/d79e1b6a34906d2527214ed19364c8d7f8edddc3
  2. Change default DB and update documentation  https://github.com/mushorg/tanner/commit/7acfbc0792646a49be6f5330754b6cccabdcd3a1
  3. Add new SQLI tests  https://github.com/mushorg/tanner/commit/19bfd57d73c74994533185e92f40d25428f3b31f

Command Execution Emulator

This emulator emulates Command Execution/Injection vulnerability.It is implemented using docker considering its safety features. I used Busybox as default docker image which provides a nice Linux shell, file system and most importantly very light in size. Attack is identified using the regex .*(alias|cat|cd|cp|echo|exec|find|for|grep|ifconfig|ls|man|mkdir|netstat|ping|ps|pwd|uname|wget|touch|while).* and then injected in the busbox docker image to get command injecion results.