telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

cleanup and prepare for docker image rebuilds

Browse Source
This commit is contained in:
t3chn0m4g3
2020-06-26 14:34:05 +00:00
parent 6a98496e8c
commit 0031980416
29 changed files with 102 additions and 2254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docker/tanner/README.md
View File

@ -1,15 +0,0 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/tanner:1903.svg)](https://microbadger.com/images/dtagdevsec/tanner:1903 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/tanner:1903.svg)](https://microbadger.com/images/dtagdevsec/tanner:1903 "Get your own image badge on microbadger.com")
# Snare / Tanner
[Tanner](https://github.com/mushorg/tanner) TANNER is a remote data analysis, and classification service, to evaluate HTTP requests and composing the response then served by SNARE events.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized tanner and will be used to setup the docker image.
The `docker-compose.yml` contains the necessary settings to test tanner using `docker-compose`. This will ensure to start the docker container with the appropriate permissions and port mappings.
# tanner Dashboard
![tanner Dashboard](doc/dashboard.png)

BIN
docker/tanner/doc/dashboard.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 MiB

1
docker/tanner/phpox/Dockerfile
View File

@ -9,6 +9,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
make \
php7 \
php7-dev \
py3-pip \
python3 \
python3-dev \
re2c && \

3
docker/tanner/snare/Dockerfile
View File

@ -20,7 +20,8 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
python3 setup.py install && \
cd / && \
rm -rf /opt/snare && \
clone --target http://example.com && \
mkdir -p /opt/snare/pages && \
# clone --target http://example.com && \
mv /root/dist/pages/* /opt/snare/pages/ && \
#
# Clean up

8
docker/tanner/tanner/Dockerfile
View File

@ -1,4 +1,4 @@
FROM alpine:3.10
FROM alpine:latest
#
# Include dist
ADD dist/ /root/dist/
@ -12,6 +12,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
libffi-dev \
libressl-dev \
linux-headers \
py3-pip \
py3-yarl \
python3 \
python3-dev && \
@ -21,7 +22,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
cd /opt/tanner/ && \
# git fetch origin pull/364/head:test && \
# git checkout test && \
cp /root/dist/config.py /opt/tanner/tanner/ && \
cp /root/dist/config.yaml /opt/tanner/tanner/data && \
pip3 install --no-cache-dir setuptools && \
pip3 install --no-cache-dir -r requirements.txt && \
python3 setup.py install && \
@ -35,8 +36,7 @@ RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
docker \
docs \
requirements.txt \
setup.py \
tanner/data && \
setup.py && \
cd / && \
#
# Setup configs, user, groups

92
docker/tanner/tanner/dist/config.py vendored
View File

@ -1,92 +0,0 @@
import configparser
import logging
import os
import sys
LOGGER = logging.getLogger(__name__)
config_template = {'DATA': {'db_config': '/opt/tanner/db/db_config.json',
'dorks': '/opt/tanner/data/dorks.pickle',
'user_dorks': '/opt/tanner/data/user_dorks.pickle',
'crawler_stats': '/opt/tanner/data/crawler_user_agents.txt',
'geo_db': '/opt/tanner/db/GeoLite2-City.mmdb',
'tornado': '/opt/tanner/data/tornado.py',
'mako': '/opt/tanner/data/mako.py'
},
'TANNER': {'host': 'tanner', 'port': 8090},
'WEB': {'host': 'tanner_web', 'port': 8091},
'API': {'host': 'tanner_api', 'port': 8092, 'auth': False, 'auth_signature': 'tanner_api_auth'},
'PHPOX': {'host': 'tanner_phpox', 'port': 8088},
'REDIS': {'host': 'tanner_redis', 'port': 6379, 'poolsize': 80, 'timeout': 1},
'EMULATORS': {'root_dir': '/opt/tanner'},
'EMULATOR_ENABLED': {'sqli': True, 'rfi': True, 'lfi': False, 'xss': True, 'cmd_exec': False,
'php_code_injection': True, 'php_object_injection': True, "crlf": True,
'xxe_injection': True, 'template_injection': False},
'SQLI': {'type': 'SQLITE', 'db_name': 'tanner_db', 'host': 'localhost', 'user': 'root',
'password': 'user_pass'},
'XXE_INJECTION': {'OUT_OF_BAND': False},
'RFI': {"allow_insecure": True},
'DOCKER': {'host_image': 'busybox:latest'},
'LOGGER': {'log_debug': '/tmp/tanner/tanner.log', 'log_err': '/tmp/tanner/tanner.err'},
'MONGO': {'enabled': False, 'URI': 'mongodb://localhost'},
'HPFEEDS': {'enabled': False, 'HOST': 'localhost', 'PORT': 10000, 'IDENT': '', 'SECRET': '',
'CHANNEL': 'tanner.events'},
'LOCALLOG': {'enabled': True, 'PATH': '/var/log/tanner/tanner_report.json'},
'CLEANLOG': {'enabled': False},
'REMOTE_DOCKERFILE': {'GITHUB': "https://raw.githubusercontent.com/mushorg/tanner/master/docker/"
"tanner/template_injection/Dockerfile"},
'SESSIONS': {"delete_timeout": 300}
}
class TannerConfig():
config = None
@staticmethod
def set_config(config_path):
cfg = configparser.ConfigParser()
if not os.path.exists(config_path):
print("Config file {} doesn't exist. Check the config path or use default".format(config_path))
sys.exit(1)
cfg.read(config_path)
TannerConfig.config = cfg
@staticmethod
def get(section, value):
res = None
if TannerConfig.config is not None:
try:
convert_type = type(config_template[section][value])
if convert_type is bool:
res = TannerConfig.config.getboolean(section, value)
else:
res = convert_type(TannerConfig.config.get(section, value))
except (configparser.NoOptionError, configparser.NoSectionError):
LOGGER.warning("Error in config, default value will be used. Section: %s Value: %s", section, value)
res = config_template[section][value]
else:
res = config_template[section][value]
return res
@staticmethod
def get_section(section):
res = {}
if TannerConfig.config is not None:
try:
sec = TannerConfig.config[section]
for k, v in sec.items():
convert_type = type(config_template[section][k])
if convert_type is bool:
res[k] = TannerConfig.config[section].getboolean(k)
else:
res[k] = convert_type(v)
except (configparser.NoOptionError, configparser.NoSectionError):
LOGGER.warning("Error in config, default value will be used. Section: %s Value: %s", section)
res = config_template[section]
else:
res = config_template[section]
return res

92
docker/tanner/tanner/dist/config.yaml vendored Normal file
View File

@ -0,0 +1,92 @@
DATA:
db_config: /opt/tanner/db/db_config.json
dorks: /opt/tanner/data/dorks.pickle
user_dorks: /opt/tanner/data/user_dorks.pickle
crawler_stats: /opt/tanner/data/crawler_user_agents.txt
geo_db: /opt/tanner/db/GeoLite2-City.mmdb
tornado: /opt/tanner/data/tornado.py
mako: /opt/tanner/data/mako.py
TANNER:
host: tanner
port: 8090
WEB:
host: tanner_web
port: 8091
API:
host: tanner_api
port: 8092
auth: False
auth_signature: tanner_api_auth
PHPOX:
host: tanner_phpox
port: 8088
REDIS:
host: tanner_redis
port: 6379
poolsize: 80
timeout: 1
EMULATORS:
root_dir: /opt/tanner
EMULATOR_ENABLED:
sqli: True
rfi: True
lfi: False
xss: True
cmd_exec: False
php_code_injection: True
php_object_injection: True
crlf: True
xxe_injection: True
template_injection: False
SQLI:
type: SQLITE
db_name: tanner_db
host: localhost
user: root
password: user_pass
XXE_INJECTION:
OUT_OF_BAND: False
RFI:
allow_insecure: True
DOCKER:
host_image: busybox:latest
LOGGER:
log_debug: /tmp/tanner/tanner.log
log_err: /tmp/tanner/tanner.err
MONGO:
enabled: False
URI: mongodb://localhost
HPFEEDS:
enabled: False
HOST: localhost
PORT: 10000
IDENT: ''
SECRET: ''
CHANNEL: tanner.events
LOCALLOG:
enabled: True
PATH: /var/log/tanner/tanner_report.json
CLEANLOG:
enabled: False
REMOTE_DOCKERFILE:
GITHUB: "https://raw.githubusercontent.com/mushorg/tanner/master/docker/tanner/template_injection/Dockerfile"
SESSIONS:
delete_timeout: 300