DB Setup¶

To setup a database for sqli emulation TANNER provides db_config.json file, which stores the configuration of a database. db_config.json has the following structure:

{
    "name": "db name"
    "tables":[
        {
            "table name": "name of the table"
            "schema": "the result of sqlite3 command .schema, create table expression"
            "data_tokens": "types of data in the columns"
        }
    ]
}

Default db_config.json:

{
  "name": "test1",
  "tables": [
    {
      "table_name": "users",
      "schema": "CREATE TABLE users (id INTEGER PRIMARY KEY, username text, email text, password text);",
      "data_tokens": "I,L,E,P"
    },
    {
      "table_name": "comments",
      "schema": "CREATE TABLE comments (id INTEGER PRIMARY KEY, comment text);",
      "data_tokens": "I,T"
    }
  ]
}

You can change default config to make your own db structure.

Data tokens¶

Data tokens are used for filling the database with dummy data. There are 4 default tokens:

I – integer id

L – login/username

E – email

P – password

T – piece of text

Note: TANNER uses the default linux wordlist (/usr/share/dict/words) for data. If you don’t have the default wordlist in your system, install it or put it manually in /usr/share/dict.

DB Setup¶

Data tokens¶

tanner

Navigation

Related Topics