Faraday@community versionの導入
導入参考サイト
Installation Docker · infobyte/faraday Wiki · GitHub
Official Faraday Docker Images ~ Infobyte Security Research Labs
導入概要
Faradayで診断ツールのレポートの可視化を行いたいので、ホスト側ディレクトリをコンテナのディレクトリにマウントさせる。
(コマンドは参考サイト"Official Faraday Docker Images "より)
root@isrlab:~/dev# docker run -t -i -v /tmp/workspace/:/root/.faraday/report/workspace/ infobyte/faraday /root/run.sh
このコマンドを実行するとTracebackが表示されfaradayは起動しなかったが。
faradayの起動用スクリプト実行中に、対話形式の入力が必要となる個所があるため、Dockerをバックグラウンドで実行させていない。
Faradayをコンテナで起動@失敗
参考コマンドをベースに接続ポートを追加して、シェル実施中にTracebackが出力されて正常に動かなかった。
ほかの人の設定や起動事例を参考にするかぎり、特に何もせずに起動できているが、Dockerコンテナ起動後にコンテナ内にPythonライブラリ追加とパッケージ追加するとこによって正常に動いた。
#パッケージで入れた場合に依存関係やPythonのライブラリが不足していてエラー多発やTracebackが発生していたので同様の方法で実施してみた。
スクリプト実行
実施できない原因がシェルなのかdocker起動方法なのか、いろいろと調べたいが、取っ掛かりのシェルがよくわからないので後回し。
恐らくPythonのライブラリ不足なのかもしれない??
docker停止は、別セッションからプロセス停止/削除を行う。
[root@server02 ~]# docker run -v $(pwd):/root/.faraday/report/workspace/ -p 5985:5985 -t -i infobyte/faraday /root/run.sh
* Starting OpenBSD Secure Shell server sshd [ OK ]
* Couchdb started
Already up-to-date.
Requirement already satisfied: couchdbkit>=0.6.5 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Requirement already satisfied: mockito>=1.0.12 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 2))
Requirement already satisfied: whoosh>=2.7.4 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3))
~省略~
Requirement already satisfied: asn1crypto>=0.21.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
Requirement already satisfied: ipaddress; python_version < "3" in /root/.local/lib/python2.7/site-packages (from cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
Requirement already satisfied: pycparser in /root/.local/lib/python2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
2018-02-02 12:18:15,255 - faraday-server.__main__ - INFO - Checking dependencies...
Do you want to install them? [y/N] Traceback (most recent call last):
File "./faraday-server.py", line 138, in <module>
main()
File "./faraday-server.py", line 121, in main
setup_environment(not args.nodeps)
File "./faraday-server.py", line 35, in setup_environment
install_deps = query_yes_no("Do you want to install them?", default="no")
File "/root/faraday/utils/user_input.py", line 33, in query_yes_no
choice = raw_input().lower()
EOFError: EOF when reading a line
Dockerプロセス確認
問題なくコンテナとしてはupとなっている
[root@server02 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94cf69f35a41 infobyte/faraday "/root/run.sh" 37 minutes ago Up 37 minutes 0.0.0.0:5985->5985/tcp hopeful_mclean
Faradayをコンテナで起動@成功
実行シェルを変更して実施するとWeb画面が確認できた。
スクリプト実行
実施中に入力[ y/N ]を求められる個所が出てくる。
"N" : faradayが起動する ※yを入力した場合は下記参考
[root@server02 ~]# docker run -v $(pwd):/root/.faraday/report/workspace/ -p 5985:5985 -t -i infobyte/faraday /root/run_service.sh
* Starting OpenBSD Secure Shell server sshd [ OK ]
* Couchdb started
Already up-to-date.
Requirement already satisfied: couchdbkit>=0.6.5 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Requirement already satisfied: mockito>=1.0.12 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 2))
Requirement already satisfied: whoosh>=2.7.4 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3))
Requirement already satisfied: IPy>=0.83 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 4))
Requirement already satisfied: restkit>=4.2.2 in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 5))
~省略~
Requirement already satisfied: asn1crypto>=0.21.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
Requirement already satisfied: ipaddress; python_version < "3" in /root/.local/lib/python2.7/site-packages (from cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
Requirement already satisfied: pycparser in /root/.local/lib/python2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography>=2.1.4->pyopenssl>=17.2.0->-r requirements_server.txt (line 7))
2018-02-02 11:52:26,362 - faraday-server.__main__ - INFO - Checking dependencies...
Do you want to install them? [y/N] N
2018-02-02 11:52:28,784 - faraday-server.__main__ - ERROR - Dependencies not met. Please refer to the documentation in order to install them. [requests]
2018-02-02 11:52:28,784 - faraday-server.__main__ - INFO - Dependencies met
2018-02-02 11:52:29,099 - faraday-server.server.importer - INFO - Setting up workspace example
2018-02-02 11:52:29,194 - faraday-server.server.importer - INFO - Setting up workspace workspace
2018-02-02 11:52:29,445 - faraday-server.__main__ - INFO - Faraday Server is ready
Y : 何かをダウンロードして追加してシェルが終了する。
その後、もう一度"run_service.sh"を実行させ、Nを入力すると起動する。
Do you want to install them? [y/N] y
/usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Requirement already up-to-date: requests in /usr/local/lib/python2.7/dist-packages
Requirement already up-to-date: idna<2.7,>=2.5 in /usr/local/lib/python2.7/dist-packages (from requests)
Requirement already up-to-date: urllib3<1.23,>=1.21.1 in /usr/local/lib/python2.7/dist-packages (from requests)
Collecting certifi>=2017.4.17 (from requests)
Downloading certifi-2018.1.18-py2.py3-none-any.whl (151kB)
100% |################################| 153kB 1.0MB/s
Requirement already up-to-date: chardet<3.1.0,>=3.0.2 in /usr/local/lib/python2.7/dist-packages (from requests)
Installing collected packages: certifi
Successfully installed certifi-2018.1.18
2018-02-03 15:08:19,262 - faraday-server.__main__ - INFO - Dependencies installed. Please launch Faraday Server again.
[root@server02 ~]#
ブラウザからの接続確認
ブラウザからFaradayのダッシュボードにアクセスしてみる。
OWASP DefectDojoの画面と違って、レイアウトは崩れてはいなかった。
ダッシュボートでのワークスペース選択画面
※dockerバージョンでは、workspaceがすでに作られていることが分かる。
ワークスペースのダッシュボード画面(サンプル版)