Merge branch 'nikto-2.5.0' of https://github.com/sullo/nikto into nik…

…to-2.5.0
sullo · Jan 10, 2022 · 557fc0c · 557fc0c
2 parents 9309cd3 + ceb3034
commit 557fc0c
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 26 deletions.
diff --git a/program/nikto.pl b/program/nikto.pl
@@ -150,35 +150,36 @@
 
 # Now we've done the precursor, do the scan
 foreach my $mark (@MARKS) {
-    report_host_start($mark);
-    if ($mark->{'errmsg'} ne "") {
-        add_vulnerability($mark, $mark->{'errmsg'}, 0, "", "GET", "/", "", "");
-    }
+    my %FoF = ();
 
     if (!$mark->{'test'}) {
         report_host_end($mark);
         next;
     }
 
+    if (defined $CLI{'vhost'}) {
+        $mark->{'vhost'} = $CLI{'vhost'};
+    }
     $mark->{'total_vulns'}  = 0;
     $mark->{'total_errors'} = 0;
     $mark->{'start_time'} = time();
     $VARIABLES{'TEMPL_HCTR'}++;
 
-    if (defined $CLI{'vhost'}) {
-        $mark->{'vhost'} = $CLI{'vhost'};
-    }
-
     # Saving responses
     if ($CLI{'saveresults'} ne '') {
         $mark->{'save_dir'} = save_createdir($CLI{'saveresults'}, $mark);
         $mark->{'save_prefix'} = save_getprefix($mark);
     }
 
-    my %FoF = ();
-
     nfetch($mark, "/", "GET", "", "", { noprefetch => 1, nopostfetch => 1 }, "getinfo");
 
+    report_host_start($mark);
+
+    if ($mark->{'errmsg'} ne "") {
+        add_vulnerability($mark, $mark->{'errmsg'}, 0, "", "GET", "/", "", "");
+    }
+
+
     dump_target_info($mark);
     unless ((defined $CLI{'nofof'}) || ($CLI{'plugins'} eq '@@NONE')) { map_codes($mark) }
     run_hooks($mark, "recon");
@@ -197,7 +198,7 @@
     }
     else {
         nprint(
-            "+ Scan terminated:  $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host"
+            "+ Scan terminated: $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host"
             );
     }
     nprint(  "+ End Time:           "

diff --git a/program/plugins/nikto_core.plugin b/program/plugins/nikto_core.plugin
@@ -1944,7 +1944,6 @@ sub load_plugins {
 ###############################################################################
 sub run_hooks {
     my ($mark, $type, $request, $result) = @_;
-    return if $mark->{'terminate'};
 
     foreach my $plugin (@{ $PLUGINORDER{$type} }) {
         return if $mark->{'terminate'};
@@ -2474,7 +2473,7 @@ sub nfetch {
 
     # Snarf what we can from the whisker hash and put in mark
     if (!exists $result{'whisker'}->{'error'}) {
-        if (!exists $mark->{'banner'}) {
+        if ((!exists $mark->{'banner'}) || ($mark->{'banner'} eq "")) {
             $mark->{'banner'} = $result{'server'};
         }
         else {
@@ -2769,9 +2768,9 @@ sub send_updates {
     if ($answer !~ /y/i) { return; }
 
     # set up our mark
-    my %mark = ('ident' => 'cirt.net',
-                'ssl'   => 1,
-                'port'  => 443
+    my %mark = ('ident' => '68.183.58.226',
+                'ssl'   => 0,
+                'port'  => 80 
                 );
 
     for (my $i = 0 ; $i <= $#ARGV ; $i++) {
@@ -2781,7 +2780,7 @@ sub send_updates {
         }
     }
 
-    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('cirt.net');
+    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('68.183.58.226');
 
     $upd_enc = LW2::encode_base64($updated_version);
     chomp($upd_enc);

diff --git a/program/plugins/nikto_headers.plugin b/program/plugins/nikto_headers.plugin
@@ -134,7 +134,7 @@ sub nikto_headers_postfetch {
                 $allowed =~ s/^.* //g;
                 add_vulnerability( $mark, "X-Frame-Options header is set to allow framing from $allowed. This does not have full cross-browser support (only in IE and Firefox) and may lead to the header being ignored.", 999978, "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
             }
-		}			
+		}
 		else {
 			add_vulnerability($mark, "The anti-clickjacking X-Frame-Options header is not present.", 999957, "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
 		}
@@ -212,6 +212,7 @@ sub nikto_headers_postfetch {
         }
     }
 
+    # Strict-Transport-Security
     if ($mark->{'ssl'} && !$HEADERS_STS{ $mark->{hostname} }{ $mark->{port} } && defined $result) {
         if (!defined $result->{'strict-transport-security'}) {
             add_vulnerability( $mark, "The site uses TLS and the Strict-Transport-Security HTTP header is not defined.", 999970, "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
@@ -223,13 +224,15 @@ sub nikto_headers_postfetch {
        $HEADERS_STS{ $mark->{hostname} }{ $mark->{port} } = 1;
     }
 
+    # X-Content-Type-Options
     if (!$HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {
         if (!defined $result->{'x-content-type-options'}) {
             add_vulnerability( $mark, "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.", 999103, "https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
+            $HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} } = 1;
         }
-        $HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} } = 1;
     }
 
+    # x-clacks-overhead
     if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {
         if (defined $result->{'x-clacks-overhead'}) {
             add_vulnerability( $mark, "There appears to be Clacks Overhead on the server and the message is: $result->{'x-clacks-overhead'}", 999104, "https://xclacksoverhead.org/home/about", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);

diff --git a/program/plugins/nikto_report_json.plugin b/program/plugins/nikto_report_json.plugin
@@ -82,7 +82,7 @@ sub json_close {
 # print an item
 sub json_item {
     my ($handle, $mark, $item) = @_;
-    $line .= "{";
+    my $line = "{";
     $line .= "\"id\": \"" . $item->{'nikto_id'} ."\",";
     if ($item->{'refs'} ne '') { $line .= "\"references\": \"" . $item->{'refs'} ."\","; }
     if ($item->{'method'} ne '') { $line .= "\"method\":\"" . $item->{'method'} ."\","; }

diff --git a/program/plugins/nikto_shellshock.plugin b/program/plugins/nikto_shellshock.plugin
@@ -58,11 +58,11 @@ sub nikto_shellshock {
 
         # request by hostname
         my ($res, $content, $error, $request, $response) = nfetch($mark, "$parameters->{'uri'}", "GET", "", \%headers, "", "shellshock");
-        if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {
+        if (($response->{'93e4r0-CVE-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {
             add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability).", 999949, "CVE-2014-6271", "GET",
                 "$parameters->{'uri'}", $request, $response);
         }
-        if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {
+        if (($response->{'93e4r0-CVE-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {
             add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability.", 999948, "CVE-2014-6278", "GET",
                 "$parameters->{'uri'}", $request, $response);
         }
@@ -74,11 +74,11 @@ sub nikto_shellshock {
 
                 # request by hostname
                 my ($res, $content, $error, $request, $response) = nfetch($mark, "$cgidir$file", "GET", "", \%headers, "", "shellshock");
-                if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {
+                if (($response->{'93e4r0-CVE-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {
                     add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability.", 999947, "CVE-2014-6271", "GET",
                         "$cgidir$file", $request, $response);
                 }
-                if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {
+                if (($response->{'93e4r0-CVE-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {
                     add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability.", 999946, "CVE-2014-6278", "GET",
                         "$cgidir$file", $request, $response);
                 }

diff --git a/program/plugins/nikto_tests.plugin b/program/plugins/nikto_tests.plugin
@@ -81,10 +81,9 @@ sub nikto_tests {
                      $TESTS{$checkid}{'method'},
                      $data,
                      \%headrs,
-                     \%flags, 
+                     \%flags,
                      $checkid);
 
-            # NOTE: auth is now done in nfetch
             if ($OUTPUT{'show_ok'} && ($res eq 200)) {
                 nprint("+ $mark->{'root'}$uri - 200/OK Response could be $TESTS{$checkid}{'message'}", "", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
             }