Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: nikto-2.5.0 start failed #793

Open
LiShuxue opened this issue May 16, 2023 · 17 comments
Open

Bug: nikto-2.5.0 start failed #793

LiShuxue opened this issue May 16, 2023 · 17 comments
Labels
bug

Comments

@LiShuxue
Copy link

I am using v2.5.0 to scan my web site, it can't success. But if i switch to 2.1.6, it can success and generate result.html。

image
@LiShuxue LiShuxue added the bug label May 16, 2023
@sullo
Copy link
Owner

sullo commented May 16, 2023

I can't replicate this:

perl -v

This is perl 5, version 30, subversion 3 (v5.30.3) built for darwin-thread-multi-2level
(with 2 registered patches, see perl -V for more detail)

perl nikto.pl -h https://cirt.net/
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          159.65.167.152
+ Target Hostname:    cirt.net
+ Target Port:        443
...

Could you post the output of perl nikto.pl -V?

@LiShuxue
Copy link
Author

seems still have issue

image

@sullo
Copy link
Owner

sullo commented May 17, 2023 via email

@LiShuxue
Copy link
Author

LiShuxue commented May 18, 2023
edited
Loading

My OSX is Catalina 10.15.7 . I‘m just following the github readme, checkout and excute the command, didn't change anything.

I am thinking is it possible because the perl version, maybe the version 5.18.4 not support the syntax like "$ref elseif...", so it caused syntax error ?

image

The "result.html" is generate by 2.1.6 version. it can success.

@sullo
Copy link
Owner

sullo commented May 18, 2023 via email

@LiShuxue
Copy link
Author

Thanks, please let me know the result after you try.

@rickygm
Copy link

rickygm commented May 28, 2023

What Mac OSX are you? I'm Ventura (13.3.1) with no issues, and I only just upgraded a few days ago and had no issues before either. The only thing I can think right now is somehow LW.pm got changed or corrupted. You could try either downloading Nikto again or replacing the file: https://raw.githubusercontent.com/sullo/nikto/master/program/plugins/LW2.pm If you are running directly via github please do git status to see if there are any code changes compared to the repository. Thanks

Hi, I am trying to install in ventura and without success.

==> Downloading https://ghcr.io/v2/homebrew/core/nikto/manifests/2.1.6 ######################################################################################################### 100.0% ==> Downloading https://ghcr.io/v2/homebrew/core/nikto/blobs/sha256:a664c33768310d6673ef4a4adc9fa11522abd974f449 Error: nikto: Failed to download resource "nikto" Failure while executing; /usr/bin/env /usr/local/Homebrew/Library/Homebrew/shims/shared/curl --disable --cookie /dev/null --globoff --show-error --user-agent Homebrew/4.0.19\ (Macintosh;\ Intel\ Mac\ OS\ X\ 13.4)\ curl/7.88.1 --header Accept-Language:\ en --retry 3 --header Authorization:\ Bearer\ QQ== --fail --location --silent --head --request GET https://ghcr.io/v2/homebrew/core/nikto/blobs/sha256:a664c33768310d6673ef4a4adc9fa11522abd974f44928f7635b5663b11f948e` exited with 22. Here's the output:
curl: (22) The requested URL returned error: 499
HTTP/2 307
content-length: 0
content-type: application/vnd.oci.image.layer.v1.tar+gzip
docker-distribution-api-version: registry/2.0
location: https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:a664c33768310d6673ef4a4adc9fa11522abd974f44928f7635b5663b11f948e?se=2023-05-28T20%3A25%3A00Z&sig=0FCf62dYx6LlScqKSMLbQA%2BZAiQUO7mcOsFtApn3mhg%3D&sp=r&spr=https&sr=b&sv=2019-12-12
`

@rickygm
Copy link

rickygm commented Jun 4, 2023

I need help, how did you manage to install nikto on a mac ventura?

@LiShuxue
Copy link
Author

LiShuxue commented Jun 5, 2023

My OSX is Catalina 10.15.7 . I‘m just following the github readme, checkout and excute the command, didn't change anything.

git clone https://github.com/sullo/nikto

cd nikto/program

git checkout nikto-2.5.0

perl nikto.pl -h http://www.example.com

@rickygm
Copy link

rickygm commented Jul 17, 2023

Thanks, I had already done it.

@andrevio
Copy link

andrevio commented Dec 5, 2023

Just wanted to echo that I also had the same issue when running on amazon-linux machine. However, it worked fine on macOS.

@sullo
Copy link
Owner

sullo commented Dec 5, 2023

Just wanted to echo that I also had the same issue when running on amazon-linux machine. However, it worked fine on macOS.

I just built a new amazon-linux and...

./nikto.pl -h http://cirt.net/
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          159.65.167.152
+ Target Hostname:    cirt.net
+ Target Port:        80
+ Start Time:         2023-12-05 14:17:07 (GMT0)
...

Can you provide any more info?

@andrevio
Copy link

andrevio commented Dec 5, 2023

I hope this helps:

uname -r
4.14.299-152.520.amzn1.x86_64

perl -V
Summary of my perl5 (revision 5 version 16 subversion 3) configuration:

Platform:
osname=linux, osvers=5.4.228-mr.86.metal1.x86_64, archname=x86_64-linux-thread-multi
uname='linux koji-pdx-corp-builder-60005.pdx1.corp.amazon.com 5.4.228-mr.86.metal1.x86_64 #1 smp thu jan 5 12:36:42 utc 2023 x86_64 x86_64 x86_64 gnulinux '

@sullo
Copy link
Owner

sullo commented Dec 6, 2023

did you install required modules, and if so did you use CPAN or yum packages...?

@TurtleWilly
Copy link

TurtleWilly commented May 8, 2024
edited
Loading

I did have a startup failure too (here on my rusty OS X 10.10.5 (Yosemite) with Perl v5.18.2:

$ /usr/local/silo/nikto/2.5.0/bin/nikto -H
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1227, near "$ref{"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1238, near "elsif"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1252, near "}"
Can't use global $1 in "my" at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1276, near "\\$1"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1287, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1375, near "}"
Can't use global $1 in "my" at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1392, near "ord($1"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1394, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1421, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1445, near "}"
/usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm has too many errors.
Compilation failed in require at /usr/local/silo/nikto/2.5.0/bin/nikto line 55.

It looks like it really doesn't like the my $v = %$ref{$k}; line (#1227 in sub _dump) for some reason, but I'm not knowledgeable enough about Perl to know if that's purely a compatibility issue (I assume it is).

I patched up the code with some ideas from an older nikto 2.1.5 I still had on disk:

foreach my $k (sort keys %$ref) {
            my $v = %$ref{$k};
            $out .= "\t" x $t;
            $out .= _dumpd($k) . ' => ';
…

into:

while ( ( $k, $v ) = each (sort keys %$ref) ) {
            # next if ( $k eq '' );
            $out .= "\t" x $t;
            $out .= _dumpd($k) . ' => ';
…

And it seemingly seems to work again. I'm not sure I did it correctly.

$ /usr/local/silo/nikto/latest/bin/nikto -h https://cirt.net/
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          159.65.167.152
+ Target Hostname:    cirt.net
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=cirt.net
                   Altnames: cirt.net, www.cirt.net
                   Ciphers:  ECDHE-RSA-CHACHA20-POLY1305
                   Issuer:   /C=US/O=Let's Encrypt/CN=R3
+ Start Time:         2024-05-08 12:28:16 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)

I assume this is the same issue @LiShuxue encountered. It's just super hard to extract the required information when people forget to post the actual error output they get. 😅 edit OK, my content blocker blocked the image in the first post (Oups!), so this is in fact the very same issue.

@newIDforLOL
Copy link

syntax error at /home/nikto/program/plugins/LW2.pm line 1227, near "$ref{" syntax error at /home/nikto/program/plugins/LW2.pm line 1238, near "elsif" syntax error at /home/nikto/program/plugins/LW2.pm line 1252, near "}" Can't use global $1 in "my" at /home/nikto/program/plugins/LW2.pm line 1276, near "\\$1" syntax error at /home/nikto/program/plugins/LW2.pm line 1287, near "}" "my" variable $MIME::Base64::VERSION can't be in a package at /home/nikto/program/plugins/LW2.pm line 1321, near "($MIME::Base64::VERSION" syntax error at /home/nikto/program/plugins/LW2.pm line 1375, near "}" Can't use global $1 in "my" at /home/nikto/program/plugins/LW2.pm line 1392, near "ord($1" syntax error at /home/nikto/program/plugins/LW2.pm line 1394, near "}" syntax error at /home/nikto/program/plugins/LW2.pm line 1421, near "}" /home/nikto/program/plugins/LW2.pm has too many errors. Compilation failed in require at /home/nikto/program/nikto.pl line 55.

same issue
CentOS Linux release 7.9.2009 (Core)
3.10.0-1160.102.1.el7.x86_64
nikto-2.5.0

[root@localhost program]# perl --version
This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 44 registered patches, see perl -V for more detail)

work again after patched, thanks.

I did have a startup failure too (here on my rusty OS X 10.10.5 (Yosemite) with Perl v5.18.2:

$ /usr/local/silo/nikto/2.5.0/bin/nikto -H
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1227, near "$ref{"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1238, near "elsif"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1252, near "}"
Can't use global $1 in "my" at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1276, near "\\$1"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1287, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1375, near "}"
Can't use global $1 in "my" at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1392, near "ord($1"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1394, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1421, near "}"
syntax error at /usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm line 1445, near "}"
/usr/local/silo/nikto/2.5.0/share/nikto/plugins/LW2.pm has too many errors.
Compilation failed in require at /usr/local/silo/nikto/2.5.0/bin/nikto line 55.

It looks like it really doesn't like the my $v = %$ref{$k}; line (#1227 in sub _dump) for some reason, but I'm not knowledgeable enough about Perl to know if that's purely a compatibility issue (I assume it is).

I patched up the code with some ideas from an older nikto 2.1.5 I still had on disk:

foreach my $k (sort keys %$ref) {
            my $v = %$ref{$k};
            $out .= "\t" x $t;
            $out .= _dumpd($k) . ' => ';
…

into:

while ( ( $k, $v ) = each (sort keys %$ref) ) {
            # next if ( $k eq '' );
            $out .= "\t" x $t;
            $out .= _dumpd($k) . ' => ';
…

And it seemingly seems to work again. I'm not sure I did it correctly.

$ /usr/local/silo/nikto/latest/bin/nikto -h https://cirt.net/
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          159.65.167.152
+ Target Hostname:    cirt.net
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=cirt.net
                   Altnames: cirt.net, www.cirt.net
                   Ciphers:  ECDHE-RSA-CHACHA20-POLY1305
                   Issuer:   /C=US/O=Let's Encrypt/CN=R3
+ Start Time:         2024-05-08 12:28:16 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)

I assume this is the same issue @LiShuxue encountered. It's just super hard to extract the required information when people forget to post the actual error output they get. 😅 edit OK, my content blocker blocked the image in the first post (Oups!), so this is in fact the very same issue.

@LMeinhardt
Copy link

LMeinhardt commented Oct 30, 2024
edited
Loading

I believe the error is on the following line:

my $v = %$ref{$k};

For Catalina OS, the correct syntax should be:

my $v = $ref->{$k};

Reason:

  • $ref is a reference to a hash, so $ref->{$k} correctly accesses the value corresponding to key $k.
  • %$ref{$k} is invalid because %$ref tries to treat $ref as a hash directly, which is not how hash references work.

Note

Why the Original Code Worked with Perl 5.38.2

In newer versions of Perl (like 5.38), there are optimizations and relaxed parsing for certain constructs, possibly allowing unconventional syntax like %$ref{$k} to function without throwing errors.

Why It Failed on macOS Catalina (Perl 5.18.4)

Perl 5.18 enforces stricter interpretation of references and dereferencing. The %$ref{$k} syntax might have been deprecated or is just poorly supported, leading to the "syntax error near $ref{"" you encountered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@sullo @newIDforLOL @rickygm @andrevio @LiShuxue @LMeinhardt @TurtleWilly