source: nikto-2.1.2/plugins/nikto_content_search.plugin @ 484

Revision 484, 3.0 KB checked in by sullo, 3 years ago (diff)

2.1.2 branch
Line 
1#VERSION,2.02
2# $Id: nikto_content_search.plugin 483 2010-07-11 04:19:01Z sullo $
3###############################################################################
4#  Copyright (C) 2004 CIRT, Inc.
5#
6#  This program is free software; you can redistribute it and/or
7#  modify it under the terms of the GNU General Public License
8#  as published by the Free Software Foundation; version 2
9#  of the License only.
10#
11#  This program is distributed in the hope that it will be useful,
12#  but WITHOUT ANY WARRANTY; without even the implied warranty of
13#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#  GNU General Public License for more details.
15#
16#  You should have received a copy of the GNU General Public License
17#  along with this program; if not, write to the Free Software
18#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
19###############################################################################
20# PURPOSE:
21# Search content for known bad strings
22###############################################################################
23use vars qw/$CONTENTSEARCH %CSMATCHED/;
24
25sub nikto_content_search_init {
26    my $id = { name             => "content_search",
27               full_name        => "Content Search",
28               author           => "Sullo",
29               description      => "Search resultant content for interesting strings",
30               hooks       => {
31                                 start => {
32                                    method => \&nikto_content_search_load,
33                                    weight => 1,
34                                 },
35                                 postfetch => {
36                                    method => \&nikto_content_search,
37                                    weight => 20,
38                                 },
39                              },                   
40               copyright        => "2010 CIRT Inc"
41               };
42
43    return $id;
44}
45
46sub nikto_content_search_load {
47
48    # Load up the database as soon as we can
49
50    $CONTENTSEARCH = init_db("db_content_search");
51    %CSMATCHED     = ();
52
53    # to try and speed it up - precompile the regular expressions
54    foreach my $testid (@$CONTENTSEARCH) {
55        $testid->{'compiled'} = qr/$testid->{'matchstring'}/;
56    }
57}
58
59sub nikto_content_search {
60    my ($mark, $parameters, $request, $result) = @_;
61
62    my $body   = $result->{'whisker'}->{'data'};
63    my $file   = $result->{'whisker'}->{'uri'};
64    my $method = $result->{'whisker'}->{'method'} || "GET";
65
66    foreach my $testid (@$CONTENTSEARCH) {
67        if ($body =~ $testid->{'compiled'}
68            && !exists $CSMATCHED{ $mark->{'hostname'} }{$file}) {
69
70            # Check whether we've already matched it
71            my $outmessage = "$file: $testid->{'message'}";
72            add_vulnerability($mark, $outmessage, $testid->{'nikto_id'}, $testid->{'osvdb'},
73                              $method, $file);
74            $CSMATCHED{ $mark->{'hostname'} }{$file} = 1;
75        }
76    }
77    return $request, $result;
78}
79
801;
Note: See TracBrowser for help on using the repository browser.