| [54] | 1 | #VERSION,2.02 |
|---|
| 2 | # $Id: nikto_cgi.plugin 41 2008-05-06 03:36:38Z jabra $ |
|---|
| 3 | |
|---|
| 4 | ############################################################################### |
|---|
| 5 | # Copyright (C) 2004 CIRT, Inc. |
|---|
| 6 | # |
|---|
| 7 | # This program is free software; you can redistribute it and/or |
|---|
| 8 | # modify it under the terms of the GNU General Public License |
|---|
| 9 | # as published by the Free Software Foundation; version 2 |
|---|
| 10 | # of the License only. |
|---|
| 11 | # |
|---|
| 12 | # This program is distributed in the hope that it will be useful, |
|---|
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 15 | # GNU General Public License for more details. |
|---|
| 16 | # |
|---|
| 17 | # You should have received a copy of the GNU General Public License |
|---|
| 18 | # along with this program; if not, write to the Free Software |
|---|
| 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
|---|
| 20 | ############################################################################### |
|---|
| 21 | |
|---|
| 22 | ############################################################################### |
|---|
| 23 | # PURPOSE |
|---|
| 24 | # Perform CGI tests |
|---|
| 25 | ############################################################################### |
|---|
| 26 | |
|---|
| 27 | sub nikto_cgi |
|---|
| 28 | { |
|---|
| 29 | my ($gotvalid,$gotinvalid)=0; |
|---|
| 30 | my @POSSIBLECGI=(); |
|---|
| 31 | my @CFGCGI=(split(/ /,$VARIABLES{"\@CGIDIRS"})); |
|---|
| 32 | my ($res, $possiblecgidir, $found) =""; |
|---|
| 33 | |
|---|
| 34 | if ($CLI{forcecgi} eq "all") # all possible CGI dirs to be "true" |
|---|
| 35 | { |
|---|
| 36 | nprint("Using all known CGI directories\n","d"); |
|---|
| 37 | $VARIABLES{"\@CGIDIRS"} = join(" ",@CFGCGI); |
|---|
| 38 | } |
|---|
| 39 | elsif ($CLI{forcecgi} eq "none") # scan no CGI directories |
|---|
| 40 | { |
|---|
| 41 | nprint("Using no CGI directories\n","d"); |
|---|
| 42 | $VARIABLES{"\@CGIDIRS"} = ""; |
|---|
| 43 | } |
|---|
| 44 | elsif ($CLI{forcecgi} =~ /[a-zA-Z0-9]/) # scan a specific directory |
|---|
| 45 | { |
|---|
| 46 | nprint("Using CGI dir '$CLI{forcecgi}'\n","d"); |
|---|
| 47 | $VARIABLES{"\@CGIDIRS"} = $CLI{forcecgi}; |
|---|
| 48 | } |
|---|
| 49 | else # or normal testing of each dir |
|---|
| 50 | { |
|---|
| 51 | foreach $possiblecgidir (@CFGCGI) |
|---|
| 52 | { |
|---|
| 53 | ($res, $CONTENT)=fetch($possiblecgidir,"GET"); |
|---|
| 54 | nprint("Checked for CGI dir\t$possiblecgidir\tgot:$res","d"); |
|---|
| 55 | if (content_present($res) eq true) |
|---|
| 56 | { |
|---|
| 57 | $gotvalid++; |
|---|
| 58 | push(@POSSIBLECGI,$possiblecgidir); |
|---|
| 59 | } |
|---|
| 60 | } |
|---|
| 61 | |
|---|
| 62 | if ($gotvalid eq 0) |
|---|
| 63 | { |
|---|
| 64 | nprint("+ No CGI Directories found (use '-C all' to force check all possible dirs)"); |
|---|
| 65 | $VARIABLES{"\@CGIDIRS"} = ""; |
|---|
| 66 | } |
|---|
| 67 | elsif ($#CFGCGI eq $#POSSIBLECGI) |
|---|
| 68 | { |
|---|
| 69 | nprint("+ All CGI directories 'found', use '-C none' to test none"); |
|---|
| 70 | $VARIABLES{"\@CGIDIRS"} = join(" ",@CFGCGI); |
|---|
| 71 | } |
|---|
| 72 | else |
|---|
| 73 | { |
|---|
| 74 | $VARIABLES{"\@CGIDIRS"} = join(" ",@POSSIBLECGI); |
|---|
| 75 | } |
|---|
| 76 | } # end !$CLI{forcecgi} |
|---|
| 77 | |
|---|
| 78 | nprint("- Checking for CGI in: $VARIABLES{\"\@CGIDIRS\"}","v"); |
|---|
| 79 | } |
|---|
| 80 | |
|---|
| 81 | 1; |
|---|
