source: trunk/plugins/nikto_content_search.plugin @ 436

Revision 436, 2.7 KB checked in by sullo, 3 years ago (diff)

fix use vars statement
Line 
1#VERSION,1.01
2# $Id$
3###############################################################################
4#  Copyright (C) 2004 CIRT, Inc.
5#
6#  This program is free software; you can redistribute it and/or
7#  modify it under the terms of the GNU General Public License
8#  as published by the Free Software Foundation; version 2
9#  of the License only.
10#
11#  This program is distributed in the hope that it will be useful,
12#  but WITHOUT ANY WARRANTY; without even the implied warranty of
13#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#  GNU General Public License for more details.
15#
16#  You should have received a copy of the GNU General Public License
17#  along with this program; if not, write to the Free Software
18#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
19###############################################################################
20# PURPOSE:
21# Search content for known bad strings
22###############################################################################
23use vars qw/$CONTENTSEARCH %CSMATCHED/;
24
25sub nikto_content_search_init {
26    my $id = { name         => "content_search",
27               full_name    => "Content Search",
28               author       => "Sullo",
29               description  => "Search resultant content for interesting strings",
30               recon_method => \&nikto_content_search_load,
31               recon_weight => 1,
32               postfetch_method => \&nikto_content_search,
33               postfetch_weight => 20,
34               copyright    => "2010 CIRT Inc"
35               };
36
37    return $id;
38}
39
40sub nikto_content_search_load {
41    # Load up the database as soon as we can
42   
43    $CONTENTSEARCH=init_db("db_content_search");
44    %CSMATCHED = ();
45
46    # to try and speed it up - precompile the regular expressions
47    foreach my $testid (@$CONTENTSEARCH) {
48        $testid->{'compiled'} = qr/$testid->{'matchstring'}/;
49    }
50}
51
52sub nikto_content_search {
53    my ($mark, $parameters, $request, $result) = @_;
54   
55    my $body   = $result->{'whisker'}->{'data'};
56    my $file   = $result->{'whisker'}->{'uri'};
57    my $method = $result->{'whisker'}->{'method'} || "GET";
58
59    foreach my $testid (@$CONTENTSEARCH) {
60        if ($body =~ $testid->{'compiled'} &&
61            !exists $CSMATCHED{$mark->{'hostname'}}{$file}) {
62            # Check whether we've already matched it
63            my $outmessage = "$file: $testid->{'message'}";
64            add_vulnerability($mark, $outmessage,
65                              $testid->{'nikto_id'},
66                              $testid->{'osvdb'},
67                              $method, $file);
68            $CSMATCHED{$mark->{'hostname'}}{$file} = 1;
69        }
70    }
71    return $request, $result;
72}
73
741;
Note: See TracBrowser for help on using the repository browser.