| 1 | #VERSION,1.01 |
|---|
| 2 | # $Id$ |
|---|
| 3 | |
|---|
| 4 | ############################################################################### |
|---|
| 5 | # Copyright (C) 2004 CIRT, Inc. |
|---|
| 6 | # |
|---|
| 7 | # This program is free software; you can redistribute it and/or |
|---|
| 8 | # modify it under the terms of the GNU General Public License |
|---|
| 9 | # as published by the Free Software Foundation; version 2 |
|---|
| 10 | # of the License only. |
|---|
| 11 | # |
|---|
| 12 | # This program is distributed in the hope that it will be useful, |
|---|
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 15 | # GNU General Public License for more details. |
|---|
| 16 | # |
|---|
| 17 | # You should have received a copy of the GNU General Public License |
|---|
| 18 | # along with this program; if not, write to the Free Software |
|---|
| 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
|---|
| 20 | ############################################################################### |
|---|
| 21 | sub nikto_multiple_index_init |
|---|
| 22 | { |
|---|
| 23 | my $id = |
|---|
| 24 | { |
|---|
| 25 | name => "mutiple_index", |
|---|
| 26 | full_name => "Multiple Index", |
|---|
| 27 | author => "deity", |
|---|
| 28 | description => "Checks for multiple index files", |
|---|
| 29 | scan_method => \&nikto_multiple_index, |
|---|
| 30 | copyright => "2009 CIRT Inc" |
|---|
| 31 | }; |
|---|
| 32 | |
|---|
| 33 | return $id; |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | sub nikto_multiple_index |
|---|
| 37 | { |
|---|
| 38 | my ($mark) = @_; |
|---|
| 39 | my $dbarray = initialise_db("db_multiple_index"); |
|---|
| 40 | |
|---|
| 41 | # Record the host for future use |
|---|
| 42 | |
|---|
| 43 | my $found; |
|---|
| 44 | my %hashes; |
|---|
| 45 | foreach my $item (@$dbarray) |
|---|
| 46 | { |
|---|
| 47 | # Use fetch to minimise extra code |
|---|
| 48 | # First we need to mangle the host. |
|---|
| 49 | my ($res, $content) = nfetch($mark,"/$item->{index}", "GET"); |
|---|
| 50 | |
|---|
| 51 | if (($res == 200) || ($res == 404)) |
|---|
| 52 | { |
|---|
| 53 | $content=rm_active_content($result{'whisker'}->{'data'}); |
|---|
| 54 | my $hash=LW2::md4($content); |
|---|
| 55 | $found{$item->{index}}=$hash; |
|---|
| 56 | $hashes{$hash} .= "$item->{index}, "; |
|---|
| 57 | } |
|---|
| 58 | |
|---|
| 59 | } # End foreach |
|---|
| 60 | |
|---|
| 61 | # report, if necessary |
|---|
| 62 | if (keys(%found) > 1) |
|---|
| 63 | { |
|---|
| 64 | # one unique hash... bogus responses |
|---|
| 65 | if (keys(%hashes) <= 1) |
|---|
| 66 | { |
|---|
| 67 | return; |
|---|
| 68 | } |
|---|
| 69 | |
|---|
| 70 | my $tempstring; |
|---|
| 71 | my $group_count=0; |
|---|
| 72 | foreach my $h (keys %hashes) |
|---|
| 73 | { |
|---|
| 74 | $group_count++; |
|---|
| 75 | $tempstring .= "\#$group_count: $hashes{$h}"; |
|---|
| 76 | } |
|---|
| 77 | $tempstring=~s/,\s$//; |
|---|
| 78 | |
|---|
| 79 | add_vulnerability($mark,"Multiple distinct index files found: $tempstring", 740000, 0); |
|---|
| 80 | } |
|---|
| 81 | } |
|---|
| 82 | |
|---|
| 83 | 1; |
|---|
