Changeset 139

Timestamp:

08/02/2009 11:01:45 AM (4 years ago)

Author:

deity

Message:

Closing off stuff for #22

Location:

trunk

Files:

• docs/CHANGES.txt (modified) (1 diff)
• plugins/db_headers (added)
• plugins/nikto_headers.plugin (modified) (3 diffs)

trunk/docs/CHANGES.txt

@@ -1 +1 @@
 2009-08-02 plugin/nikto_multiple_index db_multiple_index
         - Added check for multiple index files for request #16
+        - Turned standard headers into a database file to close off #22
 2009-08-01 plugin/* nikto.pl
         - Fixes for xml reporter to allow multiple hosts

trunk/plugins/nikto_headers.plugin

@@ -41 +41 @@
 {
    my ($mark)=@_; 
+   my $dbarray = initialise_db("db_headers");
    my @interesting_headers = qw /microsoftofficewebserver ms-author-via dasl dav daap-server/;
    # Standard headers, whisker is added to stop false positives
-   my @standard_headers = qw /accept accept-charset accept-encoding accept-language accept-ranges age allow authorization cache-control connection content-encoding content-language content-length content-location content-md5 content-range content-type date etag expect expires from host if-match if-modified-since if-none-match if-range if-unmodified-since last-modified location max-forwards pragma proxy-authenticate proxy-authorization range referer retry-after server te trailer transfer-encoding upgrade user-agent vary via warning www-authenticate whisker/;
    # Host Pragma
 
@@ -144 +144 @@
    #######################################################################
    # All other interesting headers
+   
+   # First let's hit something we know should return something
+   my ($res, $content)=fetch("/","GET");
+
    foreach my $header (@interesting_headers)
    {
@@ -161 +165 @@
       my $found = 0;
       my $reportnum = 999100;
-      foreach my $st_header (@standard_headers)
-      {
-         if ($header eq $st_header)
+      foreach my $st_header (@$dbarray)
+      {
+         if ($header eq $st_header->{header})
          {
             $found=1;