Changeset 151

Timestamp:

08/12/2009 11:19:21 PM (4 years ago)

Author:

deity

Message:

Added facillity to return headers on nfetch

Location:

trunk/plugins

Files:

• nikto_core.plugin (modified) (1 diff)
• nikto_headers.plugin (modified) (7 diffs)

trunk/plugins/nikto_core.plugin

@@ -1953 +1953 @@
       foreach my $c (@{$result{'whisker'}->{'cookies'}}) 
       { 
-         nprint("+ $request{'whisker'}->{'uri'} sent cookie: $c");
+         nprint("+ $uri sent cookie: $c");
+      }
+   }
+
+   # If headers is defined, copy the whisker headers to the hash
+   if (defined $headers)
+   {
+      # First clear the hash
+      foreach my $header (keys %$headers)
+      {
+         delete($headers->{$header});
+      }
+      while (my ($key, $value) = each(%result))
+      {
+         if ($key ne "whisker" && $key ne "connection")
+         {
+            $headers->{$key}=$value;
+         }
       }
    }

trunk/plugins/nikto_headers.plugin

@@ -43 +43 @@
    my $dbarray = initialise_db("db_headers");
    my @interesting_headers = qw /microsoftofficewebserver ms-author-via dasl dav daap-server/;
+   my %headers;
    # Standard headers, whisker is added to stop false positives
    # Host Pragma
@@ -51 +52 @@
    foreach my $f (qw/\/index.php \/junk999.php \/ \/index.php3 \/ \/junk999.php3 \/index.cfm \/junk999.cfm \/index.asp \/junk999.asp \/index.aspx \/junk988.aspx/ )
    {
-      (my $RES, $CONTENT) = fetch($f, "GET");
-      if (defined $result{'x-powered-by'}) { $xpb{ $result{'x-powered-by'} } = 1; }
+      (my $RES, $CONTENT) = nfetch($f, "GET", "", \%headers);
+      if (defined $headers{x-powered-by}) { $xpb{ $headers{x-powered-by} } = 1; }
    }
 
@@ -68 +69 @@
    #######################################################################
    # Servlet-Engine info
-   if (defined $result{'servlet-engine'})
-   {
-      my $x = $result{'servlet-engine'};
+   if (defined $headers{servlet-engine})
+   {
+      my $x = $headers{servlet-engine};
       $x = ~s/\(.*$//;
       $x =~ s/\s+//g;
@@ -146 +147 @@
    
    # First let's hit something we know should return something
-   my ($res, $content)=fetch("/","GET");
+   my ($res, $content)=nfetch("/","GET","",\%headers);
 
    foreach my $header (@interesting_headers)
    {
-      if ($result{$header} ne '')
-      {
-         my $x = $result{$header};
+      if ($headers{$header} ne '')
+      {
+         my $x = $headers{$header};
          $x =~ s/\s+.*$//;
          push(@BUILDITEMS, $x);
-         add_vulnerability($mark,"Retrieved $header header: $result{$header}",999986,0);
+         add_vulnerability($mark,"Retrieved $header header: $headers{$header}",999986,0);
       }
    }
@@ -161 +162 @@
    #######################################################################
    # Look for any non-standard headers
-   foreach my $header (sort keys %result)
+   foreach my $header (sort keys %headers)
    {
       my $found = 0;
@@ -174 +175 @@
       if ($found == 0)
       {
-         my $x = $result{$header};
+         my $x = $headers{$header};
          $x =~s/\s+.*$//;
          push(@BUILDITEMS, $x);
-         add_vulnerability($mark,"Non-standard header $header returned by server, with contents: $result{$header}",$reportnum,0);
+         add_vulnerability($mark,"Non-standard header $header returned by server, with contents: $headers{$header}",$reportnum,0);
          $reportnum++;
       }
@@ -188 +189 @@
    foreach my $f (qw/\/index.html \/index.htm \/robots.txt/)
    {
-      (my $RES, $CONTENT) = fetch($f, "GET");
-   }
-
+      (my $RES, $CONTENT) = nfetch($f, "GET","", \%headers);
+   }
+   
    # Now we have a header, let's check ETag for inode
-   if (defined $result{etag})
-   {
-      my $etag=$result{etag};
+   if (defined $headers{etag})
+   {
+      my $etag=$headers{etag};
       $etag =~ s/"//g;
       my @fields = split("-",$etag);