Changeset 186

Timestamp:

10/18/2009 06:50:56 PM (4 years ago)

Author:

sullo

Message:

• Standardization of ERROR print prefix, as well as matching in nprint to make sure we don't send things to STDERR we don't mean to.
• If outputfile is - don't send any output to STDOUT, regardless of -F type.

Location:

trunk

Files:

• nikto.pl (modified) (1 diff)
• plugins/nikto_core.plugin (modified) (12 diffs)
• plugins/nikto_dictionary_attack.plugin (modified) (1 diff)
• plugins/nikto_single.plugin (modified) (1 diff)
• plugins/nikto_tests.plugin (modified) (1 diff)
• plugins/nikto_user_enum_apache.plugin (modified) (1 diff)

trunk/nikto.pl

@@ -224 +224 @@
    my $configfile=$_[0];
 
-   open(CONF, "<$configfile") || return "- ERROR: Unable to open config file '$configfile'";
+   open(CONF, "<$configfile") || return "+ ERROR: Unable to open config file '$configfile'";
    my @CONFILE = <CONF>;
    close(CONF);

trunk/plugins/nikto_core.plugin

@@ -94 +94 @@
    } 
    # print errors to STDERR
-   if ($line =~ /ERROR\:/) { print STDERR "$line\n"; return; }
+   if ($line =~ /^+ ERROR\:/) { print STDERR "$line\n"; return; }
    
    # don't print to STDOUT if output file is "-"
-   if ($CLI{format} =~ /^xml$/i and $CLI{file} eq "-") { return; }
- 
-   # don't print to STDOUT if output file is "-"
-   if ($CLI{format} =~ /^html?$/i and $CLI{file} eq "-") { return; }
-   
+   if ($CLI{file} eq "-") { return; }
 
    # print to scan details to standard output if the users wants another format and is saving results to a file
@@ -596 +592 @@
  
  # verify readable dtd 
- if ($CLI{format} =~ /xml/i and !-r $NIKTOCONFIG{NIKTODTD})   { nprint("+ ERROR: reading DTD"); exit; } 
+ if ($CLI{format} eq 'xml' && !-r $NIKTOCONFIG{NIKTODTD})   { nprint("+ ERROR: reading DTD"); exit; } 
 
  # screen output
@@ -759 +755 @@
          if ($start > $end)
          {
-            nprint("- ERROR port range $port doesn't make sense - assuming 80/tcp");
+            nprint("+ ERROR port range $port doesn't make sense - assuming 80/tcp");
             next;
          }
@@ -1040 +1036 @@
            if ($line eq "") { next; }
            my @L=parse_csv($line);
-           if ($line !~ /^\".*\"\,\".*\"\,\".*\"$/) { print STDERR "\tERROR: Invalid syntax ($#L): $line\n"; next; }
-           if ($#L ne 3) { print STDERR "\tERROR: Invalid syntax ($#L): $line\n"; next; }
+           if ($line !~ /^\".*\"\,\".*\"\,\".*\"$/) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; }
+           if ($#L ne 3) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; }
            $ENTRIES{"$L[0]"}++;
          }
 
-          foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\tERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } }
+          foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\t+ ERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } }
           nprint "\t" . keys(%ENTRIES) . " entries\n";
      }
@@ -1055 +1051 @@
            if ($line !~ /^\"/)  { next; }
            my @L=parse_csv($line);
-           if ($L[4] !~ /(GET|POST|TRACE|TRACK|OPTIONS|SEARCH|INDEX)/i) { print STDERR "\tERROR: Possibly invalid method: $L[4] on ($line)\n"; }
-           if ($L[5] eq "") { print STDERR "\tERROR: blank conditional: $line"; next; }
-           if ($line !~ /^\".*\",\".*\",\".*\",\".*\",\".*\"/) { print STDERR "\tERROR: Invalid syntax ($#L): $line\n"; next; }
-           if ($line !~ /^(\".*\",){11}\".*\"/) { print STDERR "\tERROR: Invalid syntax ($#L): $line\n"; next; }
-           if (($L[3] =~ /^\@CGI/) && ($L[3] !~ /^\@CGIDIRS/)) { print STDERR "\tERROR: Possible \@CGIDIRS misspelling: $line"; }
+           if ($L[4] !~ /(GET|POST|TRACE|TRACK|OPTIONS|SEARCH|INDEX)/i) { print STDERR "\t+ ERROR: Possibly invalid method: $L[4] on ($line)\n"; }
+           if ($L[5] eq "") { print STDERR "\t+ ERROR: blank conditional: $line"; next; }
+           if ($line !~ /^\".*\",\".*\",\".*\",\".*\",\".*\"/) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; }
+           if ($line !~ /^(\".*\",){11}\".*\"/) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; }
+           if (($L[3] =~ /^\@CGI/) && ($L[3] !~ /^\@CGIDIRS/)) { print STDERR "\t+ ERROR: Possible \@CGIDIRS misspelling: $line"; }
            $ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[10],$L[12]"}++;
          }
 
-       foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\tERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } }
+       foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\t+ ERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } }
        nprint "\t" . keys(%ENTRIES) . " entries\n";
      }
@@ -1072 +1068 @@
          {
            if ($line !~ /^\@/)  { next; }
-           if ($line !~ /^\@.+\=.+$/i ) { print STDERR "\tERROR: Invalid syntax: $line\n"; }
+           if ($line !~ /^\@.+\=.+$/i ) { print STDERR "\t+ ERROR: Invalid syntax: $line\n"; }
            $ctr++;
          }
@@ -1085 +1081 @@
            chomp($line);
            my @L=parse_csv($line);
-           if ($#L ne 4) { print STDERR "\tERROR: Invalid syntax: $line\n"; }
+           if ($#L ne 4) { print STDERR "\t+ ERROR: Invalid syntax: $line\n"; }
            $ctr++;
          }
@@ -1698 +1694 @@
      if ($result{'whisker'}{'error'} =~ "Transport endpoint is not connected")
      {
-        nprint("ERROR: Could not connect to the defined proxy $NIKTOCONFIG{PROXYHOST}");
+        nprint("+ ERROR: Could not connect to the defined proxy $NIKTOCONFIG{PROXYHOST}");
         exit 1;
      }
@@ -2165 +2161 @@
    foreach my $FILE (sort @NIKTOFILES)
    {
-      open(FI,"<$NIKTOCONFIG{PLUGINDIR}/$FILE") || die print STDERR "- ERROR: Unable to open '$NIKTOCONFIG{PLUGINDIR}/$FILE': $!\n";;;
+      open(FI,"<$NIKTOCONFIG{PLUGINDIR}/$FILE") || die print STDERR "+ ERROR: Unable to open '$NIKTOCONFIG{PLUGINDIR}/$FILE': $!\n";;;
       my @F=<FI>;
       close(FI);
@@ -2204 +2200 @@
  
  # make sure the db_outdatedb isn't *too* old
- open(OD,"<$NIKTOCONFIG{PLUGINDIR}/db_outdated") || die print STDERR "- ERROR: Unable to open '$NIKTOCONFIG{PLUGINDIR}/db_outdated': $!\n";;
+ open(OD,"<$NIKTOCONFIG{PLUGINDIR}/db_outdated") || die print STDERR "+ ERROR: Unable to open '$NIKTOCONFIG{PLUGINDIR}/db_outdated': $!\n";;
  @F=<OD>;
  close(OD);
@@ -2296 +2292 @@
  if ($CONTENT !~ /SUCCESS/) 
   { 
-   print STDERR "- ERROR: ($RES, $CONTENT): Unable to send updated version string(s) to CIRT.net\n"; 
+   print STDERR "+ ERROR: ($RES, $CONTENT): Unable to send updated version string(s) to CIRT.net\n"; 
   }
  else
@@ -2323 +2319 @@
    unless (open(IN, "<$filename"))
    {
-      nprint("- ERROR: Unable to open database file $dbname: $!.");
+      nprint("+ ERROR: Unable to open database file $dbname: $!.");
       return $dbarray;
    }

trunk/plugins/nikto_dictionary_attack.plugin

@@ -54 +54 @@
    unless (open(IN, "<$dictfile"))
    {
-      nprint("- ERROR: Unable to open dictionary file $dictfile: $!.");
+      nprint("+ ERROR: Unable to open dictionary file $dictfile: $!.");
    }
 

trunk/plugins/nikto_single.plugin

@@ -142 +142 @@
 
     my ($hostname, $ip) = resolve($request{'whisker'}{'host'});
-    if ($ip eq "") { print STDERR "ERROR: could not resolve host name\n"; exit; }
+    if ($ip eq "") { print STDERR "+ ERROR: could not resolve host name\n"; exit; }
 
 #### do request

trunk/plugins/nikto_tests.plugin

@@ -66 +66 @@
             if (defined $result{whisker}->{error}) 
             {
-               nprint("- ERROR: $uri returned an error: $result{whisker}{error}\n"); 
+               nprint("+ ERROR: $uri returned an error: $result{whisker}{error}\n"); 
                next; 
             }

trunk/plugins/nikto_user_enum_apache.plugin

@@ -151 +151 @@
    unless (open(IN, "<$filename"))
    {
-      nprint("- ERROR: Unable to open dictionary file $filename: $!.");
+      nprint("+ ERROR: Unable to open dictionary file $filename: $!.");
    }