Changeset 271
- Timestamp:
- 01/26/2010 05:25:08 AM (3 years ago)
- File:
-
- 1 edited
-
trunk/plugins/nikto_core.plugin (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/plugins/nikto_core.plugin
r270 r271 1044 1044 sub dbcheck 1045 1045 { 1046 my @dbs=qw/db_ 404_strings db_outdated db_realms db_tests db_variables/;1046 my @dbs=qw/db_headers db_httpoptions db_multiple_index db_server_msgs db_subdomains db_favicon db_embedded db_404_strings db_outdated db_realms db_tests db_variables/; 1047 1047 my $prefix = $_[0]; 1048 1049 1048 if ($prefix eq "" ) { nprint "\n-->\tNikto Databases\n"; } 1050 1049 if ($prefix eq "u" ) { nprint "\n-->\tUser Databases\n"; } … … 1055 1054 if (!-r $filename) { next; } 1056 1055 open(IN,"<$filename") || die nprint("+ ERROR: Can't open \"$filename\":$!\n"); 1057 1058 1056 nprint "Syntax Check: $filename\n"; 1059 1057 1060 1058 if ($file eq 'db_outdated') 1061 1059 { 1062 foreach $line (<IN>) 1063 { 1060 foreach $line (<IN>) { 1064 1061 $line =~ s/^\s+//; 1065 1062 if ($line =~ /^\#/) { next; } … … 1067 1064 if ($line eq "") { next; } 1068 1065 my @L=parse_csv($line); 1069 if ($line !~ /^\".*\"\,\".*\"\,\".*\"$/) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; }1070 1066 if ($#L ne 3) { print STDERR "\t+ ERROR: Invalid syntax ($#L): $line\n"; next; } 1071 1067 $ENTRIES{"$L[0]"}++; 1072 1068 } 1073 1074 1069 foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\t+ ERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } } 1075 1070 nprint "\t" . keys(%ENTRIES) . " entries\n"; … … 1078 1073 { 1079 1074 my %ENTRIES; 1080 foreach my $line (<IN>) 1081 { 1075 foreach my $line (<IN>) { 1082 1076 if ($line !~ /^\"/) { next; } 1083 1077 my @L=parse_csv($line); … … 1088 1082 if (($L[3] =~ /^\@CG/) && ($L[3] !~ /^\@CGIDIRS/)) { print STDERR "\t+ ERROR: Possible \@CGIDIRS misspelling: $line"; } 1089 1083 $ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]"}++; 1090 1091 1084 if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line\n"; } 1085 } 1092 1086 foreach $entry (keys %ENTRIES) { if ($ENTRIES{$entry} > 1) { print STDERR "\t+ ERROR: Duplicate ($ENTRIES{$entry}): $entry\n"; } } 1093 1087 nprint "\t" . keys(%ENTRIES) . " entries\n"; … … 1096 1090 { 1097 1091 my $ctr=0; 1098 foreach $line (<IN>) 1099 { 1092 foreach $line (<IN>) { 1100 1093 if ($line !~ /^\@/) { next; } 1101 1094 if ($line !~ /^\@.+\=.+$/i ) { print STDERR "\t+ ERROR: Invalid syntax: $line\n"; } … … 1107 1100 { 1108 1101 my $ctr=0; 1109 foreach $line (<IN>) 1110 { 1111 if ($line !~ /^\"/) { next; } 1112 chomp($line); 1113 my @L=parse_csv($line); 1114 if ($#L ne 4) { print STDERR "\t+ ERROR: Invalid syntax: $line\n"; } 1102 foreach $line (<IN>) { 1103 if ((count_fields($line, 1) ne 4) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1115 1104 $ctr++; 1116 1105 } … … 1120 1109 { 1121 1110 my $ctr=0; 1122 foreach $line (<IN>) 1123 { 1111 foreach $line (<IN>) { 1124 1112 # not really any syntax to check 1125 1113 $ctr++; … … 1127 1115 nprint "\t$ctr entries\n"; 1128 1116 } 1117 elsif ($file eq 'db_embedded') 1118 { 1119 my $ctr=0; 1120 foreach $line (<IN>) { 1121 if ((count_fields($line, 1) ne 4) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1122 $ctr++; 1123 } 1124 nprint "\t$ctr entries\n"; 1125 } 1126 elsif ($file eq 'db_favicon') 1127 { 1128 my $ctr=0; 1129 foreach $line (<IN>) { 1130 if ((count_fields($line, 1) ne 2) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1131 $ctr++; 1132 } 1133 nprint "\t$ctr entries\n"; 1134 } 1135 elsif ($file eq 'db_headers') 1136 { 1137 my $ctr=0; 1138 foreach $line (<IN>) { 1139 if ((count_fields($line) ne 0) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1140 $ctr++; 1141 } 1142 nprint "\t$ctr entries\n"; 1143 } 1144 elsif ($file eq 'db_httpoptions') 1145 { 1146 my $ctr=0; 1147 foreach $line (<IN>) { 1148 if ((count_fields($line, 1) ne 3) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1149 $ctr++; 1150 } 1151 nprint "\t$ctr entries\n"; 1152 } 1153 elsif ($file eq 'db_multiple_index') 1154 { 1155 my $ctr=0; 1156 foreach $line (<IN>) { 1157 if ((count_fields($line) ne 0) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1158 $ctr++; 1159 } 1160 nprint "\t$ctr entries\n"; 1161 } 1162 elsif ($file eq 'db_server_msgs') 1163 { 1164 my $ctr=0; 1165 foreach $line (<IN>) { 1166 if ((count_fields($line, 1) ne 2) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1167 $ctr++; 1168 } 1169 nprint "\t$ctr entries\n"; 1170 } 1171 elsif ($file eq 'db_subdomains') 1172 { 1173 my $ctr=0; 1174 foreach $line (<IN>) { 1175 if ((count_fields($line, 1) ne 1) && (count_fields($line) ne '')) { print STDERR "\t+ ERROR: Invalid syntax: $line"; } 1176 $ctr++; 1177 } 1178 nprint "\t$ctr entries\n"; 1179 } 1129 1180 1130 1181 close(IN); … … 1135 1186 nprint "\n"; 1136 1187 exit; 1188 } 1189 ############################################################################### 1190 sub count_fields 1191 { 1192 my $line =$_[0] || return; 1193 my $checkid=$_[1] || 0; 1194 if ($line !~ /^\"/) { return; } 1195 chomp($line); 1196 $line =~ s/\s+$//; 1197 if ($line eq '') { return; } 1198 my @L=parse_csv($line); 1199 if ($checkid && ($L[0] ne 'nikto_id') && (($L[0] =~ /[^0-9]/) || ($L[0] eq ''))) { return -1; } 1200 return $#L; 1137 1201 } 1138 1202 ###############################################################################
Note: See TracChangeset
for help on using the changeset viewer.
