Changeset 293


Ignore:
Timestamp:
01/29/10 05:25:15 (3 years ago)
Author:
sullo
Message:

Ticket 117: Fixed SKIPPORTS
Minor cleanups

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/docs/CHANGES.txt

    r292 r293  
    112010-01-20 Nikto 2.1.1 
    2         - Moved User-Agent string to nikto.conf 
    3         - Added dynamic variables to User-Agent (Testid, Evasion methods) 
    4         - Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates 
    5         - Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer) 
    6         - Ticket  95: Added support for OSVDB, now the fun bit of filling it in 
     2        - Ticket 117: Fixed SKIPPORTS 
     3        - Ticket 116: Moved User-Agent string to nikto.conf 
     4        - Ticket 116: Added dynamic variables to User-Agent (Testid, Evasion methods) 
     5        - Ticket 95: Added support for OSVDB, now the fun bit of filling it in 
    76        - Ticket 111: Basic syntax checks for all databases 
    87        - Ticket 109: Added an extra optional <ssl /> element to xml output to contain the SSL date. Need to do similar for html, txt and csv 
     
    109        - Ticket 107: Support for short reads in LW2.5 
    1110        - Ticket 98: If -Format is missed guess the format based on file extension in -output. Default is none if -output is omitted. 
    12         - Added support to select plugins via -Plugins and -list-plugins option to list current plugins 
    13         - Major bug fix for proxy usage 
    1411        - Ticket 96: Multiple index file enhancements for groups and better unique file identification 
    1512        - Ticket 103: <description> content in xml report is now wrapped in CDATA  
     
    1714        - Ticket 97: Fix for response caching 
    1815        - Ticket 99: Spelling disagreements between Brits and Americans 
     16        - Removed NMAP and NMAPOPTS from nikto.conf as it is no longer used/supported 
     17        - Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates 
     18        - Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer) 
     19        - Added support to select plugins via -Plugins and -list-plugins option to list current plugins 
     20        - Major bug fix for proxy usage 
    1921        - Don't report p3p header as unusual 
    2022        - Various changes to aid future binary db usage for mutates 

  • trunk/nikto.conf

    r292 r293  
    77NIKTODTD=docs/nikto.dtd 
    88 
    9 # location of nmap to use with port scanning (rather than Nikto internals) 
    10 # and any options to pass to it 
    11 NMAP=/usr/local/bin/nmap 
    12 NMAPOPTS=-P0 
    13  
    149# ports never to scan 
    15 #SKIPPORTS=21 111 
     10SKIPPORTS=21 111 
    1611 
    1712# User-Agent variables: 
    18  # @VERSION - Nikto version 
    19  # @TESTID - Test identifier 
    20  # @EVASIONS - List of active evasions 
    21 USERAGENT="Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)"; 
     13 # @VERSION     - Nikto version 
     14 # @TESTID      - Test identifier 
     15 # @EVASIONS    - List of active evasions 
     16USERAGENT=Mozilla/4.75 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID) 
    2217 
    2318# IDs never to alert on (Note: this only works for IDs loaded from db_tests) 
     
    3328# send updates because it makes the data better for everyone ;)  *NO* server specific information 
    3429# such as IP or name is sent, just the relevant version information. 
    35 # UPDATES=yes  #-- ask before each submission if it should send 
    36 # UPDATES=no   #-- don't ask, don't send 
    37 # UPDATES=auto #-- automatically attempt submission *without prompting* 
     30# UPDATES=yes   - ask before each submission if it should send 
     31# UPDATES=no    - don't ask, don't send 
     32# UPDATES=auto  - automatically attempt submission *without prompting* 
    3833UPDATES=yes 
    3934 

  • trunk/plugins/db_outdated

    r273 r293  
    388388"600374","Microsoft_PWS_Mac/","4.0b1","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    389389"600375","Microsoft-HTTPAPI/","2.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    390 "600376","Microsoft-IIS/","6.0","@RUNNING_VER appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least @CURRENT_VER)" 
     390"600376","Microsoft-IIS/","7.0","@RUNNING_VER appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least @CURRENT_VER)" 
    391391"600377","Microsoft-Internet-Information-Server/","1.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    392392"600378","Microsoft-PWS-95/","2.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 

  • trunk/plugins/nikto_core.plugin

    r292 r293  
    12001200   my ($hostname, $ip, $port) = @_; 
    12011201   my (%m, %headers); 
     1202 
     1203   # Check SKIPPORTS 
     1204   if ($NIKTOCONFIG{'SKIPPORTS'} =~ /\b$port\b/) { 
     1205        nprint("+ ERROR: SKIPPORTS (nikto.conf) contains $port -- not checking"); 
     1206        return 0; 
     1207        } 
    12021208 
    12031209   $m->{hostname}=$hostname; 
Note: See TracChangeset for help on using the changeset viewer.