Changeset 46
- Timestamp:
- 06/24/2008 02:52:38 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
-
config.txt (modified) (1 diff)
-
docs/CHANGES.txt (modified) (2 diffs)
-
plugins/nikto_core.plugin (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/config.txt
r41 r46 55 55 #STATIC-COOKIE=cookiename=cookievalue 56 56 57 # The below allows you to vary which HTTP methods are used to check whether 58 # an HTTP(s) server is running. Some web servers, such as the autopsy web 59 # server do not implement the HEAD method 60 CHECKMETHODS=HEAD GET -
trunk/docs/CHANGES.txt
r45 r46 1 2008-06-24 plugins/nikto_core.plugin 2 - Fix for ticket #35 - allow multiple HTTP methods to identify 3 an HTTP server, these are set with the variable CHECKMETHODS in 4 config.txt 5 - Fix for a bug in the nmap reader where it would ignore the IP 6 address if it nmap didn't return a hostname. 1 7 2008-06-22 plugins/db_tests 2 8 - Fix for ticket #26 - stop domino tests producing false positives … … 5 11 2008-04-22 plugins/nikto_outdated.plugin 6 12 - Change to allow stop duplication of items when scanning more than one 7 host. Fix for bug 2813 host. Fix for bug 28 8 14 2008-04-16 plugins/nikto_core.plugin 9 15 - Change to allow reading of a host list from stdin -
trunk/plugins/nikto_core.plugin
r42 r46 858 858 my @line=split(/ /); 859 859 my @name=split(/\(|\)/, $line[2]); 860 if (!$name[1]) { $name[1]=$line[1]; } 860 861 861 862 $TARGETS{$host_ctr}{ident}=$name[1]; … … 1358 1359 proxy_check() unless $PROXYCHECKED; 1359 1360 1360 # try http1361 if ( !$CLI{ssl})1361 my @checktypes=('HTTP', 'HTTPS'); 1362 if ($CLI{ssl}) 1362 1363 { 1363 nprint("- Checking for HTTP on port $TARGETS{$CURRENT_HOST_ID}{ip}:$port","v"); 1364 $request{'whisker'}->{'ssl'}=0; 1365 $request{'whisker'}->{'port'}= $port; 1366 $request{'whisker'}->{'http_eol'}=$http_eol; 1367 dump_var("Request Hash", \%request); 1368 LW2::http_close(\%request); # force-close any old connections 1369 LW2::http_fixup_request(\%request); 1370 if ($CLI{pause} > 0) { sleep $CLI{pause}; } 1371 if (!LW2::http_do_request_timeout(\%request,\%result)) 1372 { 1373 # this will fix for some Apaches that are smart enough to answer non ssl reqs on an ssl server 1374 if ($result{'whisker'}->{'data'} !~ /speaking plain HTTP to an SSL/) 1375 { 1376 $TARGETS{$CURRENT_HOST_ID}{ports}{$port}{ssl}=0; 1377 nprint("- Server found: $TARGETS{$CURRENT_HOST_ID}{ip}:$port \t$result{'server'}","d"); 1378 $request{'whisker'}->{'host'}=$oldhost; 1379 dump_var("Result Hash", \%result); 1380 return; 1381 } 1364 shift(@checktypes); 1365 } 1366 1367 foreach my $method (split(/ /,$NIKTOCONFIG{CHECKMETHODS})) 1368 { 1369 $request{'whisker'}->{'method'}=$method; 1370 foreach my $checkssl (@checktypes) 1371 { 1372 nprint("- Checking for $checkssl on port $TARGETS{$CURRENT_HOST_ID}{ip}:$port, using $method","v"); 1373 $request{'whisker'}->{'ssl'}=($checkssl=="HTTP")?0:1; 1374 $request{'whisker'}->{'port'}= $port; 1375 $request{'whisker'}->{'http_eol'}=$http_eol; 1376 dump_var("Request Hash", \%request); 1377 LW2::http_close(\%request); # force-close any old connections 1378 LW2::http_fixup_request(\%request); 1379 if ($CLI{pause} > 0) { sleep $CLI{pause}; } 1380 if (!LW2::http_do_request_timeout(\%request,\%result)) 1381 { 1382 # this will fix for some Apaches that are smart enough to answer non ssl reqs on an ssl server 1383 if ($result{'whisker'}->{'data'} !~ /speaking plain HTTP to an SSL/) 1384 { 1385 $TARGETS{$CURRENT_HOST_ID}{ports}{$port}{ssl}=0; 1386 nprint("- $checkssl Server found: $TARGETS{$CURRENT_HOST_ID}{ip}:$port \t$result{'server'}","d"); 1387 $request{'whisker'}->{'host'}=$oldhost; 1388 dump_var("Result Hash", \%result); 1389 return; 1382 1390 } 1383 else { dump_var("Result Hash", \%result); } 1384 } 1385 1386 # try https 1387 nprint("- Checking for HTTPS on port $TARGETS{$CURRENT_HOST_ID}{ip}:$port","v"); 1388 $request{'whisker'}->{'ssl'}=1; 1389 $request{'whisker'}->{'port'}= $port; 1390 $request{'whisker'}->{'http_eol'}=$http_eol; 1391 dump_var("Request Hash", \%request); 1392 LW2::http_close(\%request); # force-close any old connections 1393 LW2::http_fixup_request(\%request); 1394 if ($CLI{pause} > 0) { sleep $CLI{pause}; } 1395 if (LW2::http_do_request_timeout(\%request,\%result) eq 0) 1396 { $TARGETS{$CURRENT_HOST_ID}{ports}{$port}{ssl}=1; 1397 dump_var("Result Hash", \%result); 1398 $request{'whisker'}->{'host'}=$oldhost; 1399 nprint("- Server found: $TARGETS{$CURRENT_HOST_ID}{ip}:$port \t$result{'server'}","d"); 1400 } 1401 dump_var("Result Hash", \%result); 1391 } 1392 else 1393 { 1394 dump_var("Result Hash", \%result); 1395 } 1396 } 1397 } 1398 1402 1399 if (! $TARGETS{$CURRENT_HOST_ID}{ports}{$port}) 1403 1400 { … … 1407 1404 return; 1408 1405 } 1409 ############################################################################### 1410 # this ugly, and potentially dangerous if untrusted plugins are present 1406 1407 ############################################################################### 1408 # this is ugly, and potentially dangerous if untrusted plugins are present 1411 1409 ############################################################################### 1412 1410 sub run_plugins
Note: See TracChangeset
for help on using the changeset viewer.
