Changeset 505

Timestamp:

08/11/2010 11:43:01 AM (3 years ago)

Author:

deity

Message:

Fix for broken -id parameter and clean up of unused %REALMS hash

Location:

trunk

Files:

• nikto.pl (modified) (1 diff)
• plugins/nikto_auth.plugin (modified) (2 diffs)
• plugins/nikto_core.plugin (modified) (3 diffs)

trunk/nikto.pl

@@ -44 +44 @@
 # global var/definitions
 use vars qw/$TEMPLATES %ERRSTRINGS %CLI %VARIABLES %TESTS $CONTENT/;
-use vars qw/%NIKTO %REALMS %NIKTOCONFIG %request %result %COUNTERS/;
+use vars qw/%NIKTO %NIKTOCONFIG %request %result %COUNTERS/;
 use vars qw/%db_extensions %FoF %UPDATES @DBFILE @BUILDITEMS/;
 use vars qw/@RESULTS @PLUGINS @MARKS @REPORTS %CACHE %CONTENTSEARCH/;

trunk/plugins/nikto_auth.plugin

@@ -55 +55 @@
     $REALMS        = init_db("db_realms");
     %REALMSMATCHED = ();
+        
+    if (defined $CLI{'hostauth'}) {
+        my @x = split(/:/, $CLI{'hostauth'});
+
+        my $HOSTAUTH = {
+            nikto_id    => "700500",
+            realm       => (defined $x[2]) ? $x[2] : '@ANY',
+            password    => $x[1],
+            id          => $x[0],
+            message     => "Credentials provided by CLI.",
+        };
+        unshift(@{$REALMS}, $HOSTAUTH);
+    }
 }
 
@@ -152 +165 @@
         if ($result->{'www-authenticate'} eq ''
             && !defined $result->{'whisker'}->{'error'}) {
-
             my $message =
               "Default account found for '$realm' at $uridir ($request->{'whisker'}->{'uri'}) (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}";

trunk/plugins/nikto_core.plugin

@@ -983 +983 @@
 ###############################################################################
 sub load_databases {
-    my @dbs = qw/db_404_strings  db_outdated  db_realms  db_tests  db_variables db_content_search/;
+    my @dbs = qw/db_404_strings  db_outdated  db_tests  db_variables db_content_search/;
     my $prefix = $_[0] || "";
 
@@ -1047 +1047 @@
                     $OVERS{ $T[1] }{ $T[2] } = $T[3];
                     $OVERS{ $T[1] }{'tid'} = $T[0];
-                }
-            }
-
-            # db_realms
-            elsif ($file eq 'db_realms') {
-                my $db_realms_ctr = keys %REALMS;
-                foreach my $l (@file) {
-                    my @t = parse_csv($l);
-                    $REALMS{$db_realms_ctr}{'tid'}   = $t[0];
-                    $REALMS{$db_realms_ctr}{'realm'} = $t[1];
-                    $REALMS{$db_realms_ctr}{'id'}    = $t[2];
-                    $REALMS{$db_realms_ctr}{'pw'}    = $t[3];
-                    $REALMS{$db_realms_ctr}{'msg'}   = $t[4];
-                    $db_realms_ctr++;
-                }
-
-                # Cheat and add CLI directly to REALMS
-                if (defined $CLI{'hostauth'}) {
-                    my @x = split(/:/, $CLI{'hostauth'});
-
-                    $REALMS{$db_realms_ctr}{'tid'}   = "700500";
-                    $REALMS{$db_realms_ctr}{'realm'} = (defined $x[2]) ? $x[2] : '@ANY';
-                    $REALMS{$db_realms_ctr}{'pw'}    = $x[1];
-                    $REALMS{$db_realms_ctr}{'id'}    = $x[0];
-                    $REALMS{$db_realms_ctr}{'msg'}   = "Credentials provided by CLI.";
                 }
             }
@@ -1151 +1126 @@
                 if ($line !~ /^\@/)         { next; }
                 if ($line !~ /^\@.+\=.+$/i) { nprint("\t+ ERROR: Invalid syntax: $line"); }
-                $ctr++;
-            }
-            nprint("\t$ctr entries");
-        }
-        elsif ($file eq 'db_realms') {
-            my $ctr = 0;
-            foreach $line (<IN>) {
-                if ((count_fields($line, 1) ne 4) && (count_fields($line) ne '')) {
-                    nprint("\t+ ERROR: Invalid syntax: $line");
-                }
                 $ctr++;
             }