Changeset 600

Timestamp:

01/03/2011 05:06:27 AM (2 years ago)

Author:

sullo

Message:

Ticket #173: Terminate a host scan with N in interactive mode

Files:

• documentation/doc.xml (modified) (1 diff)
• trunk/nikto.pl (modified) (1 diff)
• trunk/plugins/nikto_apache_expect_xss.plugin (modified) (1 diff)
• trunk/plugins/nikto_apacheusers.plugin (modified) (3 diffs)
• trunk/plugins/nikto_auth.plugin (modified) (1 diff)
• trunk/plugins/nikto_cgi.plugin (modified) (1 diff)
• trunk/plugins/nikto_core.plugin (modified) (6 diffs)
• trunk/plugins/nikto_dictionary_attack.plugin (modified) (2 diffs)
• trunk/plugins/nikto_embedded.plugin (modified) (2 diffs)
• trunk/plugins/nikto_favicon.plugin (modified) (1 diff)
• trunk/plugins/nikto_headers.plugin (modified) (5 diffs)
• trunk/plugins/nikto_httpoptions.plugin (modified) (4 diffs)
• trunk/plugins/nikto_msgs.plugin (modified) (3 diffs)
• trunk/plugins/nikto_multiple_index.plugin (modified) (1 diff)
• trunk/plugins/nikto_outdated.plugin (modified) (3 diffs)
• trunk/plugins/nikto_put_del_test.plugin (modified) (1 diff)
• trunk/plugins/nikto_robots.plugin (modified) (1 diff)
• trunk/plugins/nikto_subdomain.plugin (modified) (2 diffs)
• trunk/plugins/nikto_tests.plugin (modified) (6 diffs)

documentation/doc.xml

@@ -397 +397 @@
         <listitem>
           <para>q - Quit</para>
+        </listitem>
+
+        <listitem>
+          <para>N - Next host</para>
         </listitem>
 

trunk/nikto.pl

@@ -219 +219 @@
     my $elapsed = $mark->{'end_time'} - $mark->{'start_time'};
     if (!$CLI{'findonly'}) {
-        nprint(
-            "+ $NIKTO{'total_checks'} items checked: $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host"
-            );
+        if (!$mark->{'terminate'}) { 
+                nprint("+ $NIKTO{'total_checks'} items checked: $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host");
+                }
+        else { 
+                nprint("+ Scan terminated:  $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host");
+                }
         nprint("+ End Time:           $time ($elapsed seconds)");
     }

trunk/plugins/nikto_apache_expect_xss.plugin

@@ -39 +39 @@
 
 sub nikto_apache_expect_xss {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my %headers = ('Expect', '<script>alert(xss)</script>');

trunk/plugins/nikto_apacheusers.plugin

@@ -46 +46 @@
 
 sub nikto_apacheusers {
+    return if $mark->{'terminate'};
     my ($mark, $parameters) = @_;
     my $apacheusers = 0;
@@ -156 +157 @@
     my @foundusers = ();
     while (length($text) <= $size) {
+        return if $mark->{'terminate'};
         if (($ctr % 500) eq 0) { nprint("- User enumeration guess $ctr ($text)", "v"); }
         ($result, $content) =
@@ -186 +188 @@
     # Now attempt on each entry
     while (<IN>) {
+        return if $mark->{'terminate'};
         chomp;
         s/\#.*$//;

trunk/plugins/nikto_auth.plugin

@@ -133 +133 @@
     # Now we have this we can try guessing the password
     foreach my $entry (@{$REALMS}) {
+        return if $mark->{'terminate'};
         unless ($realm =~ /$entry->{'realm'}/i || $entry->{'realm'} eq '@ANY') { next; }
 

trunk/plugins/nikto_cgi.plugin

@@ -62 +62 @@
     {
         foreach $possiblecgidir (@CFGCGI) {
+            return if $mark->{'terminate'};
             ($res, $content) = nfetch($mark, $possiblecgidir, "GET", "", "", "", "cgi dir check");
             nprint("Checked for CGI dir\t$possiblecgidir\tgot:$res", "d");

trunk/plugins/nikto_core.plugin

@@ -268 +268 @@
 
     foreach my $file (keys %REQS) {
+        return if $mark->{'terminate'};
         nprint("- Testing error for file: $file\n", "v");
         %headers = ();
@@ -741 +742 @@
     if ($key eq ' ') {
         status_report();
-        return;
     }
     elsif ($key eq 'v') {
@@ -783 +783 @@
         nprint("- Resuming.");
     }
+    elsif ($key eq 'N') {
+        nprint("- Terminating host scan.");
+        return 'term'; #$mark->{'terminate'}=1;
+        }
     return;
 }
@@ -1458 +1462 @@
 sub run_hooks {
     my ($mark, $type, $request, $result) = @_;
+    return if $mark->{'terminate'};
 
     foreach my $plugin (@{ $PLUGINORDER{$type} }) {
+        return if $mark->{'terminate'};
         my ($run) = 1;
 
@@ -2025 +2031 @@
     # check for keyboard input
     if (($NIKTO{'totalrequests'} % 10) == 0) {
-        check_input();
+        if (check_input() eq 'term') { $mark->{'terminate'}=1; }
     }
 
@@ -2054 +2060 @@
     unless ($flags->{'noprefetch'}) {
         (%$request, %$result) = run_hooks($mark, "prefetch", \%request, \%result);
-    }
+        }
 
     # Check cache

trunk/plugins/nikto_dictionary_attack.plugin

@@ -39 +39 @@
 
 sub nikto_dictionary_attack {
+    return if $mark->{'terminate'};
     my ($mark, $parameters) = @_;
 
@@ -70 +71 @@
     # Now attempt on each entry
     while (<IN>) {
+        return if $mark->{'terminate'};
         chomp;
         s/\#.*$//;

trunk/plugins/nikto_embedded.plugin

@@ -44 +44 @@
 
 sub nikto_embedded {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my $dbarray;
@@ -49 +50 @@
 
     foreach my $item (@$dbarray) {
+        return if $mark->{'terminate'};
         (my $res, $content) =
           nfetch($mark, $item->{'uri'}, "GET", "", "", "", "embedded detection");

trunk/plugins/nikto_favicon.plugin

@@ -37 +37 @@
 
 sub nikto_favicon {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my ($RES, $CONTENT) = nfetch($mark, "/favicon.ico", "GET", "", "", "", "favicon");

trunk/plugins/nikto_headers.plugin

@@ -45 +45 @@
 
 sub nikto_headers_postfetch {
+    return if $mark->{'terminate'};
     my ($mark, $parameters, $request, $result) = @_;
 
@@ -63 +64 @@
 
 sub nikto_headers_check {
+    return if $mark->{'terminate'};
     my ($mark, $result, $header, $message, $tid) = @_;
 
@@ -87 +89 @@
 
 sub nikto_headers {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my $dbarray = init_db("db_headers");
@@ -96 +99 @@
     foreach
       my $f (qw/\/index.asp \/junk999.asp \/index.aspx \/junk988.aspx \/login.asp \/login.aspx/) {
+        return if $mark->{'terminate'};
         (my $res, $content) =
           nfetch($mark, $f, "GET", "", \%transheaders, "", "headers: Translate-f #1");
@@ -227 +231 @@
     # Try to grab a standard file
     foreach my $f (qw/\/index.html \/index.htm \/robots.txt/) {
+        return if $mark->{'terminate'};
         (my $res, $content) = nfetch($mark, $f, "GET", "", \%headers, "", "headers: etag");
         last if (defined $headers{'etag'});

trunk/plugins/nikto_httpoptions.plugin

@@ -42 +42 @@
 
 sub nikto_httpoptions {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my %headers;
@@ -100 +101 @@
     # Check for other weirdness
     # IIS Debug
-
+    return if $mark->{'terminate'};
     ($res, $content) = nfetch($mark, "/", "DEBUG", "", "", "", "httpoptions: DEBUG");
     if ($res == 200) {
@@ -113 +114 @@
 
     # IIS PROPFIND HEADER
+    return if $mark->{'terminate'};
     %headers = ("Host"           => "",
                 "Content-Length" => "0",);
@@ -134 +136 @@
         # Check for all flavours of HTTP
         foreach my $version (split(/ /, "1.0 1.1")) {
+            return if $mark->{'terminate'};
             $request{'whisker'}{'version'} = $version;
             ($res, $content) =

trunk/plugins/nikto_msgs.plugin

@@ -45 +45 @@
 
 sub nikto_msgs {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my $dbarray;
@@ -66 +67 @@
 
         # Computer name
+        return if $mark->{'terminate'};
         my $name = $CONTENT;
         $name =~ s#(^.*<ComputerName>)([a-zA-Z0-9]*)(</ComputerName>.*$)#$2#;
@@ -83 +85 @@
           nfetch($mark, "/cpqlogin.htm", "GET", "", "", "", "msgs: CompaqHTTPServer");
         next unless ($RES == 200);
+        return if $mark->{'terminate'};
         my $ipaddrs = "";
         my $name;

trunk/plugins/nikto_multiple_index.plugin

@@ -42 +42 @@
     my ($found, $hashes);
     foreach my $item (@$dbarray) {
+        return if $mark->{'terminate'};
 
         # Use nfetch to minimise extra code

trunk/plugins/nikto_outdated.plugin

@@ -37 +37 @@
 
 sub nikto_outdated {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
 
@@ -70 +71 @@
         else                                     # must create  sepr
         {
-
             # use the last non 0-9 . a-z char as a sepr (' ', '-', '_' etc)
             my $sepr = $mark->{'banner'};
@@ -120 +120 @@
 
 sub vereval {
-
     # split both by last char of @_[0], as it is the name to version separator
     my $sepr = substr($_[2], (length($_[2]) - 1), 1);

trunk/plugins/nikto_put_del_test.plugin

@@ -38 +38 @@
 
 sub nikto_put_del_test {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my $msg;

trunk/plugins/nikto_robots.plugin

@@ -40 +40 @@
 
 sub nikto_robots {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my %headers;

trunk/plugins/nikto_subdomain.plugin

@@ -39 +39 @@
 
 sub nikto_subdomain {
+    return if $mark->{'terminate'};
     my ($mark) = @_;
     my $dbarray = init_db("db_subdomains");
@@ -61 +62 @@
 
     foreach my $item (@$dbarray) {
+        return if $mark->{'terminate'};
 
         # Use nfetch to minimize extra code

trunk/plugins/nikto_tests.plugin

@@ -42 +42 @@
 
 sub nikto_tests {
+    return if $mark->{'terminate'};
     my ($mark, $parameters) = @_;
 
     # this is the actual the looped code for all the checks
     foreach my $checkid (sort keys %TESTS) {
+        return if $mark->{'terminate'};
         if ($checkid >= 500000) { next; }    # skip TESTS added manually during run (for reports)
                                              # replace variables in the uri
@@ -52 +54 @@
         # Now repeat for each uri
         foreach my $uri (@urilist) {
+            return if $mark->{'terminate'};
             my %headers;
             (my $res, $content, $error) =
@@ -183 +186 @@
 
     foreach my $dir (@DIRS) {
+    return if $mark->{'terminate'};
         foreach my $file (@PFILES) {
             next if ($file eq "");
@@ -190 +194 @@
 
             foreach my $ext (@EXTS) {
+                return if $mark->{'terminate'};
 
                 # dir/file.ext
@@ -238 +243 @@
     foreach my $dir (keys %DIRS) {
         foreach my $file (keys %FILES) {
+            return if $mark->{'terminate'};
             testfile($mark, "$dir$file", "all checks", 299999);
         }
@@ -244 +250 @@
 
 sub testfile {
+    return if $mark->{'terminate'};
     my ($mark, $uri, $name, $tid) = @_;
     my ($res, $content, $error) = nfetch($mark, "$uri", "GET", "", "", "", "Tests: $name");