Changeset 616


Ignore:
Timestamp:
01/31/2011 09:12:21 PM (2 years ago)
Author:
sullo
Message:

Not all udb* files were loaded properly
Server name not properly printed in update/submission output

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/docs/CHANGES.txt

    r614 r616  
    2222        - Ticket 155: -findonly is deprecated in favor of -Plugins "@@NONE" (-f will replicate this functionality) 
    2323        - Ticket 82: Auth is now checked per realm, not per resource 
     24        - Not all udb* files were loaded properly 
     25        - Server name not properly printed in update/submission output 
    2426        - Created $mark->{'components'} to store server build items instead of @BUILDITEMS 
    2527        - Variable consolidation & memory usage cleanup 

  • trunk/nikto.pl

    r611 r616  
    4949$VARIABLES{'name'}        = "Nikto"; 
    5050$VARIABLES{'version'}     = "2.1.3"; 
    51 $VARIABLES{'configfile'}  = "/etc/nikto.conf";    ### Change this line if it's having trouble finding it 
    52  
    53 # put a signal trap so we can close down reports properly 
     51$VARIABLES{'configfile'}  = "/etc/nikto.conf";    ### Change if it's having trouble finding it 
     52 
     53# signal trap so we can close down reports properly 
    5454$SIG{'INT'} = \&safe_quit; 
    5555 
    56 # read the --config option 
     56# read just the --config option 
    5757{ 
    5858    my %optcfg; 

  • trunk/plugins/nikto_core.plugin

    r615 r616  
    16281628    my $code_updates = 0; 
    16291629    my $serverdir    = "/nikto/UPDATES/$VARIABLES{'version'}"; 
     1630    my $server = "CIRT.net"; 
    16301631 
    16311632    # set up our mark 
    1632     my %mark = ('ident' => 'cirt.net', 
     1633    my %mark = ('ident' => 'www.cirt.net', 
    16331634                'ssl'   => 0, 
    16341635                'port'  => 80 
     
    16461647        } 
    16471648    } 
    1648     ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('cirt.net'); 
     1649    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('www.cirt.net'); 
    16491650 
    16501651    # retrieve versions file 
     
    23872388            "\n 
    23882389      ********************************************************************* 
    2389       Portions of the server's ident string ($updated_version) are not in 
    2390       the Nikto database or is newer than the known string. Would you like 
     2390      Portions of the server's headers ($updated_version) are not in 
     2391      the Nikto database or are newer than the known string. Would you like 
    23912392      to submit this information (*no server specific data*) to CIRT.net 
    23922393      for a Nikto update (or you may email to sullo\@cirt.net) (y/n)? ", "" 
     
    24092410    } 
    24102411 
    2411     ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('cirt.net'); 
     2412    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('www.cirt.net'); 
    24122413 
    24132414    ($RES, $CONTENT) = nfetch(\%mark, "/cgi-bin/versions?DATA=$updated_version", "GET"); 
     
    24282429 
    24292430    if ($CONTENT !~ /SUCCESS/) { 
    2430         nprint("+ ERROR: ($RES, $CONTENT): Unable to send update info to cirt.net"); 
     2431        nprint("+ ERROR: ($RES, $CONTENT): Unable to send update info to CIRT.net"); 
    24312432    } 
    24322433    else { 
     
    25122513                               x     Reverse Tuning Options (i.e., include all except specified) 
    25132514       -useproxy          Use the proxy defined in nikto.conf 
    2514        -update            Update databases and plugins from cirt.net 
     2515       -update            Update databases and plugins from CIRT.net 
    25152516       -vhost+            Virtual host (for Host header) 
    25162517       -Version           Print plugin and database versions 
     
    25432544       -timeout+           Timeout (default 2 seconds) 
    25442545       -Tuning+            Scan tuning 
    2545        -update             Update databases and plugins from cirt.net 
     2546       -update             Update databases and plugins from CIRT.net 
    25462547       -vhost+             Virtual host (for Host header) 
    25472548       -Version            Print plugin and database versions 
     
    25872588        } 
    25882589    } 
     2590    close(IN); 
     2591 
     2592    # and now the udb_* file 
     2593    $filename = "$CONFIGFILE{PLUGINDIR}/u" . $dbname; 
     2594    if (open(IN, "<$filename")) { 
     2595        while (<IN>) { 
     2596                chomp; 
     2597                s/\#.*$//; 
     2598                if ($_ eq "") { next; } 
     2599                # contents; so split them up and apply to hash 
     2600                my @contents = parse_csv($_); 
     2601                my $hashref  = {}; 
     2602                for (my $i = 0 ; $i <= $#contents ; $i++) { 
     2603                        $hashref->{ $headers[$i] } = $contents[$i]; 
     2604                        } 
     2605               push(@dbarray, $hashref); 
     2606                } 
     2607        } 
     2608    close(IN); 
     2609 
    25892610    return \@dbarray; 
    25902611} 
Note: See TracChangeset for help on using the changeset viewer.