Changeset 624

Timestamp:

02/13/2011 03:38:16 AM (2 years ago)

Author:

sullo

Message:

• Tickets 202, 203: Rewrote set_targets to not accidentally collapse targets, which fixed terminate signal issues

Location:

trunk

Files:

• docs/CHANGES.txt (modified) (1 diff)
• plugins/nikto_core.plugin (modified) (8 diffs)

trunk/docs/CHANGES.txt

@@ -9 +9 @@
                 - Properly close <niktoscan>
                 - Incremented nxmlversion to 1.1
+        - Tickets 202, 203: Rewrote set_targets to not accidentally collapse targets, which fixed terminate signal issues
         - Ticket 201: Rewritten & fixed authorization code work better and make fewer requests
         - Ticket 195: Update interactive status counts if mutate options are used

trunk/plugins/nikto_core.plugin

@@ -898 +898 @@
     my $host_ctr = 1;
     my @hosts    = split(/,/, $hostlist);
-    my @ports    = split(/,/, $portlist) if defined $portlist;
-    my (@checkhosts, @results, @marks);
-    my $defaultport = ($ssl) ? 443 : 80;
-
-    # Check for old style portlist and expand
-    my @newports;
-    foreach my $port (@ports) {
+    my @tempports    = split(/,/, $portlist) if defined $portlist;
+    my (@ports, @checkhosts, @results, @marks);
+
+    nprint("- Getting targets", "v");
+
+    # Check for portlist and expand
+    foreach my $port (@tempports) {
         if ($port =~ /-/) {
             my ($start, $end);
@@ -917 +917 @@
             }
             for (my $i = $start ; $i <= $end ; $i++) {
-                push(@newports, $i);
+                push(@ports, $i);
             }
         }
         else {
-            push(@newports, $port);
-        }
-    }
-    @ports = @newports;
-
-    nprint("- Getting targets", "v");
-    if (scalar(@ports) == 1) {
-
-        # Only one port is set, assume that as the default port
-        $defaultport = $ports[0];
-    }
-
-    # check whether it's a file or an entry
+            push(@ports, $port);
+        }
+    }
+
+    # no ports explicitly set, so use default port
+    if (scalar(@ports) == 0) {
+        push(@ports, $defaultport);
+        }
+
+    # check whether -h is a file or an entry
     foreach my $host (@hosts) {
         if (-e $host || $host eq "-") {
@@ -944 +941 @@
     }
 
-    # Now parse the list of checkhosts
+    # Now parse the list of checkhosts, store in %targs by host:port
+    my $targs={};
     foreach my $host (@checkhosts) {
-        my $defhost;
-        my $defport;
         $host =~ s/\s+//g;
         if (!defined $host) { next; }
-        my $markhash = {};
-
-        if ($root ne '') { 
-            $markhash->{'root'} = $root;
-            nprint("- Added -root value of '$root' from CLI", "v");
-            }
+        my ($defhost, $defport)='';
 
         # is it a URL?
@@ -963 +954 @@
             $defhost = $hostdata[2];
             $defport = $hostdata[3];
+            $targs{$defhost . ":" . $defport}= ($root ne "") ? $root : '/';
 
            if (($hostdata[0] ne '/') && ($hostdata[0] ne '') && ($root eq '')) {
-                $markhash->{'root'} = $hostdata[0];
+                $targs{$defhost . ":" . $defport}= $hostdata[0];
                 nprint("- Added -root value of '$hostdata[0]' from URI", "v");
             }
@@ -971 +963 @@
         else {
             my @h = split(/\:|\,/, $host);
-
             $defhost = $h[0];
             $defport = $h[1];
-        }
-
-        # Now skip through all ports if port hasn't been added
-        if ($defport eq "" && scalar(@ports) > 0) {
-
-            foreach $port (@ports) {
-                $markhash->{'ident'} = $defhost;
+            $targs{$defhost . ":" . $defport} = ($root ne "") ? $root : '/'; 
+        }
+}
+
+foreach my $host (keys %targs) { 
+        my ($h, $p) = split(/:/, $host);
+        if ($p eq '') { 
+            foreach my $port (@ports) {
+                my $markhash = {};
+                if ($root ne '') { $markhash->{'root'} = $root; nprint("- Added -root value of '$root' from CLI", "v"); }
+
+                $markhash->{'ident'} = $h;
                 $markhash->{'port'}  = $port;
+                if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }
                 nprint("- Target:$markhash->{'ident'} port:$markhash->{'port'}", "v", $markhash);
                 push(@marks, $markhash);
-            }
-        }
-        else {
-            if ($defport eq "") {
-                $defport = $defaultport;
-            }
-            $markhash->{'ident'} = $defhost;
-            $markhash->{'port'}  = $defport;
-
-            nprint("- Target:$markhash->{'ident'} port:$markhash->{'port'}", "v", $markhash);
-            push(@marks, $markhash);
-        }
-    }
+                }
+            }
+        else {
+                my $markhash = {};
+                if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }
+
+                $markhash->{'ident'} = $h;
+                $markhash->{'port'}  = $p;
+                push(@marks, $markhash);
+                }
+        }
 
     return @marks;
@@ -2062 +2057 @@
 sub nfetch {
     my ($mark, $uri, $method, $data, $headers, $flags, $testid) = @_;
-    sleeper();
     my (%request, %result);
     setup_hash(\%request, $mark, $testid);
@@ -2109 +2103 @@
 
     if (!$incache) {
+        sleeper();
         LW2::http_do_request_timeout(\%request, \%result);
         $COUNTERS{'totalrequests'}++;
@@ -2114 +2109 @@
         # If we got an error, do 1 retry. This should be much more intelligent and configurable!
         if (defined $result{'whisker'}->{'error'} || $result{'whisker'}{'code'} eq '') {
+                sleeper();
                 LW2::http_do_request_timeout(\%request, \%result);
                 $COUNTERS{'totalrequests'}++;