Changeset 70 for trunk/plugins/nikto_httpoptions.plugin
- Timestamp:
- 09/12/2008 12:34:19 PM (5 years ago)
- File:
-
- 1 edited
-
trunk/plugins/nikto_httpoptions.plugin (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/plugins/nikto_httpoptions.plugin
r44 r70 1 #VERSION,2.0 31 #VERSION,2.04 2 2 # $Id$ 3 3 … … 30 30 sub nikto_httpoptions 31 31 { 32 # test for both OPTIONS / and OPTIONS * as they may give different results 33 (my $RES, $CONTENT) = fetch("*", "OPTIONS"); 34 my $aoptions = "$result{allow}, "; 35 my $poptions = "$result{public}, "; 36 my ($allow_methods, $public_methods, $txt); 32 # test for both OPTIONS / and OPTIONS * as they may give different results 33 (my $RES, $CONTENT) = fetch("*", "OPTIONS"); 34 my $aoptions = "$result{allow}, "; 35 my $poptions = "$result{public}, "; 36 my ($allow_methods, $public_methods, $txt); 37 my $dbarray; 37 38 38 ($RES, $CONTENT) = fetch("/", "OPTIONS"); 39 $aoptions .= $result{allow}; 40 $poptions .= $result{public}; 39 $dbarray=initialise_db("db_httpoptions"); 41 40 42 foreach my $o (split(/,[ ]?/, $aoptions)) { $allow_methods .= ", $o" unless ($allow_methods =~ /\b$o\b/ || $o eq ''); } 43 $allow_methods =~ s/^[ ]?, //; 44 foreach my $o (split(/,[ ]?/, $poptions)) { $public_methods .= ", $o" unless ($public_methods =~ /\b$o\b/ || $o eq ''); } 45 $public_methods =~ s/^[ ]?, //; 41 ($RES, $CONTENT) = fetch("/", "OPTIONS"); 42 $aoptions .= $result{allow}; 43 $poptions .= $result{public}; 46 44 47 # proxy can impose it's methods... should actually check this not just warn 48 if ($CLI{useproxy} ne "") { $txt = "(May be proxy's methods, not server's)"; } 45 foreach my $o (split(/,[ ]?/, $aoptions)) { $allow_methods .= ", $o" unless ($allow_methods =~ /\b$o\b/ || $o eq ''); } 46 $allow_methods =~ s/^[ ]?, //; 47 foreach my $o (split(/,[ ]?/, $poptions)) { $public_methods .= ", $o" unless ($public_methods =~ /\b$o\b/ || $o eq ''); } 48 $public_methods =~ s/^[ ]?, //; 49 49 50 if ($allow_methods ne "") 51 { 52 $TARGETS{$CURRENT_HOST_ID}{positives}{999990} = 1; 53 $TESTS{999990}{message} = "Allowed HTTP Methods: $allow_methods $txt"; 54 $TESTS{999990}{osvdb} = 0; 55 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 56 nprint("- $TESTS{999990}{message}"); 57 foreach my $m (split /,? /, $allow_methods) { eval_methods($m, "Allow"); } 58 } 50 # proxy can impose it's methods... should actually check this not just warn 51 if ($CLI{useproxy} ne "") { $txt = "(May be proxy's methods, not server's)"; } 59 52 60 if ($public_methods ne "") 61 { 62 $TESTS{999985}{message} = "Public HTTP Methods: $public_methods $txt"; 63 $TESTS{999985}{osvdb} = 0; 64 $TARGETS{$CURRENT_HOST_ID}{positives}{999985} = 1; 65 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 66 nprint("- $TESTS{999985}{message}"); 67 foreach my $m (split /,? /, $public_methods) { eval_methods($m, "Public"); } 68 } 69 return; 53 if ($allow_methods ne "") 54 { 55 $TARGETS{$CURRENT_HOST_ID}{positives}{999990} = 1; 56 $TESTS{999990}{message} = "Allowed HTTP Methods: $allow_methods $txt"; 57 $TESTS{999990}{osvdb} = 0; 58 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 59 nprint("- $TESTS{999990}{message}"); 60 foreach my $m (split /,? /, $allow_methods) { eval_methods($m, "Allow", $dbarray); } 61 } 62 63 if ($public_methods ne "") 64 { 65 $TESTS{999985}{message} = "Public HTTP Methods: $public_methods $txt"; 66 $TESTS{999985}{osvdb} = 0; 67 $TARGETS{$CURRENT_HOST_ID}{positives}{999985} = 1; 68 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 69 nprint("- $TESTS{999985}{message}"); 70 foreach my $m (split /,? /, $public_methods) { eval_methods($m, "Public", $dbarray); } 71 } 72 73 # Now release memory for the dbarray 74 undef @$dbarray; 75 return; 70 76 } 71 77 72 78 sub eval_methods 73 79 { 74 75 76 $method = uc($method);77 my $prefix = "HTTP method ('$type' Header):";80 my $method = $_[0] || return; 81 my $type = $_[1]; 82 my $dbarray = $_[2]; 83 $method = uc($method); 78 84 79 if ($method eq "CONNECT") 80 { 81 $TESTS{999983}{message} = "$prefix 'CONNECT' may allow server to proxy client requests."; 82 $TESTS{999983}{osvdb} = 0; 83 nprint("+ OSVDB-$TESTS{999983}{osvdb}: $TESTS{999983}{message}"); 84 $TARGETS{$CURRENT_HOST_ID}{positives}{999983} = 1; 85 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 86 } 87 88 elsif ($method eq "MOVE") 89 { 90 $TESTS{999982}{message} = "$prefix 'MOVE' may allow clients to change file locations on the web server."; 91 $TESTS{999982}{osvdb} = 5647; 92 nprint("+ OSVDB-$TESTS{999982}{osvdb}: $TESTS{999982}{message}"); 93 $TARGETS{$CURRENT_HOST_ID}{positives}{999982} = 1; 94 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 95 } 96 97 elsif ($method eq "PROPFIND") 98 { 99 $TESTS{999981}{message} = 100 "$prefix 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is allowed but a default page exists."; 101 $TESTS{999981}{osvdb} = 0; 102 nprint("+ OSVDB-$TESTS{999981}{osvdb}: $TESTS{999981}{message}"); 103 $TARGETS{$CURRENT_HOST_ID}{positives}{999981} = 1; 104 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 105 } 106 107 elsif ($method eq "SEARCH") 108 { 109 $TESTS{999980}{message} = "$prefix 'SEARCH' indicates DAV/WebDAV is installed, and may be used to get directory listings if Index Server is running."; 110 $TESTS{999981}{osvdb} = 425; 111 nprint("+ OSVDB-$TESTS{999980}{osvdb}: $TESTS{999980}{message}"); 112 $TARGETS{$CURRENT_HOST_ID}{positives}{999980} = 1; 113 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 114 } 115 116 elsif ($method eq "PUT") 117 { 118 $TESTS{999978}{message} = "$prefix 'PUT' method could allow clients to save files on the web server."; 119 $TESTS{999978}{osvdb} = 397; 120 nprint("+ OSVDB-$TESTS{999978}{osvdb}: $TESTS{999978}{message}"); 121 $TARGETS{$CURRENT_HOST_ID}{positives}{999978} = 1; 122 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 123 } 124 125 elsif ($method eq "TRACE") 126 { 127 $TESTS{999979}{message} = 128 "$prefix 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST."; 129 $TESTS{999979}{osvdb} = 877; 130 nprint("+ OSVDB-$TESTS{999979}{osvdb}: $TESTS{999979}{message}"); 131 $TARGETS{$CURRENT_HOST_ID}{positives}{999979} = 1; 132 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 133 } 134 135 elsif ($method eq "PROPPATCH") 136 { 137 $TESTS{999977}{message} = "$prefix 'PROPPATCH' indicates DAV/WebDAV is installed."; 138 $TESTS{999977}{osvdb} = 0; 139 nprint("+ OSVDB-$TESTS{999977}{osvdb}: $TESTS{999977}{message}"); 140 $TARGETS{$CURRENT_HOST_ID}{positives}{999977} = 1; 141 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 142 } 143 144 elsif ($method eq "DELETE") 145 { 146 $TESTS{999976}{message} = "$prefix 'DELETE' may allow clients to remove files on the web server."; 147 $TESTS{999976}{osvdb} = 5646; 148 nprint("+ OSVDB-$TESTS{999976}{osvdb}: $TESTS{999976}{message}"); 149 $TARGETS{$CURRENT_HOST_ID}{positives}{999976} = 1; 150 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 151 } 152 153 elsif ($method eq "TRACK") 154 { 155 $TESTS{999975}{message} = 156 " $prefix 'TRACK' ('TRACE' alias) is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST."; 157 $TESTS{999975}{osvdb} = 5648; 158 nprint("+ OSVDB-$TESTS{999975}{osvdb}: $TESTS{999975}{message}"); 159 $TARGETS{$CURRENT_HOST_ID}{positives}{999975} = 1; 160 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 161 } 85 # Now search database for the method. 86 foreach my $item (@$dbarray) 87 { 88 if ($item->{method} eq $method) 89 { 90 $TESTS{$item->{nikto_id}}{message} = $item->{message}; 91 $TESTS{$item->{nikto_id}}{message} =~ s/\@TYPE\@/$type/; 92 $TESTS{$item->{nikto_id}}{osvdb} = $item->{osvdb}; 93 nprint("+ OSVDB-$item->{osvdb}: $TESTS{$item->{nikto_id}}{message}"); 94 $TARGETS{$CURRENT_HOST_ID}{positives}{$item->{nikto_id}} = 1; 95 $TARGETS{$CURRENT_HOST_ID}{total_vulns}++; 96 } 97 } 162 98 } 163 99
Note: See TracChangeset
for help on using the changeset viewer.
