Changeset 87


Ignore:
Timestamp:
11/11/2008 07:13:19 PM (5 years ago)
Author:
deity
Message:

Added report phase to plugin runner

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/config.txt

    r77 r87  
    4545######################################################################################################### 
    4646#PROXYHOST=127.0.0.1 
    47 #PROXYPORT=8080 
     47#PROXYPORT=3128 
    4848#PROXYUSER=proxyuserid 
    4949#PROXYPASS=proxypassword 

  • trunk/docs/CHANGES.txt

    r85 r87  
     12008-11-11 plugins/nikto_core.plugin nikto.pl plugins/nikto_reports.plugin 
     2        - Added report phase to plugin runner 
    132008-10-09 plugins/nikto_core.plugin nikto.pl 
    24        - Further tunings to authentication code to simplify it. 

  • trunk/nikto.pl

    r84 r87  
    4141 
    4242# global var/definitions 
    43 use vars qw/$TEMPLATES %ERRSTRINGS %VERSIONS %CLI %VARIABLES %TESTS $CONTENT %FILES $CURRENT_HOST_ID $CURRENT_PORT/; 
    44 use vars qw/%REALMS %REALMS_TESTED %NIKTOCONFIG %NIKTO %OUTPUT %SERVER %request %result %COUNTERS $STARTTIME/; 
     43use vars qw/$TEMPLATES %ERRSTRINGS %CLI %VARIABLES %TESTS $CONTENT $CURRENT_HOST_ID $CURRENT_PORT/; 
     44use vars qw/%NIKTO %REALMS %NIKTOCONFIG %request %result %COUNTERS $STARTTIME/; 
    4545use vars qw/%db_extensions %FoF %UPDATES $DIV %TARGETS @DBFILE @SERVERFILE @BUILDITEMS $PROXYCHECKED $http_eol/; 
    4646use vars qw/@RESULTS @PLUGINS/; 
     
    6767require "$NIKTO{plugindir}/nikto_core.plugin";    ### Change this line if your setup is having trouble finding it 
    6868nprint("T:$STARTTIME: Starting", "d"); 
    69 require "$NIKTO{plugindir}/nikto_reports.plugin";    ### Change this line if your setup is having trouble finding it 
     69#require "$NIKTO{plugindir}/nikto_reports.plugin";    ### Change this line if your setup is having trouble finding it 
    7070require "$NIKTO{plugindir}/nikto_single.plugin";     ### Change this line if your setup is having trouble finding it 
    7171require "$NIKTO{plugindir}/LW2.pm";                  ### Change this line if your setup is having trouble finding it 
     
    8989proxy_setup(); 
    9090 
    91 open_output(); 
     91#open_output(); 
    9292nprint($DIV); 
    9393 
     
    158158                test_target(); 
    159159            } 
    160             write_output(); 
     160            run_report(); 
    161161        } 
    162162    } 

  • trunk/plugins/db_outdated

    r73 r87  
    385385"600374","Microsoft_PWS_Mac/","4.0b1","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    386386"600375","Microsoft-HTTPAPI/","1.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    387 "600376","Microsoft-IIS/","6.0","@RUNNING_VER appears to be outdated (4.0 for NT 4, 5.0 for Win2k)" 
     387"600376","Microsoft-IIS/","6.0","@RUNNING_VER appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least @CURRENT_VER)" 
    388388"600377","Microsoft-Internet-Information-Server/","1.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 
    389389"600378","Microsoft-PWS-95/","2.0","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)" 

  • trunk/plugins/nikto_apacheusers.plugin

    r79 r87  
    5050      if ($CONTENT !~ /forbidden/i)    # Good, it gave an error instead of forbidden 
    5151      { 
    52          add_vulnerability(CURRENT_HOST_ID, "Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).", 999999, 637, "GET", "/~root"); 
     52         add_vulnerability($CURRENT_HOST_ID, "Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).", 999999, 637, "GET", "/~root"); 
    5353      } 
    5454   } 

  • trunk/plugins/nikto_core.plugin

    r84 r87  
    173173 
    174174            $TESTS{$CHECKID}{osvdb} =~ s/\s+/ OSVDB\-/g; 
    175             add_vulnerability($CURRENT_HOST_ID,"$TESTS{$CHECKID}{method} $request{whisker}{uri}: $TESTS{$CHECKID}{message}",$CHECKID,$TESTS{$CHECKID}{osvdb},"",$uri); 
     175            add_vulnerability($CURRENT_HOST_ID,"$request{whisker}{uri}: $TESTS{$CHECKID}{message}",$CHECKID,$TESTS{$CHECKID}{osvdb},$TESTS{$CHECKID}{method},$uri); 
    176176         } 
    177177      } 
     
    590590     
    591591 return; 
    592 } 
    593 ############################################################################### 
    594 sub badargs 
    595 { 
    596  print("HERE\n"); 
    597  my $i; 
    598  for ($i=0;$i<=$#_;$i++) 
    599  { 
    600   print("Argument: $_[$i]\n"); 
    601  } 
    602592} 
    603593############################################################################### 
     
    14221412            $pluginhash->{recon_weight}=50 unless (defined $pluginhash->{recon_weight}); 
    14231413            $pluginhash->{scan_weight}=50 unless (defined $pluginhash->{scan_weight}); 
     1414            $pluginhash->{report_weight}=50 unless (defined $pluginhash->{report_weight}); 
    14241415            push(@PLUGINS, $pluginhash); 
    14251416            nprint("- Loaded \"$pluginhash->{full_name}\" plugin.","v"); 
     
    14771468               nprint("- Running scan for \"$plugin->{full_name}\" plugin","v"); 
    14781469               &{$plugin->{scan_method}}; 
     1470            } 
     1471         } 
     1472      } 
     1473   } 
     1474    
     1475   return; 
     1476} 
     1477    
     1478sub run_report 
     1479{ 
     1480   nprint("- Entering report phase","v"); 
     1481   # This is a frig until I can think of a better way of achieving it 
     1482   foreach my $i (1..100) 
     1483   { 
     1484      foreach my $plugin (@PLUGINS) 
     1485      { 
     1486         if (defined $plugin->{report_method} && $plugin->{report_weight} == $i) 
     1487         { 
     1488            my $run=1; 
     1489            # first check for conditionals 
     1490            if (defined $plugin->{report_cond}) 
     1491            { 
     1492               # Evaluate condition 
     1493               $run=eval "$plugin->{report_cond}"; 
     1494            } 
     1495            if ($run) 
     1496            {    
     1497               nprint("- Running report for \"$plugin->{full_name}\" plugin","v"); 
     1498               &{$plugin->{report_method}}; 
    14791499            } 
    14801500         } 

  • trunk/plugins/nikto_reports.plugin

    r78 r87  
    2424# Reporting 
    2525############################################################################### 
     26sub nikto_reports_init 
     27{ 
     28   my $id = 
     29   { 
     30      name         => "reports", 
     31      full_name    => "Report as XML or HTML", 
     32      author       => "Sullo", 
     33      description  => "Produces an XML or HTML report.", 
     34      recon_method => \&open_output, 
     35      report_method  => \&write_output, 
     36      copyright    => "2008 CIRT Inc." 
     37   }; 
     38   return $id; 
     39} 
    2640 
    2741sub open_output 
Note: See TracChangeset for help on using the changeset viewer.