Ticket #58 (new enhancement)

Opened 4 years ago

Last modified 3 years ago

patch: add all tested itemids as template variable

Reported by: steve01 Owned by:
Priority: medium Milestone: Future
Component: Reporting Version: 2.03
Severity: normal Keywords:
Cc:

Description

Not sure if this is the correct place for this, but the nikto-discuss mailman web interface rejects my email address saying there is no @ in it (maybe because my email address is of the form w@…).

This patch adds a template variable that contains the itemids of all things tested and also adds this to the standard XML report. This is against the nikto-current distributed at  http://www.cirt.net/nikto/nikto-current.tar.gz 

diff -Naur ../orig/plugins/nikto_reports.plugin ./plugins/nikto_reports.plugin
--- ../orig/plugins/nikto_reports.plugin        2008-09-04 13:00:41.000000000 -0400
+++ ./plugins/nikto_reports.plugin      2008-09-15 18:31:18.169663592 -0400
@@ -129,6 +129,7 @@
     $variables{"#TEMPL_LINK_NAME"}          = "$protocol://$TARGETS{$CURRENT_HOST_ID}{hostname}:$CURRENT_PORT";
     $variables{"#TEMPL_LINK_IP"}            = "$protocol://$TARGETS{$CURRENT_HOST_ID}{ip}:$CURRENT_PORT/";
     $variables{"#TEMPL_ITEMS_FOUND"}        = $TARGETS{$CURRENT_HOST_ID}{total_vulns};
+    $variables{"#TEMPL_ITEMS_ITEMIDS"}      = join(',', keys %TESTS);

     if ($TARGETS{$CURRENT_HOST_ID}{hostname} ne "")
     {
diff -Naur ../orig/templates/xml_close.tmpl ./templates/xml_close.tmpl
--- ../orig/templates/xml_close.tmpl    2008-09-04 13:00:41.000000000 -0400
+++ ./templates/xml_close.tmpl  2008-09-15 18:32:37.282099523 -0400
@@ -1 +1,2 @@
+<tested_itemids>#TEMPL_ITEMS_ITEMIDS</tested_itemids>
 </niktoscan>

Change History

Changed 4 years ago by deity

It's a good idea; and I like what you're doing here (as it aids the repeatability or a test and show differences 'twixt two tests).

Unfortunately, as it's currently written it won't work, either on 2.03, or on the trunk version, as several items aren't written to the TESTS hash unless they're successfully tested.

What's worse is that, in trying to make nikto thread safe, I'm cutting out a lot of global variables and the TESTS variable is one of those destined for the chop (globals being the bane of threading).

I'm going to leave this call open, and when I rework the plugin architecture I'll ensure that a method to accurately record all tests to be performed in the plugin is part of it.

Changed 4 years ago by deity

  • version changed from 2.02 to 2.03
  • milestone changed from Nikto 2.03 to Nikto 2.04

Changed 3 years ago by deity

  • milestone changed from Nikto 2.04 to Nikto 2.10

Changed 3 years ago by deity

  • milestone changed from Nikto 2.1.0 to Future

Moving this to future: I want to add a way of registering tids for each plugin (to minimise duplication). This'll be added then.

Note: See TracTickets for help on using tickets.