Skip to content

Commit

Permalink
Ran tidy for #727
Browse files Browse the repository at this point in the history
  • Loading branch information
sullo committed Dec 3, 2023
1 parent e9a33db commit 150cb9e
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 45 deletions.
10 changes: 6 additions & 4 deletions program/plugins/nikto_auth.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,8 @@ sub nikto_auth {
$save_auth = $response->{'www-authenticate'};

# Now we can try the passwords
nprint("Testing creds for '$realm'", "v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
nprint("Testing creds for '$realm'",
"v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
my $success = 0;
foreach my $entry (@{$REALMS}) {
return if $mark->{'terminate'};
Expand Down Expand Up @@ -164,7 +165,7 @@ sub nikto_auth {
$mark->{'realms'}{$realm}{'password'} = $entry->{'password'};
$mark->{'realms'}{$realm}{'authtype'} = $authtype;

if ($response->{'whisker'}->{'code'} !~ /40[13]/
if ( $response->{'whisker'}->{'code'} !~ /40[13]/
&& $response->{'whisker'}->{'code'} ne "500"
&& !defined $response->{'whisker'}->{'error'}) {
unless ($entry->{'checked'} == 1) {
Expand All @@ -180,7 +181,8 @@ sub nikto_auth {
$ref = "CWE-16";
}
else {
$message = $request->{'whisker'}->{'uri'} .": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}.";
$message = $request->{'whisker'}->{'uri'}
. ": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}.";
$ref = "CWE-16";
}

Expand All @@ -189,7 +191,7 @@ sub nikto_auth {
$request, $response);

# Mark it successful
$success = 1;
$success = 1;
$entry->{'checked'} = 1;
$mark->{'realms'}{$realm}{'status'} = 1;
$mark->{'realms'}{'default'} = $mark->{'realms'}{$realm};
Expand Down
9 changes: 6 additions & 3 deletions program/plugins/nikto_cookies.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@ sub nikto_cookies_postfetch {
# secure flag
if ($c !~ /secure/i && $mark->{ssl}) {
add_vulnerability($mark,
$request->{'whisker'}->{'uri'} . ": Cookie $cname created without the secure flag",
$request->{'whisker'}->{'uri'}
. ": Cookie $cname created without the secure flag",
999961,
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
$request->{'whisker'}->{'method'},
Expand All @@ -63,7 +64,8 @@ sub nikto_cookies_postfetch {
# httponly flag
if ($c !~ /httponly/i) {
add_vulnerability($mark,
$request->{'whisker'}->{'uri'} . ": Cookie $cname created without the httponly flag",
$request->{'whisker'}->{'uri'}
. ": Cookie $cname created without the httponly flag",
000137,
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies",
$request->{'whisker'}->{'method'},
Expand Down Expand Up @@ -96,7 +98,8 @@ sub nikto_cookies_postfetch {
# is it an internal, or just different?
my $int;
if ($internal) { $int = "RFC-1918 "; }
$msg = $request->{'whisker'}->{'uri'} . ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\".";
$msg = $request->{'whisker'}->{'uri'}
. ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\".";
}
add_vulnerability($mark, $msg, 999991, $refs,
$request->{'whisker'}->{'method'},
Expand Down
11 changes: 7 additions & 4 deletions program/plugins/nikto_core.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -1544,13 +1544,13 @@ sub check_dbs {
nprint("\t+ ERROR: Possible \@CGIDIRS misspelling: $line");
}
if ($L[3] =~ /[\s]/) {
nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");
nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'");
}
if ($line =~ /[^\\]"\s/) {
nprint("\t+ ERROR: space after quote #$L[0]: $line");
nprint("\t+ ERROR: space after quote #$L[0]: $line");
}
if ($line =~ /\s"/) {
nprint("\t+ ERROR: space before quote #$L[0]: $line");
nprint("\t+ ERROR: space before quote #$L[0]: $line");
}
$ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]"}++;
if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) {
Expand Down Expand Up @@ -2476,7 +2476,10 @@ sub nfetch {

# Set auth
if ($mark->{'realms'}{'default'}{'authtype'} ne '') {
LW2::auth_set($mark->{'realms'}{'default'}{'authtype'}, $request, $mark->{'realms'}{'default'}{'id'}, $mark->{'realms'}{'default'}{'password'});
LW2::auth_set($mark->{'realms'}{'default'}{'authtype'},
$request,
$mark->{'realms'}{'default'}{'id'},
$mark->{'realms'}{'default'}{'password'});
}

# Set cookies
Expand Down
12 changes: 9 additions & 3 deletions program/plugins/nikto_embedded.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,15 @@ sub nikto_embedded {
$model =~ s/\+/ /g;

if ($model ne "") {
add_vulnerability($mark, "$item->{'uri'}: $item->{'message'} $model",
$item->{'nikto_id'}, "", "GET", $item->{'uri'}, $request,
$response);
add_vulnerability($mark,
"$item->{'uri'}: $item->{'message'} $model",
$item->{'nikto_id'},
"",
"GET",
$item->{'uri'},
$request,
$response
);
}
}
}
Expand Down
34 changes: 17 additions & 17 deletions program/plugins/nikto_headers.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -245,16 +245,16 @@ sub nikto_headers_postfetch {
$HFOUND{'x-drupal-cache'} = 1;
}
if (defined $result->{'link'} && $HFOUND{'link'} != 1) {
add_vulnerability($mark,
$request->{'whisker'}{'uri'}
. ": Link header found with value: $result->{'link'}.",
"000427",
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link",
$request->{'whisker'}->{'method'},
$request->{'whisker'}->{'uri'},
$request,
$result
);
add_vulnerability(
$mark,
$request->{'whisker'}{'uri'} . ": Link header found with value: $result->{'link'}.",
"000427",
"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link",
$request->{'whisker'}->{'method'},
$request->{'whisker'}->{'uri'},
$request,
$result
);
$HFOUND{'link'} = 1;
}

Expand Down Expand Up @@ -372,19 +372,19 @@ sub nikto_headers_postfetch {
my ($protocol, $msg);
$result->{'alt-svc'} =~ /.*(h[23])="([^"]+)"/;
my $endpoint = $2;
if ($1 eq "h2") {
$protocol = "HTTP/2 over TLS";
if ($1 eq "h2") {
$protocol = "HTTP/2 over TLS";
}
elsif ($1 eq "h2c") {
$protocol = "HTTP/2 over TCP";
$msg = " Unencrypted.";
elsif ($1 eq "h2c") {
$protocol = "HTTP/2 over TCP";
$msg = " Unencrypted.";
}
elsif ($1 eq "h3") {
$protocol = "HTTP/3";
$msg = " Nikto cannot test HTTP/3 over QUIC.";
}
else {
$protocol = $1;
else {
$protocol = $1;
}

add_vulnerability(
Expand Down
32 changes: 18 additions & 14 deletions program/plugins/nikto_put_del_test.plugin
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,15 @@ sub nikto_put_del_test {
nfetch($mark, $uri, "GET", "", "", "", "put_del_test: GET");
if ($content =~ /This was a Nikto test/) {
add_vulnerability(
$mark,
"$uri: HTTP method 'PUT' allows clients to save files on the web server.",
999995,
"https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled",
"PUT",
$uri,
$request,
$response
);
$mark,
"$uri: HTTP method 'PUT' allows clients to save files on the web server.",
999995,
"https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled",
"PUT",
$uri,
$request,
$response
);

# we were able to put it there--can we delete it?
($res, $content, $error, $request, $response) =
Expand All @@ -65,11 +65,15 @@ sub nikto_put_del_test {
if ($content !~ /This was a Nikto test/) # gone now
{
add_vulnerability(
$mark,
"$uri: HTTP method 'DELETE' allows clients to delete files on the web server.",
999994, "https://cwe.mitre.org/data/definitions/650.html",
"DELETE", $uri, $request, $response
);
$mark,
"$uri: HTTP method 'DELETE' allows clients to delete files on the web server.",
999994,
"https://cwe.mitre.org/data/definitions/650.html",
"DELETE",
$uri,
$request,
$response
);
}
}
}
Expand Down

0 comments on commit 150cb9e

Please sign in to comment.