diff --git a/program/plugins/nikto_auth.plugin b/program/plugins/nikto_auth.plugin index 11e2afad..0d49b129 100644 --- a/program/plugins/nikto_auth.plugin +++ b/program/plugins/nikto_auth.plugin @@ -132,7 +132,8 @@ sub nikto_auth { $save_auth = $response->{'www-authenticate'}; # Now we can try the passwords - nprint("Testing creds for '$realm'", "v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'})); + nprint("Testing creds for '$realm'", + "v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'})); my $success = 0; foreach my $entry (@{$REALMS}) { return if $mark->{'terminate'}; @@ -164,7 +165,7 @@ sub nikto_auth { $mark->{'realms'}{$realm}{'password'} = $entry->{'password'}; $mark->{'realms'}{$realm}{'authtype'} = $authtype; - if ($response->{'whisker'}->{'code'} !~ /40[13]/ + if ( $response->{'whisker'}->{'code'} !~ /40[13]/ && $response->{'whisker'}->{'code'} ne "500" && !defined $response->{'whisker'}->{'error'}) { unless ($entry->{'checked'} == 1) { @@ -180,7 +181,8 @@ sub nikto_auth { $ref = "CWE-16"; } else { - $message = $request->{'whisker'}->{'uri'} .": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}."; + $message = $request->{'whisker'}->{'uri'} + . ": Default account found for '$realm' at (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}."; $ref = "CWE-16"; } @@ -189,7 +191,7 @@ sub nikto_auth { $request, $response); # Mark it successful - $success = 1; + $success = 1; $entry->{'checked'} = 1; $mark->{'realms'}{$realm}{'status'} = 1; $mark->{'realms'}{'default'} = $mark->{'realms'}{$realm}; diff --git a/program/plugins/nikto_cookies.plugin b/program/plugins/nikto_cookies.plugin index 7b671de1..5330aef4 100644 --- a/program/plugins/nikto_cookies.plugin +++ b/program/plugins/nikto_cookies.plugin @@ -50,7 +50,8 @@ sub nikto_cookies_postfetch { # secure flag if ($c !~ /secure/i && $mark->{ssl}) { add_vulnerability($mark, - $request->{'whisker'}->{'uri'} . ": Cookie $cname created without the secure flag", + $request->{'whisker'}->{'uri'} + . ": Cookie $cname created without the secure flag", 999961, "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies", $request->{'whisker'}->{'method'}, @@ -63,7 +64,8 @@ sub nikto_cookies_postfetch { # httponly flag if ($c !~ /httponly/i) { add_vulnerability($mark, - $request->{'whisker'}->{'uri'} . ": Cookie $cname created without the httponly flag", + $request->{'whisker'}->{'uri'} + . ": Cookie $cname created without the httponly flag", 000137, "https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies", $request->{'whisker'}->{'method'}, @@ -96,7 +98,8 @@ sub nikto_cookies_postfetch { # is it an internal, or just different? my $int; if ($internal) { $int = "RFC-1918 "; } - $msg = $request->{'whisker'}->{'uri'} . ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\"."; + $msg = $request->{'whisker'}->{'uri'} + . ": ${int}IP address found in the '$cname' cookie. The IP is \"$ip\"."; } add_vulnerability($mark, $msg, 999991, $refs, $request->{'whisker'}->{'method'}, diff --git a/program/plugins/nikto_core.plugin b/program/plugins/nikto_core.plugin index cde744df..f3d89e98 100644 --- a/program/plugins/nikto_core.plugin +++ b/program/plugins/nikto_core.plugin @@ -1544,13 +1544,13 @@ sub check_dbs { nprint("\t+ ERROR: Possible \@CGIDIRS misspelling: $line"); } if ($L[3] =~ /[\s]/) { - nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'"); + nprint("\t+ ERROR: space in file portion test #$L[0]: '$L[3]'"); } if ($line =~ /[^\\]"\s/) { - nprint("\t+ ERROR: space after quote #$L[0]: $line"); + nprint("\t+ ERROR: space after quote #$L[0]: $line"); } if ($line =~ /\s"/) { - nprint("\t+ ERROR: space before quote #$L[0]: $line"); + nprint("\t+ ERROR: space before quote #$L[0]: $line"); } $ENTRIES{"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]"}++; if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) { @@ -2476,7 +2476,10 @@ sub nfetch { # Set auth if ($mark->{'realms'}{'default'}{'authtype'} ne '') { - LW2::auth_set($mark->{'realms'}{'default'}{'authtype'}, $request, $mark->{'realms'}{'default'}{'id'}, $mark->{'realms'}{'default'}{'password'}); + LW2::auth_set($mark->{'realms'}{'default'}{'authtype'}, + $request, + $mark->{'realms'}{'default'}{'id'}, + $mark->{'realms'}{'default'}{'password'}); } # Set cookies diff --git a/program/plugins/nikto_embedded.plugin b/program/plugins/nikto_embedded.plugin index 2b07ef20..4aa7b495 100644 --- a/program/plugins/nikto_embedded.plugin +++ b/program/plugins/nikto_embedded.plugin @@ -59,9 +59,15 @@ sub nikto_embedded { $model =~ s/\+/ /g; if ($model ne "") { - add_vulnerability($mark, "$item->{'uri'}: $item->{'message'} $model", - $item->{'nikto_id'}, "", "GET", $item->{'uri'}, $request, - $response); + add_vulnerability($mark, + "$item->{'uri'}: $item->{'message'} $model", + $item->{'nikto_id'}, + "", + "GET", + $item->{'uri'}, + $request, + $response + ); } } } diff --git a/program/plugins/nikto_headers.plugin b/program/plugins/nikto_headers.plugin index c966d970..5e585314 100644 --- a/program/plugins/nikto_headers.plugin +++ b/program/plugins/nikto_headers.plugin @@ -245,16 +245,16 @@ sub nikto_headers_postfetch { $HFOUND{'x-drupal-cache'} = 1; } if (defined $result->{'link'} && $HFOUND{'link'} != 1) { - add_vulnerability($mark, - $request->{'whisker'}{'uri'} - . ": Link header found with value: $result->{'link'}.", - "000427", - "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link", - $request->{'whisker'}->{'method'}, - $request->{'whisker'}->{'uri'}, - $request, - $result - ); + add_vulnerability( + $mark, + $request->{'whisker'}{'uri'} . ": Link header found with value: $result->{'link'}.", + "000427", + "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link", + $request->{'whisker'}->{'method'}, + $request->{'whisker'}->{'uri'}, + $request, + $result + ); $HFOUND{'link'} = 1; } @@ -372,19 +372,19 @@ sub nikto_headers_postfetch { my ($protocol, $msg); $result->{'alt-svc'} =~ /.*(h[23])="([^"]+)"/; my $endpoint = $2; - if ($1 eq "h2") { - $protocol = "HTTP/2 over TLS"; + if ($1 eq "h2") { + $protocol = "HTTP/2 over TLS"; } - elsif ($1 eq "h2c") { - $protocol = "HTTP/2 over TCP"; - $msg = " Unencrypted."; + elsif ($1 eq "h2c") { + $protocol = "HTTP/2 over TCP"; + $msg = " Unencrypted."; } elsif ($1 eq "h3") { $protocol = "HTTP/3"; $msg = " Nikto cannot test HTTP/3 over QUIC."; } - else { - $protocol = $1; + else { + $protocol = $1; } add_vulnerability( diff --git a/program/plugins/nikto_put_del_test.plugin b/program/plugins/nikto_put_del_test.plugin index 477f2470..5f9ea1f7 100644 --- a/program/plugins/nikto_put_del_test.plugin +++ b/program/plugins/nikto_put_del_test.plugin @@ -46,15 +46,15 @@ sub nikto_put_del_test { nfetch($mark, $uri, "GET", "", "", "", "put_del_test: GET"); if ($content =~ /This was a Nikto test/) { add_vulnerability( - $mark, - "$uri: HTTP method 'PUT' allows clients to save files on the web server.", - 999995, - "https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled", - "PUT", - $uri, - $request, - $response - ); + $mark, + "$uri: HTTP method 'PUT' allows clients to save files on the web server.", + 999995, + "https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled", + "PUT", + $uri, + $request, + $response + ); # we were able to put it there--can we delete it? ($res, $content, $error, $request, $response) = @@ -65,11 +65,15 @@ sub nikto_put_del_test { if ($content !~ /This was a Nikto test/) # gone now { add_vulnerability( - $mark, - "$uri: HTTP method 'DELETE' allows clients to delete files on the web server.", - 999994, "https://cwe.mitre.org/data/definitions/650.html", - "DELETE", $uri, $request, $response - ); + $mark, + "$uri: HTTP method 'DELETE' allows clients to delete files on the web server.", + 999994, + "https://cwe.mitre.org/data/definitions/650.html", + "DELETE", + $uri, + $request, + $response + ); } } }