search

BrentonEarl / es1-slackware-stuff

My Slackbuilds.org respository for Slackware 14.1. No longer updated.
http://slackbuilds.org/
MIT License
1 stars 0 forks source link

Updating nikto 2.1.5 -> 2.1.6 #4

Open BrentonEarl opened 8 years ago

BrentonEarl commented 8 years ago
Summary

This issue is to keep track of the status of the build so that as soon as possible can update the SlackBuild from 2.1.5 to 2.1.6

Output 1

Building nikto for version 2.1.6 as listed in commit b3ee4121509bf98ceaa8c5dcd0b57eb225f3a546 works as expected. There is however a bug in 2.1.6 that was marked as closed here for 2.1.5:

Output 2 & 3

Tracked by these bugs:

BrentonEarl commented 8 years ago

Output 1

notice the last line

root@nikto-dev:~# nikto.pl
- Nikto v2.1.6
---------------------------------------------------------------------------
+ ERROR: No host specified

       -config+            Use this config file
       -Display+           Turn on/off display outputs
       -dbcheck            check database and other key files for syntax errors
       -Format+            save file (-o) format
       -Help               Extended help information
       -host+              target host
       -id+                Host authentication to use, format is id:pass or id:pass:realm
       -list-plugins       List all available plugins
       -output+            Write output to this file
       -nossl              Disables using SSL
       -no404              Disables 404 checks
       -Plugins+           List of plugins to run (default: ALL)
       -port+              Port to use (default 80)
       -root+              Prepend root value to all requests, format is /directory 
       -ssl                Force ssl mode on port
       -Tuning+            Scan tuning
       -timeout+           Timeout for requests (default 10 seconds)
       -update             Update databases and plugins from CIRT.net
       -Version            Print plugin and database versions
       -vhost+             Virtual host (for Host header)
        + requires a value

    Note: This is the short help output. Use -H for full help text.

Undefined subroutine &LW2::init_ssl_engine called at /usr/lib64/nikto/plugins/nikto_core.plugin line 2575, <IN> line 6971.
BrentonEarl commented 8 years ago
Output 2
root@nikto-dev:~# nikto.pl -update
+ ERROR (302): Unable to get cirt.net/nikto/UPDATES/2.1.6/versions.txt
Output 3

notice last lines where update fails

root@nikto-dev:/etc/ssl# nikto.pl -host 127.0.0.1 -port 443 -ssl
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    127.0.0.1
+ Target Port:        443
---------------------------------------------------------------------------
+ SSL Info:        Subject:  /C=US/ST=Utah/O=Exit Status One/CN=exitstatusone.com/emailAddress=a@a.com
                   Ciphers:  ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:   /C=US/ST=Utah/L=Toeele/O=Exit Status One/CN=exitstatusone.com/emailAddress=a@a.com
+ Start Time:         2015-11-09 15:15:34 (GMT-7)
---------------------------------------------------------------------------
+ Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1p
+ Server leaks inodes via ETags, header found with file /, fields: 0x2d 0x432a5e4a73a80 
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Hostname '127.0.0.1' does not match certificate's names: exitstatusone.com
+ Allowed HTTP Methods: OPTIONS, GET, HEAD, POST, TRACE 
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3092: /manual/: Web server manual found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ 7516 requests: 0 error(s) and 11 item(s) reported on remote host
+ End Time:           2015-11-09 15:15:58 (GMT-7) (24 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

      *********************************************************************
      Portions of the server's headers (OpenSSL/1.0.1p Apache/2.4.16) are not in
      the Nikto database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y

+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR 302: Update failed, please notify sullo@cirt.net of this code.