Open BrentonEarl opened 8 years ago
notice the last line
root@nikto-dev:~# nikto.pl
- Nikto v2.1.6
---------------------------------------------------------------------------
+ ERROR: No host specified
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests, format is /directory
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
+ requires a value
Note: This is the short help output. Use -H for full help text.
Undefined subroutine &LW2::init_ssl_engine called at /usr/lib64/nikto/plugins/nikto_core.plugin line 2575, <IN> line 6971.
root@nikto-dev:~# nikto.pl -update
+ ERROR (302): Unable to get cirt.net/nikto/UPDATES/2.1.6/versions.txt
notice last lines where update fails
root@nikto-dev:/etc/ssl# nikto.pl -host 127.0.0.1 -port 443 -ssl
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 127.0.0.1
+ Target Hostname: 127.0.0.1
+ Target Port: 443
---------------------------------------------------------------------------
+ SSL Info: Subject: /C=US/ST=Utah/O=Exit Status One/CN=exitstatusone.com/emailAddress=a@a.com
Ciphers: ECDHE-RSA-AES256-GCM-SHA384
Issuer: /C=US/ST=Utah/L=Toeele/O=Exit Status One/CN=exitstatusone.com/emailAddress=a@a.com
+ Start Time: 2015-11-09 15:15:34 (GMT-7)
---------------------------------------------------------------------------
+ Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1p
+ Server leaks inodes via ETags, header found with file /, fields: 0x2d 0x432a5e4a73a80
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Hostname '127.0.0.1' does not match certificate's names: exitstatusone.com
+ Allowed HTTP Methods: OPTIONS, GET, HEAD, POST, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3092: /manual/: Web server manual found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ 7516 requests: 0 error(s) and 11 item(s) reported on remote host
+ End Time: 2015-11-09 15:15:58 (GMT-7) (24 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's headers (OpenSSL/1.0.1p Apache/2.4.16) are not in
the Nikto database or are newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)? y
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR 302: Update failed, please notify sullo@cirt.net of this code.
Summary
This issue is to keep track of the status of the build so that as soon as possible can update the SlackBuild from 2.1.5 to 2.1.6
Output 1
Building nikto for version 2.1.6 as listed in commit b3ee4121509bf98ceaa8c5dcd0b57eb225f3a546 works as expected. There is however a bug in 2.1.6 that was marked as closed here for 2.1.5:
Output 2 & 3
Tracked by these bugs: