traefik parser skipping Nikto logs

[cuthulino]

Hello,

I am just trying to block myself for notification testing. While doing this, i found some strange behavior of the traefik parser.
(removed whitelist before)

When I start Nikto, it fires over 5000 requests, in Nikto it tells me status "404" for the most requests.
That's ok, because they mostly does not exist.

But in traefik it generates log entries like this:

10.10.1.1 - - [28/Sep/2022:13:38:04 +0000] "GET /mobileadmin/home.cs HTTP/1.1" - - "-" "Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:006607)" 45640 "-" "-" 0ms

The statuscode is - and the content size is -.
If I understand the parser right, the pattern %{NUMBER:status} %{NUMBER:body_bytes_sent} is restricting these two values to be numbers only. - is not a number.

The cscli explain command returns a red flag on the traefik parser for all those lines.
When i add a code (404) and a size (0) the parser gets a green tag.

I Think because of that i do not get a ban with Nikto.

[buixor]

oh thanks for the report. we'll have a look asap :)

[AlteredCoder]

Hello,

This issue has been fixed, can you upgrade the parser and retry the scan please?

[cuthulino]

I updated the parser form 0.4 to 0.5 and tested it with the same logs.
It is working now.

Thanks for the quick fix!