search

dradis / dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams
https://dradis.com/ce/
GNU General Public License v2.0
672 stars 190 forks source link

Nikto Plugin Names Hosts Incorrectly #134

Closed b1tst0rm closed 6 years ago

b1tst0rm commented 7 years ago

Steps to reproduce

Create a host node (OR import data from another scanner such as nmap) under the plugin.output node. Then, import scan data from Nikto (with same IP address).

Expected behavior

When importing Nikto scanner output into Dradis, the host node should be named as the IP and only the IP so that identical nodes are properly merged in the plugin.output node.

Actual behavior

The Nikto output host nodes are named as http://ip:port/ instead of simply IP, preventing proper merging.

System configuration

Dradis version: 2.6.0

roelstorms commented 7 years ago

Do you suggest the following?

In this file:

https://github.com/dradis/dradis-nikto/blob/master/lib/dradis/plugins/nikto/importer.rb

Extract the IP from siteip and never use the domain name.

Should there be a config when importing that lets the user chose to use the IP, domain, scheme+IP+PORT, etc?