outdated PHP version displayed but not criticised

sullo / nikto

Nikto web server scanner

Other

8.36k stars 1.21k forks source link

outdated PHP version displayed but not criticised #252

Closed drwetter closed 9 years ago

drwetter commented 9 years ago

Haven't looked into the code but it seems other than e.g. for OpenSSL or Apache the function is missing which checks for the recent version, see also:

  *********************************************************************
  Portions of the server's headers (PHP/5.6.2) are not in
  the Nikto database or are newer than the known string. Would you like
  to submit this information (*no server specific data*) to CIRT.net
  for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n

ghost commented 9 years ago

Hi,

are you running the current version of nikto from git HEAD/master here or an older version 2.1.5? The current HEAD/master should already contain the updated version:

https://github.com/sullo/nikto/blob/master/program/databases/db_outdated#L642

drwetter commented 9 years ago

I am on branch master. git log | head -1 reports

commit 2d5c954b4ffb371106647fc8a13211739010f3f4
Author: tautology0

Date: Fri May 29 12:56:33 2015 +0100

Nikto v2.1.6

drwetter commented 9 years ago

Ok, I confess ;-) It's a newer PHP version than 5.6.2, but not the latest one (5.6.9)

ghost commented 9 years ago

Ah, i see. Just created a PR to fix this.