Closed IdanHo closed 3 years ago
This may be related to #250 ?
Can you attach/include the output of a curl request (the headers at least) to the target web server?
I've just tried it with trunk and it responded as expected.
Could you try doing a -D d on it? Also, does it resolve when you try it by hand (using dig or nslookup depending on platform)?
@tautology0 `D:\Downloads\nikto-master\program>perl nikto.pl -host http://10100110110100001100001011000100110000101101011.com -D d D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_parked_strings D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_404_strings D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_outdated D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_variables D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_tests
D:Wed May 3 15:27:01 2017 WARNING: No init found for nikto_core D:Wed May 3 15:27:01 2017 'Request Hash' = { 'Connection' => 'Keep-Alive', 'Host' => '10100110110100001100001011000100110000101101011.com', 'whisker' => { 'require_newline_after_headers' => 0, 'protocol' => 'HTTP', 'lowercase_incoming_headers' => 1, 'http_space1' => ' ', 'force_open' => 0, 'invalid_protocol_return_value' => 1, 'ssl_save_info' => 1, 'ssl' => 0, 'normalize_incoming_headers' => 1, 'http_eol' => "\r\n", 'include_host_in_uri' => 0, 'version' => '1.1', 'ssl_certfile' => undef, 'uri_param_sep' => '?', 'force_bodysnatch' => 0, 'uri' => '/', 'ssl_rsacertfile' => undef, 'keep-alive' => 1, 'ignore_duplicate_headers' => 0, 'port' => 80, 'host' => '10100110110100001100001011000100110000101101011.com', 'uri_postfix' => '', 'MAGIC' => 31339, 'trailing_slurp' => 0, 'uri_prefix' => '', 'http_space2' => ' ', 'retry' => 0, 'max_size' => 0, 'force_close' => 0, 'method' => 'HEAD', 'timeout' => 10 }, 'User-Agent' => 'Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)' }; D:Wed May 3 15:27:01 2017 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (connect error): A non-blocking socket operation could not be completed immediately.', 'MAGIC' => 31340, 'uri' => '/' } }; D:Wed May 3 15:27:05 2017 'Request Hash' = { 'whisker' => { 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'protocol' => 'HTTP', 'http_space1' => ' ', 'force_open' => 0, 'invalid_protocol_return_value' => 1, 'ssl_save_info' => 1, 'ssl' => 1, 'normalize_incoming_headers' => 1, 'http_eol' => "\r\n", 'include_host_in_uri' => 0, 'version' => '1.1', 'ssl_certfile' => undef, 'uri_param_sep' => '?', 'force_bodysnatch' => 0, 'ssl_rsacertfile' => undef, 'ignore_duplicate_headers' => 0, 'keep-alive' => 1, 'uri' => '/', 'port' => 80, 'uri_postfix' => '', 'host' => '10100110110100001100001011000100110000101101011.com', 'MAGIC' => 31339, 'trailing_slurp' => 0, 'uri_prefix' => '', 'http_space2' => ' ', 'retry' => 0, 'max_size' => 0, 'force_close' => 0, 'timeout' => 10, 'method' => 'HEAD' }, 'User-Agent' => 'Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)', 'Connection' => 'Keep-Alive', 'Host' => '10100110110100001100001011000100110000101101011.com' }; D:Wed May 3 15:27:05 2017 'Result Hash' = { 'whisker' => { 'MAGIC' => 31340, 'uri' => '/', 'error' => "opening stream: can't connect: SSL negotiation failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number at ./plugins/LW2.pm line 5157.\n at ./plugins/LW2.pm line 5157.\n; A connect request was made on an already connected socket. at ./plugins/LW2.pm line 5157.\n; Bad file descriptor at ./plugins/LW2.pm line 5157.\n; Bad file descriptor at ./plugins/LW2.pm line 5157.\n: Bad file descriptor" } }; D:Wed May 3 15:27:05 2017 'Request Hash' = { 'User-Agent' => 'Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)', 'whisker' => { 'force_open' => 0, 'invalid_protocol_return_value' => 1, 'ssl_save_info' => 1, 'lowercase_incoming_headers' => 1, 'require_newline_after_headers' => 0, 'protocol' => 'HTTP', 'http_space1' => ' ', 'include_host_in_uri' => 0, 'ssl_certfile' => undef, 'version' => '1.1', 'ssl' => 0, 'normalize_incoming_headers' => 1, 'http_eol' => "\r\n", 'force_bodysnatch' => 0, 'uri_param_sep' => '?', 'ignore_duplicate_headers' => 0, 'ssl_rsacertfile' => undef, 'keep-alive' => 1, 'uri' => '/', 'port' => 80, 'max_size' => 0, 'retry' => 0, 'timeout' => 10, 'force_close' => 0, 'method' => 'GET', 'uri_postfix' => '', 'host' => '10100110110100001100001011000100110000101101011.com', 'uri_prefix' => '', 'MAGIC' => 31339, 'trailing_slurp' => 0, 'http_space2' => ' ' }, 'Host' => '10100110110100001100001011000100110000101101011.com', 'Connection' => 'Keep-Alive' }; D:Wed May 3 15:27:05 2017 'Result Hash' = { 'whisker' => { 'uri' => '/', 'MAGIC' => 31340, 'error' => 'opening stream: can\'t connect (connect error): A non-blocking socket operation could not be completed immediately.' } }; D:Wed May 3 15:27:08 2017 'Request Hash' = { 'Host' => '10100110110100001100001011000100110000101101011.com', 'Connection' => 'Keep-Alive', 'whisker' => { 'timeout' => 10, 'force_close' => 0, 'method' => 'GET', 'retry' => 0, 'max_size' => 0, 'http_space2' => ' ', 'uri_prefix' => '', 'MAGIC' => 31339, 'trailing_slurp' => 0, 'uri_postfix' => '', 'host' => '10100110110100001100001011000100110000101101011.com', 'port' => 80, 'ignore_duplicate_headers' => 0, 'ssl_rsacertfile' => undef, 'keep-alive' => 1, 'uri' => '/', 'uri_param_sep' => '?', 'force_bodysnatch' => 0, 'version' => '1.1', 'ssl_certfile' => undef, 'include_host_in_uri' => 0, 'http_eol' => "\r\n", 'ssl' => 1, 'normalize_incoming_headers' => 1, 'ssl_save_info' => 1, 'invalid_protocol_return_value' => 1, 'force_open' => 0, 'http_space1' => ' ', 'lowercase_incoming_headers' => 1, 'require_newline_after_headers' => 0, 'protocol' => 'HTTP' }, 'User-Agent' => 'Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)' }; D:Wed May 3 15:27:08 2017 'Result Hash' = { 'whisker' => { 'MAGIC' => 31340, 'uri' => '/', 'error' => "opening stream: can't connect: SSL negotiation failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number at ./plugins/LW2.pm line 5157.\n at ./plugins/LW2.pm line 5157.\n; A connect request was made on an already connected socket. at ./plugins/LW2.pm line 5157.\n; Bad file descriptor at ./plugins/LW2.pm line 5157.\n; Bad file descriptor at ./plugins/LW2.pm line 5157.\n: Bad file descriptor" } };
That's weird - it's saying that the socket that it's binding locally (i.e. on the host you're scanning from) is already bound. As libwhisker uses a random high port, that shouldn't really happen.
What OS are you running? Is the webserver on the host you're scanning from?
@tautology0 no its a remote server, i tried both linux abd windows
Curiouser and Curiouser, I see you're using Nikto 2.1.6, so its from the git repo. Just to rule it out, could you do a "git pull" to make sure its up-to-date.
@tautology0 "fatal: Not a git repository (or any of the parent directories): .git"
I have the same problem as @DrPiggy . On Windows 10, it doesn't work. But If I use my Ubuntu Bash on Windows (not in virtualbox or vmware, the one builtin), nikto works like a charm.
This is all very weird - I use Nikto on Windows 10 with no problems, not even as an administrator. It looks like it can't allocate a socket from the OS.
All I can think of is that its a problem with the version of perl in use. On Windows 10, I'm using perl 5.22, which was builtin with the git client.
You are right. I just used the perl include with git and it runs without a problem. I was using Strawberry Perl (http://strawberryperl.com/)
Same here - for anyone using WIN10 and Strawberryperl because of Ack for example, change the order of the binaries on system PATH so it uses Perl from GIT. Check where perl
to see which one is first (default).
Now it works for me. Thank you @Themercee.
Same problem and solution:
https://github.com/sullo/nikto/issues/250#issuecomment-475600168
Same problem and solution:
Not really. This issue is about http, not https.
I fell into this rabbit hole. This looks like a minimised test case (set IP accordingly, obvs):
use Socket;
socket(my $socket, PF_INET, SOCK_STREAM, 0 ) or die "socket: $!";
my $fl = 1;
# 0x8004667e = FIONBIO in Winsock2.h
ioctl( $socket, 0x8004667e, \$fl ) or die "unable to set socket\n";
connect( $socket, sockaddr_in( 80, inet_aton( "192.168.1.129" ) ) ) or die "connect: $!";
Using Strawberry:
connect: A non-blocking socket operation could not be completed immediately. at CONNECT_TESTING.pl line 12.
Using git perl:
connect: Operation now in progress at CONNECT_TESTING.pl line 12.
Note that the Strawberry error is not a fatal error. But in LW2's _stream_socket_open(), it looks like the test for "$! != EWOULDBLOCK" is failing. $! contains the numeric value 140 but LW2 is checking for 10035.
Not sure why the difference, will try to find time between Christmas and New Year to look again.
Both the above perls seem to work if in LW2, the Module Initialization didn't special-case defining the Windows error numbers. So going to this:
eval "use POSIX qw(:errno_h :fcntl_h)";
if ($@) { $LW_NONBLOCK_CONNECT = 0; }
Instead of this:
if ( $^O !~ /Win32/ ) {
eval "use POSIX qw(:errno_h :fcntl_h)";
if ($@) { $LW_NONBLOCK_CONNECT = 0; }
}
else {
# taken from Winsock2.h
*EINPROGRESS = sub { 10036 };
*EWOULDBLOCK = sub { 10035 };
}
But I dunno how portable that is. Plus, there must have been a good reason to define the Windows error codes in the first place?
https://github.com/pika/pika/issues/797 seems relevant, in that EWOULDBLOCK and WSAEWOULDBLOCK could be different numbers (140 and 10035 respectively) on at least some Windows builds.
From xenu on P5P IRC:
[11:37:17 AM] <xenu> hydahy: EWOULDBLOCK == WSAEWOULDBLOCK on perls built with compilers that don't define EWOULDBLOCK
[11:37:41 AM] <xenu> so probably visual c++ 2008 and older
[11:38:20 AM] <xenu> activeperl 5.16 and older were built with msvc (they switched to mingw in 5.18)
[11:38:31 AM] <xenu> so that probably was the case in those builds
@sullo / @tautology0 , do you recall whether use POSIX qw(:errno_h :fcntl_h)
would actively fail on Windows back in the day?
I'm wondering whether this might work:
eval "use POSIX qw(:errno_h :fcntl_h)";
if ($@) {
if ( $^O !~ /Win32/ ) {
$LW_NONBLOCK_CONNECT = 0;
} else {
# taken from Winsock2.h
*EINPROGRESS = sub { 10036 };
*EWOULDBLOCK = sub { 10035 };
}
}
Since there's been no activity on this and not seeing lots of problems with this, I'm closing this issue.
The browser can access it just fine, but when nikto tries it says "No web server found on 10100110110100001100001011000100110000101101011.com:80" i also did -D v for info: `D:\Downloads\nikto-master\program>perl nikto.pl -host http://10100110110100001100001011000100110000101101011.com -D v
Nikto v2.1.6
V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_apacheusers V:Sun Apr 30 16:57:27 2017 - Loaded "Apache Users" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_apache_expect_xss V:Sun Apr 30 16:57:27 2017 - Loaded "Apache Expect XSS" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_auth V:Sun Apr 30 16:57:27 2017 - Loaded "Guess authentication" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_cgi V:Sun Apr 30 16:57:27 2017 - Loaded "CGI" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_clientaccesspolicy V:Sun Apr 30 16:57:27 2017 - Loaded "clientaccesspolicy.xml" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_content_search V:Sun Apr 30 16:57:27 2017 - Loaded "Content Search" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_cookies V:Sun Apr 30 16:57:27 2017 - Loaded "HTTP Cookie Internal IP" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_core V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_dictionary_attack V:Sun Apr 30 16:57:27 2017 - Loaded "Dictionary attack" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_dir_traversal V:Sun Apr 30 16:57:27 2017 - Loaded "Directory Traversal" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_dishwasher V:Sun Apr 30 16:57:27 2017 - Loaded "dishwasher" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_domino V:Sun Apr 30 16:57:27 2017 - Loaded "IBM/Lotus Domino Specific Tests" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_drupal V:Sun Apr 30 16:57:27 2017 - Loaded "Drupal Specific Tests" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_embedded V:Sun Apr 30 16:57:27 2017 - Loaded "Embedded Detection" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_favicon V:Sun Apr 30 16:57:27 2017 - Loaded "Favicon" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_fileops V:Sun Apr 30 16:57:27 2017 - Loaded "File Operations" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_headers V:Sun Apr 30 16:57:27 2017 - Loaded "HTTP Headers" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_httpoptions V:Sun Apr 30 16:57:27 2017 - Loaded "HTTP Options" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_ms10_070 V:Sun Apr 30 16:57:27 2017 - Loaded "ms10-070 Check" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_msgs V:Sun Apr 30 16:57:27 2017 - Loaded "Server Messages" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_multiple_index V:Sun Apr 30 16:57:27 2017 - Loaded "Multiple Index" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_negotiate V:Sun Apr 30 16:57:27 2017 - Loaded "Negotiate" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_outdated V:Sun Apr 30 16:57:27 2017 - Loaded "Outdated" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_parked V:Sun Apr 30 16:57:27 2017 - Loaded "Parked Detection" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_paths V:Sun Apr 30 16:57:27 2017 - Loaded "Path Search" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_put_del_test V:Sun Apr 30 16:57:27 2017 - Loaded "Put/Delete test" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_csv V:Sun Apr 30 16:57:27 2017 - Loaded "CSV reports" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_html V:Sun Apr 30 16:57:27 2017 - Loaded "Report as HTML" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_json V:Sun Apr 30 16:57:27 2017 - Loaded "JSON reports" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_nbe V:Sun Apr 30 16:57:27 2017 - Loaded "NBE reports" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_sqlg V:Sun Apr 30 16:57:27 2017 - Loaded "Generic SQL reports" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_text V:Sun Apr 30 16:57:27 2017 - Loaded "Text reports" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_report_xml V:Sun Apr 30 16:57:27 2017 - Loaded "Report as XML" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_robots V:Sun Apr 30 16:57:27 2017 - Loaded "Robots" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_shellshock V:Sun Apr 30 16:57:27 2017 - Loaded "shellshock" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_siebel V:Sun Apr 30 16:57:27 2017 - Loaded "Siebel Checks" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_sitefiles V:Sun Apr 30 16:57:27 2017 - Loaded "Site Files" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_ssl V:Sun Apr 30 16:57:27 2017 - Loaded "SSL and cert checks" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_strutshock V:Sun Apr 30 16:57:27 2017 - Loaded "strutshock" plugin. V:Sun Apr 30 16:57:27 2017 - Initialising plugin nikto_tests V:Sun Apr 30 16:57:27 2017 - Loaded "Nikto Tests" plugin. V:Sun Apr 30 16:57:27 2017 - Getting targets V:Sun Apr 30 16:57:27 2017 - Opening reports (none, ) V:Sun Apr 30 16:57:27 2017 - Checking for HTTP on port 10100110110100001100001011000100110000101101011.com:80, using HEAD V:Sun Apr 30 16:57:27 2017 - for HEAD: V:Sun Apr 30 16:57:27 2017 - Checking for HTTPS on port 10100110110100001100001011000100110000101101011.com:80, using HEAD V:Sun Apr 30 16:57:31 2017 - for HEAD: V:Sun Apr 30 16:57:31 2017 - Checking for HTTP on port 10100110110100001100001011000100110000101101011.com:80, using GET V:Sun Apr 30 16:57:31 2017 - for GET: V:Sun Apr 30 16:57:31 2017 - Checking for HTTPS on port 10100110110100001100001011000100110000101101011.com:80, using GET V:Sun Apr 30 16:57:33 2017 - for GET:
No web server found on 10100110110100001100001011000100110000101101011.com:80
V:Sun Apr 30 16:57:33 2017 - 6814 server checks loaded V:Sun Apr 30 16:57:33 2017 - Running start for "Directory Traversal" plugin V:Sun Apr 30 16:57:33 2017 - Running start for "IBM/Lotus Domino Specific Tests" plugin V:Sun Apr 30 16:57:34 2017 - Running start for "Drupal Specific Tests" plugin V:Sun Apr 30 16:57:34 2017 - Running start for "Favicon" plugin V:Sun Apr 30 16:57:34 2017 - Running start for "HTTP Headers" plugin V:Sun Apr 30 16:57:34 2017 - Running start for "Guess authentication" plugin V:Sun Apr 30 16:57:34 2017 - Running start for "Content Search" plugin