search

sullo / nikto

Nikto web server scanner
Other
8.3k stars 1.2k forks source link

Nikto cant find webserver #472

Closed IdanHo closed 3 years ago

IdanHo commented 7 years ago

The browser can access it just fine, but when nikto tries it says "No web server found on 10100110110100001100001011000100110000101101011.com:80" i also did -D v for info: `D:\Downloads\nikto-master\program>perl nikto.pl -host http://10100110110100001100001011000100110000101101011.com -D v

sullo commented 7 years ago

This may be related to #250 ?

Can you attach/include the output of a curl request (the headers at least) to the target web server?

tautology0 commented 7 years ago

I've just tried it with trunk and it responded as expected.

Could you try doing a -D d on it? Also, does it resolve when you try it by hand (using dig or nslookup depending on platform)?

IdanHo commented 7 years ago

@tautology0 `D:\Downloads\nikto-master\program>perl nikto.pl -host http://10100110110100001100001011000100110000101101011.com -D d D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_parked_strings D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_404_strings D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_outdated D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_variables D:Wed May 3 15:27:01 2017 - Loading DB: ./databases/db_tests

tautology0 commented 7 years ago

That's weird - it's saying that the socket that it's binding locally (i.e. on the host you're scanning from) is already bound. As libwhisker uses a random high port, that shouldn't really happen.

What OS are you running? Is the webserver on the host you're scanning from?

IdanHo commented 7 years ago

@tautology0 no its a remote server, i tried both linux abd windows

tautology0 commented 7 years ago

Curiouser and Curiouser, I see you're using Nikto 2.1.6, so its from the git repo. Just to rule it out, could you do a "git pull" to make sure its up-to-date.

IdanHo commented 7 years ago

@tautology0 "fatal: Not a git repository (or any of the parent directories): .git"

Themercee commented 7 years ago

I have the same problem as @DrPiggy . On Windows 10, it doesn't work. But If I use my Ubuntu Bash on Windows (not in virtualbox or vmware, the one builtin), nikto works like a charm.

tautology0 commented 7 years ago

This is all very weird - I use Nikto on Windows 10 with no problems, not even as an administrator. It looks like it can't allocate a socket from the OS.

All I can think of is that its a problem with the version of perl in use. On Windows 10, I'm using perl 5.22, which was builtin with the git client.

Themercee commented 7 years ago

You are right. I just used the perl include with git and it runs without a problem. I was using Strawberry Perl (http://strawberryperl.com/)

ladislavsulc commented 6 years ago

Same here - for anyone using WIN10 and Strawberryperl because of Ack for example, change the order of the binaries on system PATH so it uses Perl from GIT. Check where perl to see which one is first (default).

Now it works for me. Thank you @Themercee.

xkill commented 5 years ago

Same problem and solution:

https://github.com/sullo/nikto/issues/250#issuecomment-475600168

datadiode commented 5 years ago

Same problem and solution:

#250 (comment)

Not really. This issue is about http, not https.

richardleach commented 4 years ago

I fell into this rabbit hole. This looks like a minimised test case (set IP accordingly, obvs):

use Socket;

socket(my $socket, PF_INET, SOCK_STREAM, 0 ) or die "socket: $!";

my $fl = 1;
# 0x8004667e = FIONBIO in Winsock2.h
ioctl( $socket, 0x8004667e, \$fl ) or die "unable to set socket\n";

connect( $socket, sockaddr_in( 80, inet_aton( "192.168.1.129" ) ) ) or die "connect: $!";

Using Strawberry: connect: A non-blocking socket operation could not be completed immediately. at CONNECT_TESTING.pl line 12.

Using git perl: connect: Operation now in progress at CONNECT_TESTING.pl line 12.

Note that the Strawberry error is not a fatal error. But in LW2's _stream_socket_open(), it looks like the test for "$! != EWOULDBLOCK" is failing. $! contains the numeric value 140 but LW2 is checking for 10035.

Not sure why the difference, will try to find time between Christmas and New Year to look again.

richardleach commented 4 years ago

Both the above perls seem to work if in LW2, the Module Initialization didn't special-case defining the Windows error numbers. So going to this:

eval "use POSIX qw(:errno_h :fcntl_h)";
if ($@) { $LW_NONBLOCK_CONNECT = 0; }

Instead of this:

    if ( $^O !~ /Win32/ ) {
        eval "use POSIX qw(:errno_h :fcntl_h)";
        if ($@) { $LW_NONBLOCK_CONNECT = 0; }
    }
    else {

        # taken from Winsock2.h
        *EINPROGRESS = sub { 10036 };
        *EWOULDBLOCK = sub { 10035 };
    }

But I dunno how portable that is. Plus, there must have been a good reason to define the Windows error codes in the first place?

https://github.com/pika/pika/issues/797 seems relevant, in that EWOULDBLOCK and WSAEWOULDBLOCK could be different numbers (140 and 10035 respectively) on at least some Windows builds.

richardleach commented 4 years ago

From xenu on P5P IRC:

[11:37:17 AM] <xenu> hydahy: EWOULDBLOCK == WSAEWOULDBLOCK on perls built with compilers that don't define EWOULDBLOCK
[11:37:41 AM] <xenu> so probably visual c++ 2008 and older
[11:38:20 AM] <xenu> activeperl 5.16 and older were built with msvc (they switched to mingw in 5.18)
[11:38:31 AM] <xenu> so that probably was the case in those builds

@sullo / @tautology0 , do you recall whether use POSIX qw(:errno_h :fcntl_h) would actively fail on Windows back in the day? I'm wondering whether this might work:

eval "use POSIX qw(:errno_h :fcntl_h)";
if ($@) {
    if ( $^O !~ /Win32/ ) {
        $LW_NONBLOCK_CONNECT = 0;
    } else {
        # taken from Winsock2.h
        *EINPROGRESS = sub { 10036 };
        *EWOULDBLOCK = sub { 10035 };
    }
}
sullo commented 3 years ago

Since there's been no activity on this and not seeing lots of problems with this, I'm closing this issue.