Nikto - No webserver found on x.x.x.x - using vhost and https

[Towky]

As mentioned in https://github.com/sullo/nikto/issues/250#issuecomment-453040897 i got the Message "No web server found on x.x.x.x"

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de
- Nikto v2.1.6
---------------------------------------------------------------------------
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
+ 0 host(s) tested

Webserver configuration: Microsoft Internet Information Service 8.5 1 binding: https on vhost "host.domain.de" port 443 on any ip-adress on the server (here: 10.0.0.90) the certificate is issued by an internal pki (root certificate not trusted by the kali-linux mashine)

Verbose Output:

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de -D v
- Nikto v2.1.6
---------------------------------------------------------------------------
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_multiple_index
V:Fri Jan 11 04:23:31 2019 - Loaded "Multiple Index" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_shellshock
V:Fri Jan 11 04:23:31 2019 - Loaded "shellshock" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_core
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_siebel
V:Fri Jan 11 04:23:31 2019 - Loaded "Siebel Checks" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_fileops
V:Fri Jan 11 04:23:31 2019 - Loaded "File Operations" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_subdomain
V:Fri Jan 11 04:23:31 2019 - Loaded "Sub-domain forcer" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_tests
V:Fri Jan 11 04:23:31 2019 - Loaded "Nikto Tests" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_apacheusers
V:Fri Jan 11 04:23:31 2019 - Loaded "Apache Users" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_httpoptions
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Options" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_robots
V:Fri Jan 11 04:23:31 2019 - Loaded "Robots" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_msgs
V:Fri Jan 11 04:23:31 2019 - Loaded "Server Messages" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_content_search
V:Fri Jan 11 04:23:31 2019 - Loaded "Content Search" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_text
V:Fri Jan 11 04:23:31 2019 - Loaded "Text reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_csv
V:Fri Jan 11 04:23:31 2019 - Loaded "CSV reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_xml
V:Fri Jan 11 04:23:31 2019 - Loaded "Report as XML" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_paths
V:Fri Jan 11 04:23:31 2019 - Loaded "Path Search" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_embedded
V:Fri Jan 11 04:23:31 2019 - Loaded "Embedded Detection" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_cgi
V:Fri Jan 11 04:23:31 2019 - Loaded "CGI" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_cookies
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Cookie Internal IP" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_sitefiles
V:Fri Jan 11 04:23:31 2019 - Loaded "Site Files" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_ms10_070
V:Fri Jan 11 04:23:31 2019 - Loaded "ms10-070 Check" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_sqlg
V:Fri Jan 11 04:23:31 2019 - Loaded "Generic SQL reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_headers
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Headers" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_parked
V:Fri Jan 11 04:23:31 2019 - Loaded "Parked Detection" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_negotiate
V:Fri Jan 11 04:23:31 2019 - Loaded "Negotiate" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_dictionary_attack
V:Fri Jan 11 04:23:31 2019 - Loaded "Dictionary attack" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_auth
V:Fri Jan 11 04:23:31 2019 - Loaded "Guess authentication" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_put_del_test
V:Fri Jan 11 04:23:31 2019 - Loaded "Put/Delete test" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_clientaccesspolicy
V:Fri Jan 11 04:23:31 2019 - Loaded "clientaccesspolicy.xml" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_ssl
V:Fri Jan 11 04:23:31 2019 - Loaded "SSL and cert checks" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_apache_expect_xss
V:Fri Jan 11 04:23:31 2019 - Loaded "Apache Expect XSS" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_drupal
V:Fri Jan 11 04:23:31 2019 - Loaded "Drupal Specific Tests" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_html
V:Fri Jan 11 04:23:31 2019 - Loaded "Report as HTML" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_outdated
V:Fri Jan 11 04:23:31 2019 - Loaded "Outdated" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_nbe
V:Fri Jan 11 04:23:31 2019 - Loaded "NBE reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_favicon
V:Fri Jan 11 04:23:31 2019 - Loaded "Favicon" plugin.
V:Fri Jan 11 04:23:31 2019 - Getting targets
V:Fri Jan 11 04:23:31 2019 - Added -root value of '/9999' from URI
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD: 
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD: 
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:  
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:  
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
V:Fri Jan 11 04:23:31 2019 - Opening reports (none, )
V:Fri Jan 11 04:23:31 2019 - 6934 server checks loaded
V:Fri Jan 11 04:23:31 2019 - Running start for "Embedded Detection" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "HTTP Headers" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Drupal Specific Tests" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Favicon" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Content Search" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Guess authentication" plugin
+ 0 host(s) tested
V:Fri Jan 11 04:23:31 2019 + 8 requests made in 0 seconds

My first idea was, that the server isn't responding to the IP-Adress, because there is no explicit binding on the ip, just on the vhost.

But checking with curl, the server is responding with "HTTP 404".

Maybe it has something todo with https and the untrusted certificate?

Testing the connection with curl:

root@kali:~# curl -I https://10.0.0.90/9999/ --insecure
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 11 Jan 2019 09:47:09 GMT
Connection: close

root@kali:~# curl -I https://10.0.0.90/9999/ --insecure --header 'Host: host.domain.de'
HTTP/1.1 200 OK
Content-Length: 680
Content-Type: text/html
Last-Modified: Wed, 29 Oct 2003 12:51:16 GMT
Accept-Ranges: bytes
ETag: "cea996571b9ec31:0"
Server: Microsoft-IIS/8.5
X-Frame-Options: SAMEORIGIN
Date: Fri, 11 Jan 2019 09:48:44 GMT

**IP-Adresses and DNS/vhost name changed

[tautology0]

So the problem here is that the website isn't returning a sensible HTTP(s) result:

V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD: 
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD: 
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:  
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:  

This could be for a few reasons; SNI may be required, the server may be detecting depending on User-Agent, or it could be a bug.

So the first thing I'd try is changing the user-agent, by using: nikto.pl -Option USERAGENT=Mozilla -url https://10.0.0.90/9999/

If that doesn't work, could you try and add -D D to the command line which will dump the request and response hash; this may reveal the real error message.

[ghost]

I second this. I found that Nikto had a similar error and despite changing the user agent the issue still persists.

[bigj75024]

I am having this same issue. Using Nikto 2.1.6. The tool works fine on one server, but this issue on a different server. Same versions of Nikto.

[Towky]

If i remember correctly the webapplication i was testing in my post above had no default virtualhost listening on all incoming hostnames.

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de
- Nikto v2.1.6
---------------------------------------------------------------------------
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
+ 0 host(s) tested

We also got trouble in this configuration to get our loadbalancer running, so we had to change it. So i can't test it at the moment.

@bigj75024 Are you using the "-vhost" Flag?

[Towky]

Okay, i tested the issue in my test enviroment and I can confirm the error occurs if i run nikto with the -vhost option against an https webservice running on IIS 8.5 if there is no default https listener.

If i create a default listener for https on port 443 everything works fine.

Edit: unencryptet http (port 80) works fine even without default listener. Maybe it has something todo with the different reply from the webserver if there are no default listener

root@kali:~# curl -I http://10.0.100.166/ HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 10 Oct 2019 08:24:52 GMT Connection: close

root@kali:~# curl -I https://10.0.100.166/ --insecure curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.0.100.166:443

Edit2: After a few tests it seems it could also have something todo with SNI (server name indication) if i remove the SNI option, even with no default vhost it works.

It seems the (IIS) Webserver at least has to have one https listener without SNI.

root@kali:~curl -I https://10.0.100.166/ --insecure HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 10 Oct 2019 10:06:41 GMT Connection: close

root@kali:~# curl -I http://10.0.100.166/ HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 10 Oct 2019 10:08:26 GMT Connection: close

[bigj75024]

Thank you for the reply. I was able to resolve my issue last night by modifying the minprotocol value in the config file for openssl to negotiate TLS1 instead of TLS1.2.

Thanks again!

On Thu, Oct 10, 2019, 2:59 AM Towky notifications@github.com wrote:

Okay, i tested the issue in my test enviroment and I can confirm the error occurs if i run nikto with the -vhost option against an https webservice running on IIS 8.5 if there is no default https listener.

If i create a default listener for https on port 443 everything works fine.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/585?email_source=notifications&email_token=AHBVMHLLWQRSI25SJ7TULRLQN3OHBA5CNFSM4GPMUGQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEA3JQJA#issuecomment-540448804, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHBVMHMBGA3H5FZXNRYV5YDQN3OHBANCNFSM4GPMUGQA .

[Green-m]

@bigj75024
Apprecaite your reply, save my life. For others, it may help https://stackoverflow.com/questions/53058362/openssl-v1-1-1-ssl-choose-client-version-unsupported-protocol

[bigj75024]

Glad I could help.

[sullo]

This is good info, thanks. I wonder how we can do this in the config and pass through? I'll have to do some reading.

On Thu, Dec 19, 2019 at 10:40 AM bigj75024 notifications@github.com wrote:

Glad I could help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/585?email_source=notifications&email_token=AALICRBYL7G7BMLSF5KLD33QZOIXFA5CNFSM4GPMUGQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHKAA3Q#issuecomment-567541870, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALICRDYBMQPR3RJAIJCWFLQZOIXFANCNFSM4GPMUGQA .

--

http://cirt.net | http://richsec.com/

[badcat1215]

vhost have to before host try

root@kali:~# nikto -vhost host.domain.de -host https://10.0.0.90/9999/

[SectionB]

I'm a windows user and when I run with administrator it worked fine,

[ivym1ke]

I was getting the No web server found on 10.11.1.237:443 message as well, however curl also did not work.

curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

I resolved this by editing the following in /etc/ssl/openssl.cnf

[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=1

Hopefully this helps someone else who stumbles across this post.

Disclaimer I am working in a lab environment with VMs. Not a suggested fix for your normal OS.

[nasiriyima]

In my own case (on Kalinux) I had to install ssl support for perl as follows:

aptitude install libio-socket-ssl-perl aptitude install libcrypt-ssleay-perl

source