search

sullo / nikto

Nikto web server scanner
Other
8.42k stars 1.22k forks source link

Bug: unexpected behaviour trying to skip CGIDIRS checks #683

Closed azimut closed 3 years ago

azimut commented 4 years ago

Note: you can obtain Nikto debug output by running "-D D" and redirecting to a file

you may also scrub the output of hostnames and IPs by specifying "-D DS"

Expected behavior

Do not query for any line on databases/db_tests with @CGIDIRS

Actual behavior

All queries are run without skipping

Steps to reproduce

  1. ./nikto.pl -Tuning 3 -Display V -port 80 -host starbucks.com.ar -Cgidirs none -Plugins "@NONE;tests"

Nikto version

Cloned from master:

[~/projects/sec/nikto/program] > ./nikto.pl -Version
---------------------------------------------------------------------------
Nikto Versions
---------------------------------------------------------------------------
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.1.6
LibWhisker                         2.5
db_404_strings                     2.003        
db_content_search                  2.000        
db_dictionary                      1.0          
db_dir_traversal                   2.1.6        
db_domino                          2.1.6        
db_drupal                          1.00         
db_embedded                        2.004        
db_favicon                         2.010        
db_headers                         2.008        
db_httpoptions                     2.002        
db_multiple_index                  2.005        
db_outdated                        2.017        
db_parked_strings                  2.001        
db_realms                          2.002        
db_server_msgs                     2.006        
db_tests                           2.021        
db_variables                       2.004        
nikto_apache_expect_xss.plugin     2.04         
nikto_apacheusers.plugin           2.06         
nikto_auth.plugin                  2.04         
nikto_cgi.plugin                   2.06         
nikto_clientaccesspolicy.plugin    1.00         
nikto_content_search.plugin        2.05         
nikto_cookies.plugin               2.05         
nikto_core.plugin                  2.1.5        
nikto_dictionary_attack.plugin     2.04         
nikto_dir_traversal.plugin         2.1.6        
nikto_dishwasher.plugin            2.20         
nikto_docker_registry.plugin       2.20         
nikto_domino.plugin                2.1.6        
nikto_drupal.plugin                1.00         
nikto_embedded.plugin              2.07         
nikto_favicon.plugin               2.09         
nikto_fileops.plugin               1.00         
nikto_headers.plugin               2.11         
nikto_httpoptions.plugin           2.10         
nikto_ms10_070.plugin              1.00         
nikto_msgs.plugin                  2.07         
nikto_multiple_index.plugin        2.03         
nikto_negotiate.plugin             2.00         
nikto_origin_reflection.plugin     2.01         
nikto_outdated.plugin              2.09         
nikto_parked.plugin                2.00         
nikto_paths.plugin                 2.00         
nikto_put_del_test.plugin          2.04         
nikto_report_csv.plugin            2.07         
nikto_report_html.plugin           2.06         
nikto_report_json.plugin           2.00         
nikto_report_nbe.plugin            2.02         
nikto_report_sqlg.plugin           2.00         
nikto_report_text.plugin           2.05         
nikto_report_xml.plugin            2.06         
nikto_robots.plugin                2.06         
nikto_shellshock.plugin            2.01         
nikto_siebel.plugin                1.00         
nikto_sitefiles.plugin             2.00         
nikto_ssl.plugin                   2.01         
nikto_strutshock.plugin            2.01         
nikto_tests.plugin                 2.04         
---------------------------------------------------------------------------
---------------------------------------------------------------------------
sullo commented 3 years ago

The option is to skip checking for @CGIDIRS -- which means looking for /cgi/, /cgi-bin/, etc. If none are tested, the tests with @CGIDIRS will only be checked against the root (/) of the site.

I'd be interested to hear others' thoughts on whether this should remain the behavior or actually not perform those checks. Another option might be to add a Tuning flag for anything with @CGIDIRS tests so they can be excluded that way too.

sullo commented 3 years ago

Closing due to no response.