search

sullo / nikto

Nikto web server scanner
Other
8.16k stars 1.19k forks source link

Bug: JSON output is not valid when the target is not a webserver #721

Closed nodauf closed 3 years ago

nodauf commented 3 years ago

Expected behavior

The json report should be valid.

Actual behavior

When nikto is run on a port where there is no webserver the output is 

{"id": "000029","OSVDB": "0","url":"/","msg":"No web server found on localhost:8080"}}

At the end there too many is a }. One came from report_item and the other from report_close

Steps to reproduce

  1. Start netcat : nc -lvp 8080
  2. Run nikto: nikto -host http://localhost:8080 -ask no -o /tmp/out.json

Nikto version

---------------------------------------------------------------------------
Nikto Versions
---------------------------------------------------------------------------
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.1.6
LibWhisker                         2.5
db_404_strings                     2.003
db_content_search                  2.000
db_dictionary                      1.0
db_dir_traversal                   2.1.6
db_domino                          2.1.6
db_drupal                          1.00
db_embedded                        2.004
db_favicon                         2.010
db_headers                         2.008
db_httpoptions                     2.002
db_multiple_index                  2.005
db_outdated                        2.017
db_parked_strings                  2.001
db_realms                          2.002
db_server_msgs                     2.006
db_tests                           2.021
db_variables                       2.004
nikto_apache_expect_xss.plugin     2.04
nikto_apacheusers.plugin           2.06
nikto_auth.plugin                  2.04
nikto_cgi.plugin                   2.06
nikto_clientaccesspolicy.plugin    1.00
nikto_content_search.plugin        2.05
nikto_cookies.plugin               2.05
nikto_core.plugin                  2.1.5
nikto_dictionary_attack.plugin     2.04
nikto_dir_traversal.plugin         2.1.6
nikto_dishwasher.plugin            2.20
nikto_docker_registry.plugin       2.20
nikto_domino.plugin                2.1.6
nikto_drupal.plugin                1.00
nikto_embedded.plugin              2.07
nikto_favicon.plugin               2.09
nikto_fileops.plugin               1.00
nikto_headers.plugin               2.11
nikto_httpoptions.plugin           2.10
nikto_ms10_070.plugin              1.00
nikto_msgs.plugin                  2.07
nikto_multiple_index.plugin        2.03
nikto_negotiate.plugin             2.00
nikto_origin_reflection.plugin     2.01
nikto_outdated.plugin              2.09
nikto_parked.plugin                2.00
nikto_paths.plugin                 2.00
nikto_put_del_test.plugin          2.04
nikto_report_csv.plugin            2.07
nikto_report_html.plugin           2.06
nikto_report_json.plugin           2.00
nikto_report_nbe.plugin            2.02
nikto_report_sqlg.plugin           2.00
nikto_report_text.plugin           2.05
nikto_report_xml.plugin            2.06
nikto_robots.plugin                2.06
nikto_shellshock.plugin            2.01
nikto_siebel.plugin                1.00
nikto_sitefiles.plugin             2.00
nikto_ssl.plugin                   2.01
nikto_strutshock.plugin            2.01
nikto_tests.plugin                 2.04
---------------------------------------------------------------------------
---------------------------------------------------------------------------
sullo commented 3 years ago

rearranged things so the json is now valid if the host can't be connected to, as well as add the host meta information.

{"host":"localhost","ip":"127.0.0.1","port":"22","banner":"","vulnerabilities":[{"id": "000029","method":"TCP","url":"","msg":"Unable to connect to localhost:22."}]}