sullo / nikto

Nikto web server scanner
Other
8.69k stars 1.26k forks source link

Bug: Unable to scan servers using HTTPS #763

Open ElephasMax opened 2 years ago

ElephasMax commented 2 years ago

Expected behavior

I expected nikto to successfully connect to a https webserver to conduct its scans

Actual behavior

Received the following errors:

Linux kali 5.16.0-kali6-cloud-amd64 #1 SMP PREEMPT Debian 5.16.14-1kali2 (2022-03-23) x86_64 GNU/Linux:

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157. LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.

Linux ubuntu 5.13.0-35-generic #40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /home/elephas/nikto/program/plugins/LW2.pm line 5157.

LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 42851: 1 - ERROR_SYSCALL(-1,5) :

Steps to reproduce

  1. Clone nikto from repo using instructions in README
  2. ./nikto.pl -h https://subdomain.domain.com/random_customer_id/#/authenticate

Nikto version

Run:

./nikto.pl -Version

Nikto Versions

File Version Last Mod


Nikto main 2.1.6 LibWhisker 2.5 db_404_strings 2.003 db_content_search 2.000 db_dictionary 1.0 db_dir_traversal 2.1.6 db_domino 2.1.6 db_drupal 1.00 db_embedded 2.004 db_favicon 2.010 db_headers 2.008 db_httpoptions 2.002 db_multiple_index 2.005 db_outdated 2.017 db_parked_strings 2.001 db_realms 2.002 db_server_msgs 2.006 db_tests 2.021 db_variables 2.004 nikto_apache_expect_xss.plugin 2.04 nikto_apacheusers.plugin 2.06 nikto_auth.plugin 2.04 nikto_cgi.plugin 2.06 nikto_clientaccesspolicy.plugin 1.00 nikto_content_search.plugin 2.05 nikto_cookies.plugin 2.05 nikto_core.plugin 2.1.5 nikto_dictionary_attack.plugin 2.04 nikto_dir_traversal.plugin 2.1.6 nikto_dishwasher.plugin 2.20 nikto_docker_registry.plugin 2.20 nikto_domino.plugin 2.1.6 nikto_drupal.plugin 1.00 nikto_embedded.plugin 2.07 nikto_favicon.plugin 2.09 nikto_fileops.plugin 1.00 nikto_headers.plugin 2.11 nikto_httpoptions.plugin 2.10 nikto_ms10_070.plugin 1.00 nikto_msgs.plugin 2.07 nikto_multiple_index.plugin 2.03 nikto_negotiate.plugin 2.00 nikto_origin_reflection.plugin 2.01 nikto_outdated.plugin 2.09 nikto_parked.plugin 2.00 nikto_paths.plugin 2.00 nikto_put_del_test.plugin 2.04 nikto_report_csv.plugin 2.07 nikto_report_html.plugin 2.06 nikto_report_json.plugin 2.00 nikto_report_nbe.plugin 2.02 nikto_report_sqlg.plugin 2.00 nikto_report_text.plugin 2.05 nikto_report_xml.plugin 2.06 nikto_robots.plugin 2.06 nikto_shellshock.plugin 2.01 nikto_siebel.plugin 1.00 nikto_sitefiles.plugin 2.00 nikto_ssl.plugin 2.01 nikto_strutshock.plugin 2.01 nikto_tests.plugin 2.04


and paste the output here.

Further technical info

Will comment separately

E.g. you can obtain Nikto debug output by running -D D and redirecting to a file. You may also scrub the output of hostnames and IPs by specifying -D DS.

digininja commented 2 years ago

Can you hit that URL with curl?

On Tue, 19 Apr 2022, 21:56 Ben Roesler, @.***> wrote:

Expected behavior

I expected nikto to successfully connect to a https webserver to conduct its scans Actual behavior

Received the following errors: Linux kali 5.16.0-kali6-cloud-amd64 #1 https://github.com/sullo/nikto/issues/1 SMP PREEMPT Debian 5.16.14-1kali2 (2022-03-23) x86_64 GNU/Linux:

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157. LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157. Linux ubuntu 5.13.0-35-generic #40 https://github.com/sullo/nikto/pull/40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /home/elephas/nikto/program/plugins/LW2.pm line 5157.

LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 42851: 1 - ERROR_SYSCALL(-1,5) : Steps to reproduce

  1. Clone nikto from repo using instructions in README
  2. ./nikto.pl -h https://subdomain.domain.com/random_customer_id/#/authenticate

Nikto version

Run:

./nikto.pl -Version


Nikto Versions

File Version Last Mod

Nikto main 2.1.6 LibWhisker 2.5 db_404_strings 2.003 db_content_search 2.000 db_dictionary 1.0 db_dir_traversal 2.1.6 db_domino 2.1.6 db_drupal 1.00 db_embedded 2.004 db_favicon 2.010 db_headers 2.008 db_httpoptions 2.002 db_multiple_index 2.005 db_outdated 2.017 db_parked_strings 2.001 db_realms 2.002 db_server_msgs 2.006 db_tests 2.021 db_variables 2.004 nikto_apache_expect_xss.plugin 2.04 nikto_apacheusers.plugin 2.06 nikto_auth.plugin 2.04 nikto_cgi.plugin 2.06 nikto_clientaccesspolicy.plugin 1.00 nikto_content_search.plugin 2.05 nikto_cookies.plugin 2.05 nikto_core.plugin 2.1.5 nikto_dictionary_attack.plugin 2.04 nikto_dir_traversal.plugin 2.1.6 nikto_dishwasher.plugin 2.20 nikto_docker_registry.plugin 2.20 nikto_domino.plugin 2.1.6 nikto_drupal.plugin 1.00 nikto_embedded.plugin 2.07 nikto_favicon.plugin 2.09 nikto_fileops.plugin 1.00 nikto_headers.plugin 2.11 nikto_httpoptions.plugin 2.10 nikto_ms10_070.plugin 1.00 nikto_msgs.plugin 2.07 nikto_multiple_index.plugin 2.03 nikto_negotiate.plugin 2.00 nikto_origin_reflection.plugin 2.01 nikto_outdated.plugin 2.09 nikto_parked.plugin 2.00 nikto_paths.plugin 2.00 nikto_put_del_test.plugin 2.04 nikto_report_csv.plugin 2.07 nikto_report_html.plugin 2.06 nikto_report_json.plugin 2.00 nikto_report_nbe.plugin 2.02 nikto_report_sqlg.plugin 2.00 nikto_report_text.plugin 2.05 nikto_report_xml.plugin 2.06 nikto_robots.plugin 2.06 nikto_shellshock.plugin 2.01 nikto_siebel.plugin 1.00 nikto_sitefiles.plugin 2.00 nikto_ssl.plugin 2.01 nikto_strutshock.plugin 2.01 nikto_tests.plugin 2.04

and paste the output here. Further technical info

Will comment separately

E.g. you can obtain Nikto debug output by running -D D and redirecting to a file. You may also scrub the output of hostnames and IPs by specifying -D DS.

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/763, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWJAHJLTIWIOGCCUSIDVF4MXHANCNFSM5T2A6S7A . You are receiving this because you are subscribed to this thread.Message ID: @.***>

sullo commented 2 years ago

Could you also change to the 2.5.0 branch and try again?

From the base dir of nikto, run: git checkout nikto-2.5.0

and it should switch you.

Thanks

ElephasMax commented 2 years ago

@digininja Yes I can curl

@sullo I get a "SSL negotiation failed" error on both Kali and Ubuntu.. I recloned the repo, checked out nikto-2.5.0, and ran "./nikto.pl -h xxxxxx"

sullo commented 2 years ago

This will tell us something, I think.

Copy nikto.conf.default to nikto.conf (in the main program directory) Edit nikto.conf and look for this section


# Choose SSL libs:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose what's available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto

Change the last line to SSLeay and test. Then change it to SSL and test.

Forcefully choosing SSL vs SSLeay might solve the problem for you, but if not it can help us determine if it's an underlying module error or in nikto/libwhisker.

ElephasMax commented 2 years ago

Kali:

SSLeay: No web server found on xxxxxx:443

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /var/lib/nikto/plugins/LW2.pm line 5157.
 at /var/lib/nikto/plugins/LW2.pm line 5157.
; Connection reset by peer at /var/lib/nikto/plugins/LW2.pm line 5157.
: Connection reset by peer

Ubuntu:

SSLeay:

ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 5168: 1 - ERROR_SYSCALL(-1,5)

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
 at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
; Connection reset by peer at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
: Connection reset by peer
sullo commented 2 years ago

Thanks, that helps a lot... if maybe not enough.

If this is a public endpoint I could test that would help tremendously--you can deliver via email or twitter DM -- whatever works.

If I can't, I'd suggest running SSLTest and seeing if there are any weird results, or if you have a similar one that works try to spot a difference that may be impacting this.

Unfortunately debugging TLS/SSL connections in nikto/libwhisker/modules are some of the most difficult tasks, especially if I can't try it directly.


Note: A workaround may be to run nikto through a Burp or other proxy, which would then negotiate the connection directly to the target. See https://github.com/sullo/nikto/wiki/Annotated-Option-List if you haven't used the proxy options before.

stappersg commented 2 years ago

@ElephasMax in case this issue dropped from your priority list, please close it.

ElephasMax commented 2 years ago

@sullo I haven't heard back since I sent the email. Are you still looking into it?