sullo / nikto

Nikto web server scanner
Other
8.55k stars 1.23k forks source link

Duplicated for X-Clacks-Overhead test in nikto_headers #772

Closed tautology0 closed 2 years ago

tautology0 commented 2 years ago

commit 65059c63df69689cdecf9813a1d0ff53e79514da duplicated the X-Clacks-Overhead test with a comment implying that it's checking for Content-Security-Policy or Content-Security-Policy-Report-Only.

    # CSP Report URLs
      if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {
        if (defined $result->{'x-clacks-overhead'}) {
            add_vulnerability( $mark, "There appears to be clacks overhead on the server, the message is: $result->{'x-clacks-overhead'}", 999104, 0,
                $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
            $HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } = 1;
        }
    }
sullo commented 2 years ago

I'm not sure what commit you're looking at but the linked one doesn't have x-clacks-overhead in it. Looking at the plugin, I only see one block for it.

Was the 'message' from x-clacks-overhead different in the multiple responses? De-duplication checks in add_vulnerability() will fail to match if the message is different.

tautology0 commented 2 years ago

Yeah looked like I C+P'd the wrong request. This is what nikto_headers looks like at the moment:

    if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {
        if (defined $result->{'x-clacks-overhead'}) {
            add_vulnerability( $mark, "There appears to be clacks overhead on the server, the message is: $result->{'x-clacks-overhead'}", 999104, 0,
                $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
            $HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } = 1;
        }
    }

    # CSP Report URLs
      if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {
        if (defined $result->{'x-clacks-overhead'}) {
            add_vulnerability( $mark, "There appears to be clacks overhead on the server, the message is: $result->{'x-clacks-overhead'}", 999104, 0,
                $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);
            $HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } = 1;
        }
    }
sullo commented 2 years ago

I'm not sure how I missed that searching for clacks, but... updated to report-to which was the intent.