File: nikto_embedded.plugin

package info (click to toggle)
nikto 1%3A2.1.4-2
  • links: PTS, VCS
  • area: non-free
  • in suites: wheezy
  • size: 2,276 kB
  • sloc: perl: 4,328; makefile: 11
file content (75 lines) | stat: -rw-r--r-- 3,041 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
#VERSION,2.06
# $Id: nikto_embedded.plugin 632 2011-02-19 02:49:31Z sullo $
###############################################################################
#  Copyright (C) 2006 CIRT, Inc.
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; version 2
#  of the License only.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
###############################################################################
# PURPOSE:
# Various messages relating to the server banner
###############################################################################
# NOTES:
# versions are loaded from the "db_server_msgs" file, which should be in the
# plugins directory this plugin checks the server version to see if there are
# any version specific items in the4 db_server_msgs this differs from
# nikto_outdated because that is ONLY checking to see if it is an old version,
# whereas this checks to see if the versions match
###############################################################################
sub nikto_embedded_init {
    my $id = { name        => "embedded",
               full_name   => "Embedded Detection",
               author      => "Deity",
               description => "Checks to see whether the host is an embedded server.",
               hooks       => { scan => { method => \&nikto_embedded, }, },
               copyright   => "2009 CIRT Inc."
               };
    return $id;
}

sub nikto_embedded {
    return if $mark->{'terminate'};
    my ($mark) = @_;
    my $dbarray;
    $dbarray = init_db("db_embedded");

    foreach my $item (@$dbarray) {
        return if $mark->{'terminate'};
        (my $res, $content) =
          nfetch($mark, $item->{'uri'}, "GET", "", "", "", "embedded detection");
        if ($res eq "200") {
            $item->{'match'} = validate_and_fix_regex($item->{'match'});
            my @lines = split(/\n/, $content);
            foreach my $line (@lines) {

                # Check for the matches and pull out information
                if ($line =~ /$item->{'match'}/) {

                    # Now pull out the make
                    my $model = $line;
                    $model =~ s/$item->{'match'}/$item->{'model'}/ee;
                    $model =~ s/\+/ /g;

                    if ($model ne "") {
                        add_vulnerability($mark, "$item->{'message'} $model",
                                          $item->{'nikto_id'}, 0, "GET", $item->{'uri'});
                    }
                }
            }
        }
    }

}

1;