diff options
-rw-r--r-- | network/nikto/README | 31 | ||||
-rw-r--r-- | network/nikto/doinst.sh | 11 | ||||
-rw-r--r-- | network/nikto/nikto.SlackBuild | 92 | ||||
-rw-r--r-- | network/nikto/nikto.info | 6 | ||||
-rw-r--r-- | network/nikto/nikto.sh | 3 | ||||
-rw-r--r-- | network/nikto/nikto64.sh | 3 | ||||
-rw-r--r-- | network/nikto/patches/man_page.diff | 11 | ||||
-rw-r--r-- | network/nikto/patches/nikto-2.1.4/README | 3 | ||||
-rw-r--r-- | network/nikto/patches/nikto-2.1.4/nikto.diff | 21 | ||||
-rw-r--r-- | network/nikto/patches/nikto-2.1.5/nikto.conf.diff | 14 | ||||
-rw-r--r-- | network/nikto/patches/nikto-2.1.5/nikto64.conf.diff | 14 | ||||
-rw-r--r-- | network/nikto/patches/nikto.pl.diff (renamed from network/nikto/patches/nikto-2.1.5/nikto.pl.diff) | 10 | ||||
-rw-r--r-- | network/nikto/patches/nikto_core.plugin.diff | 10 | ||||
-rw-r--r-- | network/nikto/patches/replay.pl.diff | 11 |
14 files changed, 107 insertions, 133 deletions
diff --git a/network/nikto/README b/network/nikto/README index 130a4bb34fc78..0174ffe58d84f 100644 --- a/network/nikto/README +++ b/network/nikto/README @@ -1,14 +1,19 @@ -Nikto is an Open Source (GPL) web server scanner which performs -comprehensive tests against web servers for multiple items, including -over 3500 potentially dangerous files/CGIs, versions on over 900 servers, -and version specific problems on over 250 servers. Scan items and plugins -are frequently updated and can be automatically updated (if desired). +Nikto is an Open Source (GPL) web server scanner which performs comprehensive +tests against web servers for multiple items, including over 6700 potentially +dangerous files/programs, checks for outdated versions of over 1250 servers, +and version specific problems on over 270 servers. It also checks for server +configuration items such as the presence of multiple index files, HTTP server +options, and will attempt to identify installed web servers and software. Scan +items and plugins are frequently updated and can be automatically updated. -WARNING: if you're updating from 2.03 to 2.1.0 keep in mind that -the configuration file have been changed from the old location -/etc/nikto/config.txt (a debianism I introduced to work around the -config.txt unspecified location) to the newer, official /etc/nikto.conf. -Speaking of debianism: I removed the symolic link /usr/bin/nikto creation, -upgradepkg will not rm it but newer installs will not have it anymore. If -you like the link and want to retain it in future updates, just uncomment -the needed lines inside the SlackBuild. +Nikto is not designed as a stealthy tool. It will test a web server in the +quickest time possible, and is obvious in log files or to an IPS/IDS. However, +there is support for LibWhisker's anti-IDS methods in case you want to give it +a try (or test your IDS system). + +Not every check is a security problem, though most are. There are some items +that are "info only" type checks that look for things that may not have a +security flaw, but the webmaster or security engineer may not know are present +on the server. These items are usually marked appropriately in the information +printed. There are also some checks for unknown items which have been seen +scanned for in log files. diff --git a/network/nikto/doinst.sh b/network/nikto/doinst.sh index bd63e8f2be51b..e59261f753b9d 100644 --- a/network/nikto/doinst.sh +++ b/network/nikto/doinst.sh @@ -1,22 +1,11 @@ config() { NEW="$1" OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: if [ ! -r $OLD ]; then mv $NEW $OLD elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy rm $NEW fi - # Otherwise, we leave the .new copy for the admin to consider... } -# Keep same perms on nikto.conf: -if [ -e etc/nikto.conf ]; then - cp -a etc/nikto.conf etc/nikto.conf.new.incoming - cat etc/nikto.conf.new > etc/nikto.conf.new.incoming - mv etc/nikto.conf.new.incoming etc/nikto.conf.new -fi - config etc/nikto.conf.new - diff --git a/network/nikto/nikto.SlackBuild b/network/nikto/nikto.SlackBuild index f9617fe26c932..118f4d949af4f 100644 --- a/network/nikto/nikto.SlackBuild +++ b/network/nikto/nikto.SlackBuild @@ -1,11 +1,9 @@ #!/bin/sh # Slackware build script for Nikto Web Scanner -# -# Copyright 2015 Brenton Earl <brent@exitstatusone.com> -# All rights reserved. -# + # Copyright 2010-2011 Marco Bonetti <sid77@slackware.it> +# Copyright 2015-2017 Brenton Earl <brent@exitstatusone.com> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -26,13 +24,13 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=nikto -VERSION=${VERSION:-2.1.5} +VERSION=${VERSION:-2.1.6} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i486 ;; + i?86) ARCH=i586 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -43,13 +41,14 @@ TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} -DOCS="CHANGES.txt LICENSE.txt nikto_manual.html" - -if [ "$ARCH" = "i486" ]; then +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -65,50 +64,50 @@ rm -rf $PRGNAM tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +# Force SBo shipped LW2 module +patch -p1 --verbose < $CWD/patches/nikto.pl.diff +patch -p1 --verbose < $CWD/patches/replay.pl.diff +patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff -# Fix nikto.pl paths to use libwhisker2 from SBo. -patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto.pl.diff +# Fix path for Slackware +patch -p1 --verbose < $CWD/patches/man_page.diff -# Set the correct EXECDIR for nikto based on $ARCH +# Install executable if [ "$ARCH" = "x86_64" ]; then - patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto64.conf.diff + install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto else - patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto.conf.diff + install -Dm 755 $CWD/nikto.sh $PKG/usr/bin/nikto fi -# Install the program -install -d \ - $PKG/etc/ \ - $PKG/usr/bin/ \ - $PKG/usr/lib$LIBDIRSUFFIX/nikto/docs/ \ - $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/ \ - $PKG/usr/lib$LIBDIRSUFFIX/nikto/templates/ \ - $PKG/usr/lib$LIBDIRSUFFIX/nikto/databases/ -install -m 0644 nikto.conf $PKG/etc/nikto.conf.new -install -m 0644 docs/CHANGES.txt $PKG/usr/lib$LIBDIRSUFFIX/nikto/docs/ -install -m 0644 plugins/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/ -install -m 0644 templates/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/templates/ -install -m 0644 databases/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/databases/ -install -m 0755 nikto.pl $PKG/usr/bin/ - -## However, be compatible with any users' scripts -# No, drop compatibility here: stick as much as possible to the sources. -# This was a debianism I adopted with the first version, however, if you like -# it just uncomment the lines below. -#( cd $PKG/usr/bin -# ln -s nikto.pl nikto -#) - -# Remove the shipped libwhisker2 -rm -f $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/LW2.pm - -# Copy over important docs and man page +# Install the rest +install -d $PKG/usr/lib${LIBDIRSUFFIX}/nikto +cp -a program/* $PKG/usr/lib${LIBDIRSUFFIX}/nikto +install -Dm 644 program/nikto.conf $PKG/etc/nikto.conf.new +install -Dm 644 documentation/nikto.1 $PKG/usr/man/man1/nikto.1 +install -Dm 755 program/replay.pl $PKG/usr/bin/replay.pl + +# Remove the upstream shipped libwhisker2 +rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/plugins/LW2.pm + +# Clean up duplicate config +rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/nikto.conf + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -mkdir -p $PKG/usr/man/man1/ -cd docs - cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION/ - gzip -9c nikto.1 > $PKG/usr/man/man1/nikto.1.gz -cd - +cp -a program/docs/nikto_manual.html program/docs/*.txt README.md \ + $PKG/usr/doc/$PRGNAM-$VERSION/ +rm -r $PKG/usr/lib${LIBDIRSUFFIX}/nikto/docs cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install @@ -117,4 +116,3 @@ cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} - diff --git a/network/nikto/nikto.info b/network/nikto/nikto.info index d3604d22e88f1..46c249a44d5c2 100644 --- a/network/nikto/nikto.info +++ b/network/nikto/nikto.info @@ -1,8 +1,8 @@ PRGNAM="nikto" -VERSION="2.1.5" +VERSION="2.1.6" HOMEPAGE="http://cirt.net/nikto2" -DOWNLOAD="https://cirt.net/nikto/nikto-2.1.5.tar.gz" -MD5SUM="efcc98a918becb77471ee9a5df0a7b1e" +DOWNLOAD="https://github.com/sullo/nikto/archive/2.1.6/nikto-2.1.6.tar.gz" +MD5SUM="3d6c1b5a6fcdd47c18169febda02393e" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="Net-SSLeay libwhisker2" diff --git a/network/nikto/nikto.sh b/network/nikto/nikto.sh new file mode 100644 index 0000000000000..c722c9a993e70 --- /dev/null +++ b/network/nikto/nikto.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd /usr/lib/nikto +exec /usr/bin/perl nikto.pl "$@" diff --git a/network/nikto/nikto64.sh b/network/nikto/nikto64.sh new file mode 100644 index 0000000000000..d19b571e9aacc --- /dev/null +++ b/network/nikto/nikto64.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd /usr/lib64/nikto +exec /usr/bin/perl nikto.pl "$@" diff --git a/network/nikto/patches/man_page.diff b/network/nikto/patches/man_page.diff new file mode 100644 index 0000000000000..a0ea52cc98337 --- /dev/null +++ b/network/nikto/patches/man_page.diff @@ -0,0 +1,11 @@ +--- nikto-2.1.6.orig/documentation/nikto.1 2015-07-09 08:06:04.000000000 -0600 ++++ nikto-2.1.6/documentation/nikto.1 2017-04-18 18:34:32.064524263 -0600 +@@ -14,7 +14,7 @@ + nikto \- Scan web server for known vulnerabilities + .SH "SYNOPSIS" + .HP 21 +-\fB/usr/local/bin/nikto\fR [options...] ++\fB/usr/bin/nikto\fR [options...] + .SH "DESCRIPTION" + .PP + Examine a web server to find potential problems and security vulnerabilities, including:
\ No newline at end of file diff --git a/network/nikto/patches/nikto-2.1.4/README b/network/nikto/patches/nikto-2.1.4/README deleted file mode 100644 index 4f9c30e667447..0000000000000 --- a/network/nikto/patches/nikto-2.1.4/README +++ /dev/null @@ -1,3 +0,0 @@ -This directory and its file is kept as a reference to -how the last maintainer patched nikto.pl. Will be -deleted eventually. diff --git a/network/nikto/patches/nikto-2.1.4/nikto.diff b/network/nikto/patches/nikto-2.1.4/nikto.diff deleted file mode 100644 index 1c3774db92a59..0000000000000 --- a/network/nikto/patches/nikto-2.1.4/nikto.diff +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur nikto-2.1.4.orig/nikto.pl nikto-2.1.4/nikto.pl ---- nikto-2.1.4.orig/nikto.pl 2011-02-19 03:53:23.000000000 +0100 -+++ nikto-2.1.4/nikto.pl 2011-02-21 17:50:11.978245864 +0100 -@@ -6,7 +6,7 @@ - use Getopt::Long; - Getopt::Long::Configure('no_ignore_case'); - --# use LW2; ### Change this line to use a different installed version -+use LW2; ### Change this line to use a different installed version - - ############################################################################### - # Nikto # -@@ -85,7 +85,7 @@ - require "$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin"; - nprint("T:" . localtime($COUNTERS{'scan_start'}) . ": Starting", "d"); - require "$CONFIGFILE{'PLUGINDIR'}/nikto_single.plugin"; --require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm"; -+#require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm"; - - my ($a, $b) = split(/\./, $LW2::VERSION); - die("- You must use LW2 2.4 or later\n") if ($a != 2 || $b < 4); diff --git a/network/nikto/patches/nikto-2.1.5/nikto.conf.diff b/network/nikto/patches/nikto-2.1.5/nikto.conf.diff deleted file mode 100644 index c07f5650225d8..0000000000000 --- a/network/nikto/patches/nikto-2.1.5/nikto.conf.diff +++ /dev/null @@ -1,14 +0,0 @@ - -Set the EXECDIR for nikto to /usr/lib/nikto - ---- nikto-2.1.5.orig/nikto.conf 2015-11-07 19:48:17.854292534 -0700 -+++ nikto-2.1.5/nikto.conf 2015-11-07 19:49:23.270289730 -0700 -@@ -61,7 +61,7 @@ - CHECKMETHODS=HEAD GET - - # If you want to specify the location of any of the files, specify them here --# EXECDIR=/opt/nikto # Location of Nikto -+EXECDIR=/usr/lib/nikto # Location of Nikto - # PLUGINDIR=/opt/nikto/plugins # Location of plugin dir - # DBDIR=/opt/nikto/databases # Location of database dir - # TEMPLATEDIR=/opt/nikto/templates # Location of template dir diff --git a/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff b/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff deleted file mode 100644 index 35709331f644d..0000000000000 --- a/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff +++ /dev/null @@ -1,14 +0,0 @@ - -Set the EXECDIR for nikto to /usr/lib64/nikto - ---- nikto-2.1.5.orig/nikto.conf 2015-11-07 19:48:17.854292534 -0700 -+++ nikto-2.1.5/nikto.conf 2015-11-07 19:50:49.311286043 -0700 -@@ -61,7 +61,7 @@ - CHECKMETHODS=HEAD GET - - # If you want to specify the location of any of the files, specify them here --# EXECDIR=/opt/nikto # Location of Nikto -+EXECDIR=/usr/lib64/nikto # Location of Nikto - # PLUGINDIR=/opt/nikto/plugins # Location of plugin dir - # DBDIR=/opt/nikto/databases # Location of database dir - # TEMPLATEDIR=/opt/nikto/templates # Location of template dir diff --git a/network/nikto/patches/nikto-2.1.5/nikto.pl.diff b/network/nikto/patches/nikto.pl.diff index 676ada3a9f7f9..6f66dc3483522 100644 --- a/network/nikto/patches/nikto-2.1.5/nikto.pl.diff +++ b/network/nikto/patches/nikto.pl.diff @@ -1,15 +1,11 @@ - -Fix nikto.pl paths to use libwhisker2 from SBo. - ---- nikto-2.1.5.orig/nikto.pl 2012-09-10 02:22:36.000000000 -0600 -+++ nikto-2.1.5/nikto.pl 2015-11-07 22:14:55.380915446 -0700 -@@ -56,14 +56,14 @@ +--- nikto-2.1.6.orig/program/nikto.pl 2015-07-09 08:06:04.000000000 -0600 ++++ nikto-2.1.6/program/nikto.pl 2017-04-21 18:57:58.363647008 -0600 +@@ -54,13 +54,13 @@ setup_dirs(); require "$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin"; nprint("T:" . localtime($COUNTERS{'scan_start'}) . ": Starting", "d"); -require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm"; +#require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm"; - require "$CONFIGFILE{'PLUGINDIR'}/JSON-PP.pm"; $VARIABLES{'GMTOFFSET'} = gmt_offset(); -# use LW2; ### Change this line to use a different installed version diff --git a/network/nikto/patches/nikto_core.plugin.diff b/network/nikto/patches/nikto_core.plugin.diff new file mode 100644 index 0000000000000..ad7094101bb84 --- /dev/null +++ b/network/nikto/patches/nikto_core.plugin.diff @@ -0,0 +1,10 @@ +--- nikto-2.1.6.orig/program/plugins/nikto_core.plugin 2015-07-09 08:06:04.000000000 -0600 ++++ nikto-2.1.6/program/plugins/nikto_core.plugin 2017-04-21 18:40:26.172718366 -0600 +@@ -2572,7 +2572,6 @@ + if ($@) { + nprint("+ WARNING: Module JSON::PP missing. -Savedir and replay functionality cannot be used."); + } +- LW2::init_ssl_engine(); + my ($avail, $lib, $ver) = LW2::ssl_is_available(); + if (!$avail) { + nprint("+ WARNING: SSL: support not available."); diff --git a/network/nikto/patches/replay.pl.diff b/network/nikto/patches/replay.pl.diff new file mode 100644 index 0000000000000..5c18b968533dd --- /dev/null +++ b/network/nikto/patches/replay.pl.diff @@ -0,0 +1,11 @@ +--- nikto-2.1.6.orig/program/replay.pl 2015-07-09 08:06:04.000000000 -0600 ++++ nikto-2.1.6/program/replay.pl 2017-04-21 17:57:45.292892040 -0600 +@@ -22,7 +22,7 @@ + ############################################################################### + use Getopt::Long; + use JSON::PP; +-require 'plugins/LW2.pm'; ++use LW2; + my ($infile, $proxy, %request, $header, %result, $s_request); + LW2::http_init_request(\%request); +
\ No newline at end of file |