aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/nikto/README31
-rw-r--r--network/nikto/doinst.sh11
-rw-r--r--network/nikto/nikto.SlackBuild92
-rw-r--r--network/nikto/nikto.info6
-rw-r--r--network/nikto/nikto.sh3
-rw-r--r--network/nikto/nikto64.sh3
-rw-r--r--network/nikto/patches/man_page.diff11
-rw-r--r--network/nikto/patches/nikto-2.1.4/README3
-rw-r--r--network/nikto/patches/nikto-2.1.4/nikto.diff21
-rw-r--r--network/nikto/patches/nikto-2.1.5/nikto.conf.diff14
-rw-r--r--network/nikto/patches/nikto-2.1.5/nikto64.conf.diff14
-rw-r--r--network/nikto/patches/nikto.pl.diff (renamed from network/nikto/patches/nikto-2.1.5/nikto.pl.diff)10
-rw-r--r--network/nikto/patches/nikto_core.plugin.diff10
-rw-r--r--network/nikto/patches/replay.pl.diff11
14 files changed, 107 insertions, 133 deletions
diff --git a/network/nikto/README b/network/nikto/README
index 130a4bb34fc78..0174ffe58d84f 100644
--- a/network/nikto/README
+++ b/network/nikto/README
@@ -1,14 +1,19 @@
-Nikto is an Open Source (GPL) web server scanner which performs
-comprehensive tests against web servers for multiple items, including
-over 3500 potentially dangerous files/CGIs, versions on over 900 servers,
-and version specific problems on over 250 servers. Scan items and plugins
-are frequently updated and can be automatically updated (if desired).
+Nikto is an Open Source (GPL) web server scanner which performs comprehensive
+tests against web servers for multiple items, including over 6700 potentially
+dangerous files/programs, checks for outdated versions of over 1250 servers,
+and version specific problems on over 270 servers. It also checks for server
+configuration items such as the presence of multiple index files, HTTP server
+options, and will attempt to identify installed web servers and software. Scan
+items and plugins are frequently updated and can be automatically updated.
-WARNING: if you're updating from 2.03 to 2.1.0 keep in mind that
-the configuration file have been changed from the old location
-/etc/nikto/config.txt (a debianism I introduced to work around the
-config.txt unspecified location) to the newer, official /etc/nikto.conf.
-Speaking of debianism: I removed the symolic link /usr/bin/nikto creation,
-upgradepkg will not rm it but newer installs will not have it anymore. If
-you like the link and want to retain it in future updates, just uncomment
-the needed lines inside the SlackBuild.
+Nikto is not designed as a stealthy tool. It will test a web server in the
+quickest time possible, and is obvious in log files or to an IPS/IDS. However,
+there is support for LibWhisker's anti-IDS methods in case you want to give it
+a try (or test your IDS system).
+
+Not every check is a security problem, though most are. There are some items
+that are "info only" type checks that look for things that may not have a
+security flaw, but the webmaster or security engineer may not know are present
+on the server. These items are usually marked appropriately in the information
+printed. There are also some checks for unknown items which have been seen
+scanned for in log files.
diff --git a/network/nikto/doinst.sh b/network/nikto/doinst.sh
index bd63e8f2be51b..e59261f753b9d 100644
--- a/network/nikto/doinst.sh
+++ b/network/nikto/doinst.sh
@@ -1,22 +1,11 @@
config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
- # If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
- # toss the redundant copy
rm $NEW
fi
- # Otherwise, we leave the .new copy for the admin to consider...
}
-# Keep same perms on nikto.conf:
-if [ -e etc/nikto.conf ]; then
- cp -a etc/nikto.conf etc/nikto.conf.new.incoming
- cat etc/nikto.conf.new > etc/nikto.conf.new.incoming
- mv etc/nikto.conf.new.incoming etc/nikto.conf.new
-fi
-
config etc/nikto.conf.new
-
diff --git a/network/nikto/nikto.SlackBuild b/network/nikto/nikto.SlackBuild
index f9617fe26c932..118f4d949af4f 100644
--- a/network/nikto/nikto.SlackBuild
+++ b/network/nikto/nikto.SlackBuild
@@ -1,11 +1,9 @@
#!/bin/sh
# Slackware build script for Nikto Web Scanner
-#
-# Copyright 2015 Brenton Earl <brent@exitstatusone.com>
-# All rights reserved.
-#
+
# Copyright 2010-2011 Marco Bonetti <sid77@slackware.it>
+# Copyright 2015-2017 Brenton Earl <brent@exitstatusone.com>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -26,13 +24,13 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=nikto
-VERSION=${VERSION:-2.1.5}
+VERSION=${VERSION:-2.1.6}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
- i?86) ARCH=i486 ;;
+ i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
@@ -43,13 +41,14 @@ TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
-DOCS="CHANGES.txt LICENSE.txt nikto_manual.html"
-
-if [ "$ARCH" = "i486" ]; then
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
@@ -65,50 +64,50 @@ rm -rf $PRGNAM
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+# Force SBo shipped LW2 module
+patch -p1 --verbose < $CWD/patches/nikto.pl.diff
+patch -p1 --verbose < $CWD/patches/replay.pl.diff
+patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff
-# Fix nikto.pl paths to use libwhisker2 from SBo.
-patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto.pl.diff
+# Fix path for Slackware
+patch -p1 --verbose < $CWD/patches/man_page.diff
-# Set the correct EXECDIR for nikto based on $ARCH
+# Install executable
if [ "$ARCH" = "x86_64" ]; then
- patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto64.conf.diff
+ install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto
else
- patch -p1 --verbose < $CWD/patches/nikto-2.1.5/nikto.conf.diff
+ install -Dm 755 $CWD/nikto.sh $PKG/usr/bin/nikto
fi
-# Install the program
-install -d \
- $PKG/etc/ \
- $PKG/usr/bin/ \
- $PKG/usr/lib$LIBDIRSUFFIX/nikto/docs/ \
- $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/ \
- $PKG/usr/lib$LIBDIRSUFFIX/nikto/templates/ \
- $PKG/usr/lib$LIBDIRSUFFIX/nikto/databases/
-install -m 0644 nikto.conf $PKG/etc/nikto.conf.new
-install -m 0644 docs/CHANGES.txt $PKG/usr/lib$LIBDIRSUFFIX/nikto/docs/
-install -m 0644 plugins/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/
-install -m 0644 templates/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/templates/
-install -m 0644 databases/* $PKG/usr/lib$LIBDIRSUFFIX/nikto/databases/
-install -m 0755 nikto.pl $PKG/usr/bin/
-
-## However, be compatible with any users' scripts
-# No, drop compatibility here: stick as much as possible to the sources.
-# This was a debianism I adopted with the first version, however, if you like
-# it just uncomment the lines below.
-#( cd $PKG/usr/bin
-# ln -s nikto.pl nikto
-#)
-
-# Remove the shipped libwhisker2
-rm -f $PKG/usr/lib$LIBDIRSUFFIX/nikto/plugins/LW2.pm
-
-# Copy over important docs and man page
+# Install the rest
+install -d $PKG/usr/lib${LIBDIRSUFFIX}/nikto
+cp -a program/* $PKG/usr/lib${LIBDIRSUFFIX}/nikto
+install -Dm 644 program/nikto.conf $PKG/etc/nikto.conf.new
+install -Dm 644 documentation/nikto.1 $PKG/usr/man/man1/nikto.1
+install -Dm 755 program/replay.pl $PKG/usr/bin/replay.pl
+
+# Remove the upstream shipped libwhisker2
+rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/plugins/LW2.pm
+
+# Clean up duplicate config
+rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/nikto.conf
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-mkdir -p $PKG/usr/man/man1/
-cd docs
- cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION/
- gzip -9c nikto.1 > $PKG/usr/man/man1/nikto.1.gz
-cd -
+cp -a program/docs/nikto_manual.html program/docs/*.txt README.md \
+ $PKG/usr/doc/$PRGNAM-$VERSION/
+rm -r $PKG/usr/lib${LIBDIRSUFFIX}/nikto/docs
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
@@ -117,4 +116,3 @@ cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
-
diff --git a/network/nikto/nikto.info b/network/nikto/nikto.info
index d3604d22e88f1..46c249a44d5c2 100644
--- a/network/nikto/nikto.info
+++ b/network/nikto/nikto.info
@@ -1,8 +1,8 @@
PRGNAM="nikto"
-VERSION="2.1.5"
+VERSION="2.1.6"
HOMEPAGE="http://cirt.net/nikto2"
-DOWNLOAD="https://cirt.net/nikto/nikto-2.1.5.tar.gz"
-MD5SUM="efcc98a918becb77471ee9a5df0a7b1e"
+DOWNLOAD="https://github.com/sullo/nikto/archive/2.1.6/nikto-2.1.6.tar.gz"
+MD5SUM="3d6c1b5a6fcdd47c18169febda02393e"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="Net-SSLeay libwhisker2"
diff --git a/network/nikto/nikto.sh b/network/nikto/nikto.sh
new file mode 100644
index 0000000000000..c722c9a993e70
--- /dev/null
+++ b/network/nikto/nikto.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd /usr/lib/nikto
+exec /usr/bin/perl nikto.pl "$@"
diff --git a/network/nikto/nikto64.sh b/network/nikto/nikto64.sh
new file mode 100644
index 0000000000000..d19b571e9aacc
--- /dev/null
+++ b/network/nikto/nikto64.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd /usr/lib64/nikto
+exec /usr/bin/perl nikto.pl "$@"
diff --git a/network/nikto/patches/man_page.diff b/network/nikto/patches/man_page.diff
new file mode 100644
index 0000000000000..a0ea52cc98337
--- /dev/null
+++ b/network/nikto/patches/man_page.diff
@@ -0,0 +1,11 @@
+--- nikto-2.1.6.orig/documentation/nikto.1 2015-07-09 08:06:04.000000000 -0600
++++ nikto-2.1.6/documentation/nikto.1 2017-04-18 18:34:32.064524263 -0600
+@@ -14,7 +14,7 @@
+ nikto \- Scan web server for known vulnerabilities
+ .SH "SYNOPSIS"
+ .HP 21
+-\fB/usr/local/bin/nikto\fR [options...]
++\fB/usr/bin/nikto\fR [options...]
+ .SH "DESCRIPTION"
+ .PP
+ Examine a web server to find potential problems and security vulnerabilities, including: \ No newline at end of file
diff --git a/network/nikto/patches/nikto-2.1.4/README b/network/nikto/patches/nikto-2.1.4/README
deleted file mode 100644
index 4f9c30e667447..0000000000000
--- a/network/nikto/patches/nikto-2.1.4/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This directory and its file is kept as a reference to
-how the last maintainer patched nikto.pl. Will be
-deleted eventually.
diff --git a/network/nikto/patches/nikto-2.1.4/nikto.diff b/network/nikto/patches/nikto-2.1.4/nikto.diff
deleted file mode 100644
index 1c3774db92a59..0000000000000
--- a/network/nikto/patches/nikto-2.1.4/nikto.diff
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -Naur nikto-2.1.4.orig/nikto.pl nikto-2.1.4/nikto.pl
---- nikto-2.1.4.orig/nikto.pl 2011-02-19 03:53:23.000000000 +0100
-+++ nikto-2.1.4/nikto.pl 2011-02-21 17:50:11.978245864 +0100
-@@ -6,7 +6,7 @@
- use Getopt::Long;
- Getopt::Long::Configure('no_ignore_case');
-
--# use LW2; ### Change this line to use a different installed version
-+use LW2; ### Change this line to use a different installed version
-
- ###############################################################################
- # Nikto #
-@@ -85,7 +85,7 @@
- require "$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin";
- nprint("T:" . localtime($COUNTERS{'scan_start'}) . ": Starting", "d");
- require "$CONFIGFILE{'PLUGINDIR'}/nikto_single.plugin";
--require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm";
-+#require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm";
-
- my ($a, $b) = split(/\./, $LW2::VERSION);
- die("- You must use LW2 2.4 or later\n") if ($a != 2 || $b < 4);
diff --git a/network/nikto/patches/nikto-2.1.5/nikto.conf.diff b/network/nikto/patches/nikto-2.1.5/nikto.conf.diff
deleted file mode 100644
index c07f5650225d8..0000000000000
--- a/network/nikto/patches/nikto-2.1.5/nikto.conf.diff
+++ /dev/null
@@ -1,14 +0,0 @@
-
-Set the EXECDIR for nikto to /usr/lib/nikto
-
---- nikto-2.1.5.orig/nikto.conf 2015-11-07 19:48:17.854292534 -0700
-+++ nikto-2.1.5/nikto.conf 2015-11-07 19:49:23.270289730 -0700
-@@ -61,7 +61,7 @@
- CHECKMETHODS=HEAD GET
-
- # If you want to specify the location of any of the files, specify them here
--# EXECDIR=/opt/nikto # Location of Nikto
-+EXECDIR=/usr/lib/nikto # Location of Nikto
- # PLUGINDIR=/opt/nikto/plugins # Location of plugin dir
- # DBDIR=/opt/nikto/databases # Location of database dir
- # TEMPLATEDIR=/opt/nikto/templates # Location of template dir
diff --git a/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff b/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff
deleted file mode 100644
index 35709331f644d..0000000000000
--- a/network/nikto/patches/nikto-2.1.5/nikto64.conf.diff
+++ /dev/null
@@ -1,14 +0,0 @@
-
-Set the EXECDIR for nikto to /usr/lib64/nikto
-
---- nikto-2.1.5.orig/nikto.conf 2015-11-07 19:48:17.854292534 -0700
-+++ nikto-2.1.5/nikto.conf 2015-11-07 19:50:49.311286043 -0700
-@@ -61,7 +61,7 @@
- CHECKMETHODS=HEAD GET
-
- # If you want to specify the location of any of the files, specify them here
--# EXECDIR=/opt/nikto # Location of Nikto
-+EXECDIR=/usr/lib64/nikto # Location of Nikto
- # PLUGINDIR=/opt/nikto/plugins # Location of plugin dir
- # DBDIR=/opt/nikto/databases # Location of database dir
- # TEMPLATEDIR=/opt/nikto/templates # Location of template dir
diff --git a/network/nikto/patches/nikto-2.1.5/nikto.pl.diff b/network/nikto/patches/nikto.pl.diff
index 676ada3a9f7f9..6f66dc3483522 100644
--- a/network/nikto/patches/nikto-2.1.5/nikto.pl.diff
+++ b/network/nikto/patches/nikto.pl.diff
@@ -1,15 +1,11 @@
-
-Fix nikto.pl paths to use libwhisker2 from SBo.
-
---- nikto-2.1.5.orig/nikto.pl 2012-09-10 02:22:36.000000000 -0600
-+++ nikto-2.1.5/nikto.pl 2015-11-07 22:14:55.380915446 -0700
-@@ -56,14 +56,14 @@
+--- nikto-2.1.6.orig/program/nikto.pl 2015-07-09 08:06:04.000000000 -0600
++++ nikto-2.1.6/program/nikto.pl 2017-04-21 18:57:58.363647008 -0600
+@@ -54,13 +54,13 @@
setup_dirs();
require "$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin";
nprint("T:" . localtime($COUNTERS{'scan_start'}) . ": Starting", "d");
-require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm";
+#require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm";
- require "$CONFIGFILE{'PLUGINDIR'}/JSON-PP.pm";
$VARIABLES{'GMTOFFSET'} = gmt_offset();
-# use LW2; ### Change this line to use a different installed version
diff --git a/network/nikto/patches/nikto_core.plugin.diff b/network/nikto/patches/nikto_core.plugin.diff
new file mode 100644
index 0000000000000..ad7094101bb84
--- /dev/null
+++ b/network/nikto/patches/nikto_core.plugin.diff
@@ -0,0 +1,10 @@
+--- nikto-2.1.6.orig/program/plugins/nikto_core.plugin 2015-07-09 08:06:04.000000000 -0600
++++ nikto-2.1.6/program/plugins/nikto_core.plugin 2017-04-21 18:40:26.172718366 -0600
+@@ -2572,7 +2572,6 @@
+ if ($@) {
+ nprint("+ WARNING: Module JSON::PP missing. -Savedir and replay functionality cannot be used.");
+ }
+- LW2::init_ssl_engine();
+ my ($avail, $lib, $ver) = LW2::ssl_is_available();
+ if (!$avail) {
+ nprint("+ WARNING: SSL: support not available.");
diff --git a/network/nikto/patches/replay.pl.diff b/network/nikto/patches/replay.pl.diff
new file mode 100644
index 0000000000000..5c18b968533dd
--- /dev/null
+++ b/network/nikto/patches/replay.pl.diff
@@ -0,0 +1,11 @@
+--- nikto-2.1.6.orig/program/replay.pl 2015-07-09 08:06:04.000000000 -0600
++++ nikto-2.1.6/program/replay.pl 2017-04-21 17:57:45.292892040 -0600
+@@ -22,7 +22,7 @@
+ ###############################################################################
+ use Getopt::Long;
+ use JSON::PP;
+-require 'plugins/LW2.pm';
++use LW2;
+ my ($infile, $proxy, %request, $header, %result, $s_request);
+ LW2::http_init_request(\%request);
+ \ No newline at end of file