#!/bin/bash # Slackware build script for Nikto Web Scanner # Copyright 2010-2011 Marco Bonetti # Copyright 2015-2017 Brenton Earl # All rights reserved. # # Redistribution and use of this script, with or without modification, is # permitted provided that the following conditions are met: # # 1. Redistributions of this script must retain the above copyright # notice, this list of conditions and the following disclaimer. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. cd $(dirname $0) ; CWD=$(pwd) PRGNAM=nikto VERSION=${VERSION:-2.1.6} BUILD=${BUILD:-2} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i586 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac fi TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} if [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP rm -rf $PRGNAM tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ -o -perm 511 \) -exec chmod 755 {} \; -o \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; # Force SBo shipped LW2 module patch -p1 --verbose < $CWD/patches/nikto.pl.diff patch -p1 --verbose < $CWD/patches/replay.pl.diff patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff # Fix path for Slackware patch -p1 --verbose < $CWD/patches/man_page.diff # Fix CVE-2018-11652: https://nvd.nist.gov/vuln/detail/CVE-2018-11652 # Allows remote attackers to inject arbitrary OS commands via the # server field in an HTTP response header, which is directly # injected into a CSV report # PoC: https://www.exploit-db.com/exploits/44899/ patch -p1 --verbose < $CWD/patches/CVE-2018-11652-CSV-injection.patch # Install executable if [ "$ARCH" = "x86_64" ]; then install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto else install -Dm 755 $CWD/nikto.sh $PKG/usr/bin/nikto fi # Install the rest install -d $PKG/usr/lib${LIBDIRSUFFIX}/nikto cp -a program/* $PKG/usr/lib${LIBDIRSUFFIX}/nikto install -Dm 644 program/nikto.conf $PKG/etc/nikto.conf.new install -Dm 644 documentation/nikto.1 $PKG/usr/man/man1/nikto.1 install -Dm 755 program/replay.pl $PKG/usr/bin/replay.pl # Remove the upstream shipped libwhisker2 rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/plugins/LW2.pm # Clean up duplicate config rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/nikto.conf find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a program/docs/nikto_manual.html program/docs/*.txt README.md \ $PKG/usr/doc/$PRGNAM-$VERSION/ rm -r $PKG/usr/lib${LIBDIRSUFFIX}/nikto/docs cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}