From owner-freebsd-ports Mon Sep 23 15:10:11 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE46737B404 for ; Mon, 23 Sep 2002 15:10:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C499B43E86 for ; Mon, 23 Sep 2002 15:10:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8NMA2Co049653 for ; Mon, 23 Sep 2002 15:10:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8NMA2QD049652; Mon, 23 Sep 2002 15:10:02 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56E0437B401 for ; Mon, 23 Sep 2002 15:07:58 -0700 (PDT) Received: from porfidio.atstake.com (porfidio.atstake.com [63.168.6.70]) by mx1.FreeBSD.org (Postfix) with SMTP id AD60643E3B for ; Mon, 23 Sep 2002 15:07:57 -0700 (PDT) (envelope-from jamu@atstake.com) Received: by dreher.atstake.com (Postfix, from userid 1000) id A53F64A5B8; Mon, 23 Sep 2002 23:57:35 +0200 (CEST) Message-Id: <20020923211723.3D7EC17B37@porfidio.atstake.com> Date: Mon, 23 Sep 2002 23:57:35 +0200 (CEST) From: Jan Muenther Reply-To: Jan Muenther To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/43313: New Port: nikto web and CGI vulnerability scanner Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 43313 >Category: ports >Synopsis: New Port: nikto web and CGI vulnerability scanner >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Sep 23 15:10:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jan Muenther >Release: FreeBSD 4.7-PRERELEASE i386 >Organization: @stake Security GmbH >Environment: System: FreeBSD dreher.atstake.com 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #1: Sat Sep 14 19:45:16 CEST 2002 root@dreher.atstake.com:/usr/src/sys/compile/DREHER2 i386 >Description: Nikto is designed to examine web servers and look for items in multiple categories: - misconfigurations - default files and scripts - insecure files and scripts - outdated software It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functiona lity, and can perform checks in HTTP or HTTPS. It also supports basic port scanning and will determine if a web server is running on any open ports. >How-To-Repeat: >Fix: --- nikto.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # nikto # nikto/Makefile # nikto/distinfo # nikto/pkg-comment # nikto/files # nikto/files/patch-bb # nikto/files/patch-aa # nikto/pkg-plist # nikto/pkg-descr # echo c - nikto mkdir -p nikto > /dev/null 2>&1 echo x - nikto/Makefile sed 's/^X//' >nikto/Makefile << 'END-of-nikto/Makefile' X# New ports collection makefile for: task X# Date created: 23 September 2002 X# Whom: pandzilla X# X# $FreeBSD$ X# X XPORTNAME= nikto XPORTVERSION= 1.20 XCATEGORIES= security X XMAINTAINER= jan@atstake.com X XMASTER_SITES= http://www.cirt.net/nikto/ARCHIVE/ \ X http://packetstormsecurity.org/UNIX/cgi-scanners/ X XRUN_DEPENDS = ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/i386-freebsd/Net/SSLeay.pm:\ X ${PORTSDIR}/security/p5-Net-SSLeay \ X ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/LW.pm:\ X ${PORTSDIR}/security/libwhisker X XNO_BUILD= yes X Xdo-install: X @${INSTALL_SCRIPT} ${WRKSRC}/nikto.pl ${PREFIX}/bin/nikto X @${MKDIR} ${PREFIX}/etc/nikto && ${CHMOD} 755 ${PREFIX}/etc/nikto X @${INSTALL_DATA} ${WRKSRC}/config.txt ${PREFIX}/etc/nikto/ X @${MKDIR} ${PREFIX}/share/nikto/ && ${CHMOD} 755 ${PREFIX}/share/nikto/ X @for i in `ls ${WRKSRC}/plugins/` ; \ X do \ X ${INSTALL_SCRIPT} ${WRKSRC}/plugins/$$i ${PREFIX}/share/nikto; \ X done X X.include END-of-nikto/Makefile echo x - nikto/distinfo sed 's/^X//' >nikto/distinfo << 'END-of-nikto/distinfo' XMD5 (nikto-1.20.tar.gz) = ccba1fa18fe4f276f7f5e1c5e5333b02 END-of-nikto/distinfo echo x - nikto/pkg-comment sed 's/^X//' >nikto/pkg-comment << 'END-of-nikto/pkg-comment' XWeb and CGI vulnerability scanner with SSL support END-of-nikto/pkg-comment echo c - nikto/files mkdir -p nikto/files > /dev/null 2>&1 echo x - nikto/files/patch-bb sed 's/^X//' >nikto/files/patch-bb << 'END-of-nikto/files/patch-bb' X--- config.txt.old Mon Sep 23 23:25:00 2002 X+++ config.txt Mon Sep 23 23:25:25 2002 X@@ -21,7 +21,7 @@ X DEFAULTHTTPVER=1.1 X X # if Nikto is having difficulty finding 'plugins', set the full path here X-#PLUGINDIR=/usr/local/nikto/plugins X+PLUGINDIR=/usr/local/share/nikto/ X X # add directories/files which are ONLY used during mutate scans X # each directory will be checked with each file (1200+ tries?), and each file END-of-nikto/files/patch-bb echo x - nikto/files/patch-aa sed 's/^X//' >nikto/files/patch-aa << 'END-of-nikto/files/patch-aa' X--- nikto.pl.old Mon Sep 23 23:13:26 2002 X+++ nikto.pl Mon Sep 23 23:14:37 2002 X@@ -1,11 +1,7 @@ X #!/usr/bin/perl X use IO::Socket; X use Getopt::Long; X- X-# INSTALLED LW: X-#use LW; X-# LOCAL LW: X-require "./plugins/LW.pm"; X+use LW; X X ####################################################################### X # last update: 08.11.2002 X@@ -262,7 +258,7 @@ X $CLIOPTS .= "\t$i\t$NIKTO{mutate_opts}{$i}\n"; } X X ### CONFIG FILE STUFF X- my $configfile="config.txt"; X+ my $configfile="/usr/local/etc/nikto/config.txt"; X my $noconfig=0; X open(CONF,"<$configfile") || $noconfig++; X my @CONFILE=; END-of-nikto/files/patch-aa echo x - nikto/pkg-plist sed 's/^X//' >nikto/pkg-plist << 'END-of-nikto/pkg-plist' Xbin/nikto Xetc/nikto/config.txt Xshare/nikto/nikto_a1_headers.plugin Xshare/nikto/nikto_mutate.plugin Xshare/nikto/nikto_a2_robots.plugin Xshare/nikto/nikto_outdated.plugin Xshare/nikto/nikto_apacheusers.plugin Xshare/nikto/nikto_passfiles.plugin Xshare/nikto/nikto_frontpage.plugin Xshare/nikto/nikto_google.plugin Xshare/nikto/nikto_httpoptions.plugin Xshare/nikto/nikto_msgs.plugin Xshare/nikto/server_msgs.db Xshare/nikto/outdated.db Xshare/nikto/scan_database.db Xshare/nikto/LW.pm X@dirrm share/nikto X@dirrm etc/nikto END-of-nikto/pkg-plist echo x - nikto/pkg-descr sed 's/^X//' >nikto/pkg-descr << 'END-of-nikto/pkg-descr' XNikto is designed to examine web servers and look for items in multiple Xcategories: X X- misconfigurations X- default files and scripts X- insecure files and scripts X- outdated software X XIt uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functiona lity, Xand can perform checks in HTTP or HTTPS. It also supports basic port scanning X and will determine if a web server is running on any open ports. X XWWW: http://www.cirt.net/nikto/ X X- pandzilla X Xjan@atstake.com END-of-nikto/pkg-descr exit --- nikto.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message