Date: Mon, 23 Sep 2002 23:57:35 +0200 (CEST) From: Jan Muenther <jan@atstake.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/43313: New Port: nikto web and CGI vulnerability scanner Message-ID: <20020923211723.3D7EC17B37@porfidio.atstake.com>
next in thread | raw e-mail | index | archive | help
>Number: 43313 >Category: ports >Synopsis: New Port: nikto web and CGI vulnerability scanner >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Sep 23 15:10:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jan Muenther >Release: FreeBSD 4.7-PRERELEASE i386 >Organization: @stake Security GmbH >Environment: System: FreeBSD dreher.atstake.com 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #1: Sat Sep 14 19:45:16 CEST 2002 root@dreher.atstake.com:/usr/src/sys/compile/DREHER2 i386 >Description: Nikto is designed to examine web servers and look for items in multiple categories: - misconfigurations - default files and scripts - insecure files and scripts - outdated software It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functiona lity, and can perform checks in HTTP or HTTPS. It also supports basic port scanning and will determine if a web server is running on any open ports. >How-To-Repeat: >Fix: --- nikto.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # nikto # nikto/Makefile # nikto/distinfo # nikto/pkg-comment # nikto/files # nikto/files/patch-bb # nikto/files/patch-aa # nikto/pkg-plist # nikto/pkg-descr # echo c - nikto mkdir -p nikto > /dev/null 2>&1 echo x - nikto/Makefile sed 's/^X//' >nikto/Makefile << 'END-of-nikto/Makefile' X# New ports collection makefile for: task X# Date created: 23 September 2002 X# Whom: pandzilla X# X# $FreeBSD$ X# X XPORTNAME= nikto XPORTVERSION= 1.20 XCATEGORIES= security X XMAINTAINER= jan@atstake.com X XMASTER_SITES= http://www.cirt.net/nikto/ARCHIVE/ \ X http://packetstormsecurity.org/UNIX/cgi-scanners/ X XRUN_DEPENDS = ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/i386-freebsd/Net/SSLeay.pm:\ X ${PORTSDIR}/security/p5-Net-SSLeay \ X ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/LW.pm:\ X ${PORTSDIR}/security/libwhisker X XNO_BUILD= yes X Xdo-install: X @${INSTALL_SCRIPT} ${WRKSRC}/nikto.pl ${PREFIX}/bin/nikto X @${MKDIR} ${PREFIX}/etc/nikto && ${CHMOD} 755 ${PREFIX}/etc/nikto X @${INSTALL_DATA} ${WRKSRC}/config.txt ${PREFIX}/etc/nikto/ X @${MKDIR} ${PREFIX}/share/nikto/ && ${CHMOD} 755 ${PREFIX}/share/nikto/ X @for i in `ls ${WRKSRC}/plugins/` ; \ X do \ X ${INSTALL_SCRIPT} ${WRKSRC}/plugins/$$i ${PREFIX}/share/nikto; \ X done X X.include <bsd.port.mk> END-of-nikto/Makefile echo x - nikto/distinfo sed 's/^X//' >nikto/distinfo << 'END-of-nikto/distinfo' XMD5 (nikto-1.20.tar.gz) = ccba1fa18fe4f276f7f5e1c5e5333b02 END-of-nikto/distinfo echo x - nikto/pkg-comment sed 's/^X//' >nikto/pkg-comment << 'END-of-nikto/pkg-comment' XWeb and CGI vulnerability scanner with SSL support END-of-nikto/pkg-comment echo c - nikto/files mkdir -p nikto/files > /dev/null 2>&1 echo x - nikto/files/patch-bb sed 's/^X//' >nikto/files/patch-bb << 'END-of-nikto/files/patch-bb' X--- config.txt.old Mon Sep 23 23:25:00 2002 X+++ config.txt Mon Sep 23 23:25:25 2002 X@@ -21,7 +21,7 @@ X DEFAULTHTTPVER=1.1 X X # if Nikto is having difficulty finding 'plugins', set the full path here X-#PLUGINDIR=/usr/local/nikto/plugins X+PLUGINDIR=/usr/local/share/nikto/ X X # add directories/files which are ONLY used during mutate scans X # each directory will be checked with each file (1200+ tries?), and each file END-of-nikto/files/patch-bb echo x - nikto/files/patch-aa sed 's/^X//' >nikto/files/patch-aa << 'END-of-nikto/files/patch-aa' X--- nikto.pl.old Mon Sep 23 23:13:26 2002 X+++ nikto.pl Mon Sep 23 23:14:37 2002 X@@ -1,11 +1,7 @@ X #!/usr/bin/perl X use IO::Socket; X use Getopt::Long; X- X-# INSTALLED LW: X-#use LW; X-# LOCAL LW: X-require "./plugins/LW.pm"; X+use LW; X X ####################################################################### X # last update: 08.11.2002 X@@ -262,7 +258,7 @@ X $CLIOPTS .= "\t$i\t$NIKTO{mutate_opts}{$i}\n"; } X X ### CONFIG FILE STUFF X- my $configfile="config.txt"; X+ my $configfile="/usr/local/etc/nikto/config.txt"; X my $noconfig=0; X open(CONF,"<$configfile") || $noconfig++; X my @CONFILE=<CONF>; END-of-nikto/files/patch-aa echo x - nikto/pkg-plist sed 's/^X//' >nikto/pkg-plist << 'END-of-nikto/pkg-plist' Xbin/nikto Xetc/nikto/config.txt Xshare/nikto/nikto_a1_headers.plugin Xshare/nikto/nikto_mutate.plugin Xshare/nikto/nikto_a2_robots.plugin Xshare/nikto/nikto_outdated.plugin Xshare/nikto/nikto_apacheusers.plugin Xshare/nikto/nikto_passfiles.plugin Xshare/nikto/nikto_frontpage.plugin Xshare/nikto/nikto_google.plugin Xshare/nikto/nikto_httpoptions.plugin Xshare/nikto/nikto_msgs.plugin Xshare/nikto/server_msgs.db Xshare/nikto/outdated.db Xshare/nikto/scan_database.db Xshare/nikto/LW.pm X@dirrm share/nikto X@dirrm etc/nikto END-of-nikto/pkg-plist echo x - nikto/pkg-descr sed 's/^X//' >nikto/pkg-descr << 'END-of-nikto/pkg-descr' XNikto is designed to examine web servers and look for items in multiple Xcategories: X X- misconfigurations X- default files and scripts X- insecure files and scripts X- outdated software X XIt uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functiona lity, Xand can perform checks in HTTP or HTTPS. It also supports basic port scanning X and will determine if a web server is running on any open ports. X XWWW: http://www.cirt.net/nikto/ X X- pandzilla X Xjan@atstake.com END-of-nikto/pkg-descr exit --- nikto.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020923211723.3D7EC17B37>