Package: nikto
Version: 2.03-1
Severity: important
Tags: patch

Hello,

Nikto includes an option  to use libwhisker's anti-IDS techniques (via
command-line's "-evasion"  argument) which is  currently unusable. The
problem resides in the way used by nikto to activate this option.

Nikto  gives  the "encode_anti_ids"  option  to  libwhisker while  the
correct one is "anti_ids".

Here is patch (in dpatch format) which should solves the problem.

Thanks,
Olivier;

-- System Information:
Debian Release: squeeze/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nikto depends on:
ii  libnet-ssleay-perl            1.35-2     Perl module for Secure Sockets Lay
ii  libwhisker2-perl              2.4-1      Perl module geared for HTTP testin
ii  perl                          5.10.1-5   Larry Wall's Practical Extraction 

nikto recommends no packages.

Versions of packages nikto suggests:
ii  nmap                          5.00-3     The Network Mapper

-- no debconf information
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01path.dpatch by Olivier Tétard <[email protected]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix paths to be compatible with Debian installation

@DPATCH@

 nikto.pl                    |    2 +-
 plugins/nikto_single.plugin |   10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/nikto.pl b/nikto.pl
index 55e8daf..2281675 100755
--- a/nikto.pl
+++ b/nikto.pl
@@ -83,7 +83,7 @@ LW2::http_init_request(\%request);
 $request{'whisker'}->{'ssl_save_info'}              = 1;
 $request{'whisker'}->{'lowercase_incoming_headers'} = 1;
 $request{'whisker'}->{'timeout'}                    = $CLI{timeout} || 10;
-if ($CLI{evasion} ne "") { $request{'whisker'}->{'encode_anti_ids'} = $CLI{evasion}; }
+if ($CLI{evasion} ne "") { $request{'whisker'}->{'anti_ids'} = $CLI{evasion}; }
 $request{'User-Agent'} = $NIKTO{useragent};
 $request{'whisker'}->{'retry'} = 0;
 proxy_setup();
diff --git a/plugins/nikto_single.plugin b/plugins/nikto_single.plugin
index 6ab7e40..ed5905e 100644
--- a/plugins/nikto_single.plugin
+++ b/plugins/nikto_single.plugin
@@ -106,8 +106,8 @@ sub single
         $request{'whisker'}{$key} = ask("$key ($request{'whisker'}{$key})") || $request{'whisker'}{$key};
     }
 
-    $request{'whisker'}->{'encode_anti_ids'} = ask("Enable Anti-IDS (0)");
-    if ($request{'whisker'}->{'encode_anti_ids'} eq 1)
+    $request{'whisker'}->{'anti_ids'} = ask("Enable Anti-IDS (0)");
+    if ($request{'whisker'}->{'anti_ids'} eq 1)
     {
         print "
 \t1 Random URI encoding (non-UTF8)
@@ -119,11 +119,11 @@ sub single
 \t7 Random case sensitivity
 \t8 Use Windows directory separator (\\)\n";
 
-        $request{'whisker'}{'encode_anti_ids'} = ask("Anti-IDS Methods");
-        if ($request{'whisker'}{'encode_anti_ids'} eq "") { delete($request{'whisker'}->{'encode_anti_ids'}); }
+        $request{'whisker'}{'anti_ids'} = ask("Anti-IDS Methods");
+        if ($request{'whisker'}{'anti_ids'} eq "") { delete($request{'whisker'}->{'anti_ids'}); }
     } else
     {
-        delete($request{'whisker'}->{'encode_anti_ids'});
+        delete($request{'whisker'}->{'anti_ids'});
     }
 
     print "-" x $width, "  Done with questions\n";

Reply via email to