Package: nikto Version: 2.03-1 Severity: important Tags: patch Hello,
Nikto includes an option to use libwhisker's anti-IDS techniques (via command-line's "-evasion" argument) which is currently unusable. The problem resides in the way used by nikto to activate this option. Nikto gives the "encode_anti_ids" option to libwhisker while the correct one is "anti_ids". Here is patch (in dpatch format) which should solves the problem. Thanks, Olivier; -- System Information: Debian Release: squeeze/sid APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nikto depends on: ii libnet-ssleay-perl 1.35-2 Perl module for Secure Sockets Lay ii libwhisker2-perl 2.4-1 Perl module geared for HTTP testin ii perl 5.10.1-5 Larry Wall's Practical Extraction nikto recommends no packages. Versions of packages nikto suggests: ii nmap 5.00-3 The Network Mapper -- no debconf information
#! /bin/sh /usr/share/dpatch/dpatch-run ## 01path.dpatch by Olivier Tétard <[email protected]> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Fix paths to be compatible with Debian installation @DPATCH@ nikto.pl | 2 +- plugins/nikto_single.plugin | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nikto.pl b/nikto.pl index 55e8daf..2281675 100755 --- a/nikto.pl +++ b/nikto.pl @@ -83,7 +83,7 @@ LW2::http_init_request(\%request); $request{'whisker'}->{'ssl_save_info'} = 1; $request{'whisker'}->{'lowercase_incoming_headers'} = 1; $request{'whisker'}->{'timeout'} = $CLI{timeout} || 10; -if ($CLI{evasion} ne "") { $request{'whisker'}->{'encode_anti_ids'} = $CLI{evasion}; } +if ($CLI{evasion} ne "") { $request{'whisker'}->{'anti_ids'} = $CLI{evasion}; } $request{'User-Agent'} = $NIKTO{useragent}; $request{'whisker'}->{'retry'} = 0; proxy_setup(); diff --git a/plugins/nikto_single.plugin b/plugins/nikto_single.plugin index 6ab7e40..ed5905e 100644 --- a/plugins/nikto_single.plugin +++ b/plugins/nikto_single.plugin @@ -106,8 +106,8 @@ sub single $request{'whisker'}{$key} = ask("$key ($request{'whisker'}{$key})") || $request{'whisker'}{$key}; } - $request{'whisker'}->{'encode_anti_ids'} = ask("Enable Anti-IDS (0)"); - if ($request{'whisker'}->{'encode_anti_ids'} eq 1) + $request{'whisker'}->{'anti_ids'} = ask("Enable Anti-IDS (0)"); + if ($request{'whisker'}->{'anti_ids'} eq 1) { print " \t1 Random URI encoding (non-UTF8) @@ -119,11 +119,11 @@ sub single \t7 Random case sensitivity \t8 Use Windows directory separator (\\)\n"; - $request{'whisker'}{'encode_anti_ids'} = ask("Anti-IDS Methods"); - if ($request{'whisker'}{'encode_anti_ids'} eq "") { delete($request{'whisker'}->{'encode_anti_ids'}); } + $request{'whisker'}{'anti_ids'} = ask("Anti-IDS Methods"); + if ($request{'whisker'}{'anti_ids'} eq "") { delete($request{'whisker'}->{'anti_ids'}); } } else { - delete($request{'whisker'}->{'encode_anti_ids'}); + delete($request{'whisker'}->{'anti_ids'}); } print "-" x $width, " Done with questions\n";

