#VERSION,2.04 # $Id: nikto_mutate.plugin 300 2010-02-01 21:02:40Z sullo $ ############################################################################### # Copyright (C) 2004 CIRT, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 # of the License only. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ############################################################################### # PURPOSE: # Mutated file checks ############################################################################### sub nikto_mutate_init { my $id = { name => "mutate", full_name => "Mutate", author => "Sullo", description => "Performs various extra independant checks that may not be needed for each scan.", scan_method => \&nikto_mutate, scan_cond => '$CLI{mutate} =~ /1/', copyright => "2008 CIRT Inc." }; return $id; } sub nikto_mutate { my ($mark)=@_; my ($c, %DIRS, %FS) = ""; # build a hash of all the unique directories nprint("- Loading root level files", "v"); foreach my $checkid (keys %TESTS) { # split out vars. this would normally get done JIT for running the test, # but here we need to split on the varnames for proper mutating (still expanded later) if ($TESTS{$checkid}{'uri'} =~ /\@/) { foreach my $varname (keys %VARIABLES) { if ($TESTS{$checkid}{'uri'} =~ "$varname") { $DIRS{$varname} = ""; my $f=$TESTS{$checkid}{'uri'}; $f =~ s/$varname//g; $FS{$f}="" unless $f eq ""; last; } } } else { my $dir = LW2::uri_get_dir($TESTS{$checkid}{'uri'}); my $file = $TESTS{$checkid}{'uri'}; if ($dir ne "") { $DIRS{$dir} = ""; $dir =~ s/([^a-zA-Z0-9])/\\$1/g; $file =~ s/$dir//; } if (($file ne "") && ($file !~ /^\?/)) { $FS{$file} = ""; } } } foreach my $c ((split(/ /, $VARIABLES{"\@MUTATEDIRS"}))) { $DIRS{$c} = ""; } foreach my $c ((split(/ /, $VARIABLES{"\@MUTATEFILES"}))) { $FS{$c} = ""; } # add the directory/file combos to the request hashes my $new_tests = 0; my $m_test = max_test_id(); nprint("- Generating tests", "v"); foreach my $root (keys %DIRS) { foreach my $file (keys %FS) { # skip self referencing stuff if (($root !~ /[^\.\/]/) && ($file !~ /[^\.\/]/)) { next; } $mark->{'total_checks'}++; $m_test++; $new_tests++; # This is a little non-standard but much faster than mod on every test if ($OUTPUT{'verbose'} && (($new_tests % 100000) eq 0)) { nprint("-Added test ($new_tests of many):$root$file:", "d"); } $TESTS{$m_test}{'uri'} = "$root$file"; $TESTS{$m_test}{'message'} = "URL created via mutate option."; $TESTS{$m_test}{'match_1'} = 200; $TESTS{$m_test}{'match_1_and'} = ""; $TESTS{$m_test}{'match_1_or'} = ""; $TESTS{$m_test}{'fail_1'} = ""; $TESTS{$m_test}{'fail_2'} = ""; $TESTS{$m_test}{'method'} = "GET"; $TESTS{$m_test}{'data'} = ""; $TESTS{$m_test}{'headers'} = ""; $TESTS{$m_test}{'category'} = 1; $TESTS{$m_test}{'osvdb'} = 3092; $TESTS{$m_test}{'server'} = "generic"; } } nprint("- $new_tests mutate checks loaded", "v"); return; } 1;