From maddaemon at gmail.com Tue Jan 13 21:34:37 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Tue, 13 Jan 2009 16:34:37 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver Message-ID: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> All, I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and attempted to scan a host and got the following: MadDaemon at darkhorse [~]$ sudo nikto -host tracker.mydomain.tld -ssl -port 443 - Nikto v2.03/2.04 --------------------------------------------------------------------------- + No web server found on 10.0.10.25:443 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -host tracker.mydomain.tld -ssl -port 443 --------------------------------------------------------------------------- Knowing there *IS* a webserver running on that box, I verified the ports were indeed open and listening: MadDaemon at darkhorse [~]$ sudo nmap -v -P0 -PN -R -p80,443 tracker Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-13 16:20 EST Initiating ARP Ping Scan at 16:20 Scanning 10.0.10.25 [1 port] Completed ARP Ping Scan at 16:20, 0.21s elapsed (1 total hosts) Initiating SYN Stealth Scan at 16:20 Scanning tracker.mydomain.tld (10.0.10.25) [2 ports] Discovered open port 80/tcp on 10.0.10.25 Discovered open port 443/tcp on 10.0.10.25 Completed SYN Stealth Scan at 16:20, 1.14s elapsed (2 total ports) Host tracker.mydomain.tld (10.0.10.25) appears to be up ... good. Interesting ports on tracker.mydomain.tld (10.0.10.25): PORT STATE SERVICE 80/tcp open http 443/tcp open https So, I tried it again without using the SSL option and got the same exact thing: root at darkhorse [~]# nikto -host tracker.mydomain.tld - Nikto v2.03/2.04 --------------------------------------------------------------------------- + No web server found on 10.0.10.25:80 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -host tracker.mydomain.tld --------------------------------------------------------------------------- Feeling frustrated, I then verified that Apache was actually running on that box: MadDaemon at darkhorse [~]$ ssh tracker [Tracker] *** NOTICE *** THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY! UNAUTHORIZED ACCESS IS PROHIBITED. THIS SYSTEM AND EQUIPMENT ARE SUBJECT TO MONITORING TO ENSURE PROPER FUNCTIONING, TO PROTECT AGAINST IMPROPER OR UNAUTHORIZED USE OR ACCESS, AND TO VERIFY THE PRESENCE OR PERFORMANCE OF APPLICABLE SECURITY FEATURES OR PROCEDURES, AND FOR OTHER LIKE PURPOSES. SUCH MONITORING MAY RESULT IN THE ACQUISITION, RECORDING, AND ANALYSIS OF ALL DATA BEING COMMUNICATED, TRANSMITTED, PROCESSED OR STORED IN THIS SYSTEM BY A USER. IF MONITORING REVEALS EVIDENCE OF POSSIBLE CRIMINAL ACTIVITY, SUCH EVIDENCE MAY BE PROVIDED TO LAW ENFORCEMENT PERSONNEL. USE OF THIS SYSTEM CONSTITUTES CONSENT TO SUCH MONITORING. Last login: Fri Jan 9 16:55:22 2009 from artemis MadDaemon at tracker [~]$ sudo ps wax | grep http 20220 ?? Ss 0:07.43 /usr/local/sbin/httpd -DSSL 20279 ?? I 0:00.09 /usr/local/sbin/httpd -DSSL 20311 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL 20518 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL 20606 ?? I 0:00.01 /usr/local/sbin/httpd -DSSL 20742 ?? I 0:00.12 /usr/local/sbin/httpd -DSSL 20832 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL 99321 p0 S+ 0:00.00 grep http MadDaemon at tracker [~]$ Any idea why Nikto isn't finding the webserver ports being open? This is driving me up a wall... Thanks, ~MD From dave at cirt.net Wed Jan 14 00:27:45 2009 From: dave at cirt.net (David Lodge) Date: Wed, 14 Jan 2009 00:27:45 -0000 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> Message-ID: > I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and > attempted to scan a host and got the following: > + No web server found on 10.0.10.25:443 Nikto makes some guesses as to what the web server is (or if there is one). If checks (by default) both HEAD and GET methods both with SSL and without. But sometimes it may get it wrong! You're using nikto 2.03, which has slightly tuned detection in (which is good). I can't really make a guess without the output. Try running a nikto.pl -host -D d and sending on the stuff around the http detection (it should be the first connections). The resulting output is massive, so you may want to redirect to a file and then send it on. Thanks dave From maddaemon at gmail.com Wed Jan 14 21:24:54 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Wed, 14 Jan 2009 16:24:54 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> Message-ID: <6c1774c50901141324n61f4974ck2b6b792b53f56449@mail.gmail.com> On Tue, Jan 13, 2009 at 7:27 PM, David Lodge wrote: >> I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and >> attempted to scan a host and got the following: >> + No web server found on 10.0.10.25:443 > > Nikto makes some guesses as to what the web server is (or if there is one). > If checks (by default) both HEAD and GET methods both with SSL and without. > > But sometimes it may get it wrong! You're using nikto 2.03, which has > slightly tuned detection in (which is good). I can't really make a guess > without the output. > > Try running a nikto.pl -host -D d and sending on the stuff around the > http detection (it should be the first connections). The resulting output is > massive, so you may want to redirect to a file and then send it on. > > Thanks > > dave > No need to redirect... MadDaemon at darkhorse [~]$ nikto -h 10.0.10.25 -D d - Nikto v2.03/2.04 --------------------------------------------------------------------------- D:Wed Jan 14 16:12:26 2009 - Target id:1:ident:10.0.10.25:ports_in:80:vhost:=: D:Wed Jan 14 16:12:26 2009 - Target id:1:ident:10.0.10.25:ports_in:80: + No web server found on 172.20.10.25:80 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -h 172.20.10.25 -D d --------------------------------------------------------------------------- D:Wed Jan 14 16:12:26 2009 T:Wed Jan 14 16:12:26 2009: Ending Also tried port 443 with the same results (I also used the FQDN): MadDaemon at darkhorse [~]$ nikto -h tracker.mydomain.tld -ssl -port 443 -D d - Nikto v2.03/2.04 --------------------------------------------------------------------------- D:Wed Jan 14 16:22:55 2009 - Target id:1:ident:tracker.mydomain.tld:ports_in:443:vhost:=: D:Wed Jan 14 16:22:55 2009 - Target id:1:ident:tracker.mydomain.tld:ports_in:443: + No web server found on 172.20.10.25:443 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -h tracker.mydomain.tld -ssl -port 443 -D d --------------------------------------------------------------------------- D:Wed Jan 14 16:22:55 2009 T:Wed Jan 14 16:22:55 2009: Ending From maddaemon at gmail.com Wed Jan 14 21:25:46 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Wed, 14 Jan 2009 16:25:46 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> Message-ID: <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> Sorry, forgot to include the list in my reply: On Wed, Jan 14, 2009 at 4:21 PM, maddaemon at gmail.com wrote: > On Tue, Jan 13, 2009 at 5:32 PM, security curmudgeon > wrote: >> >> $ telnet host 80 >> GET / HTTP/1.0 >> >> what does the header show? >> >> On Tue, 13 Jan 2009, maddaemon at gmail.com wrote: >> >> : All, >> : >> : I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and >> : attempted to scan a host and got the following: >> : >> : MadDaemon at darkhorse [~]$ sudo nikto -host tracker.mydomain.tld -ssl -port 443 >> : - Nikto v2.03/2.04 >> : --------------------------------------------------------------------------- >> : + No web server found on 10.0.10.25:443 >> : --------------------------------------------------------------------------- >> : + 1 host(s) tested >> : >> : Test Options: -host tracker.mydomain.tld -ssl -port 443 >> : --------------------------------------------------------------------------- >> : >> : Knowing there *IS* a webserver running on that box, I verified the >> : ports were indeed open and listening: >> : >> : MadDaemon at darkhorse [~]$ sudo nmap -v -P0 -PN -R -p80,443 tracker >> : >> : Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-13 16:20 EST >> : Initiating ARP Ping Scan at 16:20 >> : Scanning 10.0.10.25 [1 port] >> : Completed ARP Ping Scan at 16:20, 0.21s elapsed (1 total hosts) >> : Initiating SYN Stealth Scan at 16:20 >> : Scanning tracker.mydomain.tld (10.0.10.25) [2 ports] >> : Discovered open port 80/tcp on 10.0.10.25 >> : Discovered open port 443/tcp on 10.0.10.25 >> : Completed SYN Stealth Scan at 16:20, 1.14s elapsed (2 total ports) >> : Host tracker.mydomain.tld (10.0.10.25) appears to be up ... good. >> : Interesting ports on tracker.mydomain.tld (10.0.10.25): >> : PORT STATE SERVICE >> : 80/tcp open http >> : 443/tcp open https >> : >> : So, I tried it again without using the SSL option and got the same exact thing: >> : >> : root at darkhorse [~]# nikto -host tracker.mydomain.tld >> : - Nikto v2.03/2.04 >> : --------------------------------------------------------------------------- >> : + No web server found on 10.0.10.25:80 >> : --------------------------------------------------------------------------- >> : + 1 host(s) tested >> : >> : Test Options: -host tracker.mydomain.tld >> : --------------------------------------------------------------------------- >> : >> : Feeling frustrated, I then verified that Apache was actually running >> : on that box: >> : >> : MadDaemon at darkhorse [~]$ ssh tracker >> : [Tracker] >> : >> : *** NOTICE *** >> : >> : THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY! >> : >> : UNAUTHORIZED ACCESS IS PROHIBITED. >> : >> : THIS SYSTEM AND EQUIPMENT ARE SUBJECT TO MONITORING TO ENSURE PROPER >> : FUNCTIONING, TO PROTECT AGAINST IMPROPER OR UNAUTHORIZED USE OR ACCESS, >> : AND TO VERIFY THE PRESENCE OR PERFORMANCE OF APPLICABLE SECURITY >> : FEATURES OR PROCEDURES, AND FOR OTHER LIKE PURPOSES. SUCH MONITORING >> : MAY RESULT IN THE ACQUISITION, RECORDING, AND ANALYSIS OF ALL DATA >> : BEING COMMUNICATED, TRANSMITTED, PROCESSED OR STORED IN THIS SYSTEM BY >> : A USER. IF MONITORING REVEALS EVIDENCE OF POSSIBLE CRIMINAL ACTIVITY, >> : SUCH EVIDENCE MAY BE PROVIDED TO LAW ENFORCEMENT PERSONNEL. >> : >> : USE OF THIS SYSTEM CONSTITUTES CONSENT TO SUCH MONITORING. >> : >> : >> : Last login: Fri Jan 9 16:55:22 2009 from artemis >> : >> : MadDaemon at tracker [~]$ sudo ps wax | grep http >> : 20220 ?? Ss 0:07.43 /usr/local/sbin/httpd -DSSL >> : 20279 ?? I 0:00.09 /usr/local/sbin/httpd -DSSL >> : 20311 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL >> : 20518 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL >> : 20606 ?? I 0:00.01 /usr/local/sbin/httpd -DSSL >> : 20742 ?? I 0:00.12 /usr/local/sbin/httpd -DSSL >> : 20832 ?? I 0:00.00 /usr/local/sbin/httpd -DSSL >> : 99321 p0 S+ 0:00.00 grep http >> : MadDaemon at tracker [~]$ >> : >> : Any idea why Nikto isn't finding the webserver ports being open? This >> : is driving me up a wall... >> : >> : Thanks, >> : ~MD > > Headers show the following (using both 80 & 443) > > HTTP/1.1 301 Moved Permanently > Date: Wed, 14 Jan 2009 21:16:02 GMT > Server: Apache > Location: https://tracker.mydomain.tld > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > > HTTP/1.1 400 Bad Request > Date: Wed, 14 Jan 2009 21:17:14 GMT > Server: Apache > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > I forgot to mention that 80 is a perm redirect to 443. My bad.. > From dave at cirt.net Thu Jan 15 09:43:33 2009 From: dave at cirt.net (David Lodge) Date: Thu, 15 Jan 2009 09:43:33 -0000 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> Message-ID: On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com wrote: [results from a direct connection] >> Headers show the following (using both 80 & 443) >> >> HTTP/1.1 301 Moved Permanently >> Date: Wed, 14 Jan 2009 21:16:02 GMT >> Server: Apache >> Location: https://tracker.mydomain.tld >> Connection: close >> Content-Type: text/html; charset=iso-8859-1 And that'll be the problem; the code from nikto does: if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'} =~ /speaking plain HTTP to an SSL/) Of course, the 301 doesn't return any data so it doesn't think that it's a valid port. Looks like we have a bug, but I'm not 100% certain of how to fix it; maybe we should check for error code, then check the appropriate header (e.g. in this case Location). Could you do me a favour and got to http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so that I don't lose track of what I'm doing (you don't need an assembla account to raise a ticket, though you won't be able to track it automagically if you don't). dave From maddaemon at gmail.com Thu Jan 15 14:05:15 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Thu, 15 Jan 2009 09:05:15 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> Message-ID: <6c1774c50901150605j238c5fc8y930019939f60e7fb@mail.gmail.com> On Thu, Jan 15, 2009 at 4:43 AM, David Lodge wrote: > On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com > wrote: > [results from a direct connection] >>> Headers show the following (using both 80 & 443) >>> >>> HTTP/1.1 301 Moved Permanently >>> Date: Wed, 14 Jan 2009 21:16:02 GMT >>> Server: Apache >>> Location: https://tracker.mydomain.tld >>> Connection: close >>> Content-Type: text/html; charset=iso-8859-1 > > And that'll be the problem; the code from nikto does: > if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'} > =~ /speaking plain HTTP to an SSL/) > > Of course, the 301 doesn't return any data so it doesn't think that it's a > valid port. Looks like we have a bug, but I'm not 100% certain of how to > fix it; maybe we should check for error code, then check the appropriate > header (e.g. in this case Location). > > Could you do me a favour and got to > http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so > that I don't lose track of what I'm doing (you don't need an assembla > account to raise a ticket, though you won't be able to track it > automagically if you don't). I'll do that as soon as I get to work. Should I let you know what the ticket number (if any) is? From maddaemon at gmail.com Thu Jan 15 18:23:31 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Thu, 15 Jan 2009 13:23:31 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901150605j238c5fc8y930019939f60e7fb@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901150605j238c5fc8y930019939f60e7fb@mail.gmail.com> Message-ID: <6c1774c50901151023v59c9377ehaac0b6a215f687ec@mail.gmail.com> On Thu, Jan 15, 2009 at 9:05 AM, maddaemon at gmail.com wrote: > On Thu, Jan 15, 2009 at 4:43 AM, David Lodge wrote: >> On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com >> wrote: >> [results from a direct connection] >>>> Headers show the following (using both 80 & 443) >>>> >>>> HTTP/1.1 301 Moved Permanently >>>> Date: Wed, 14 Jan 2009 21:16:02 GMT >>>> Server: Apache >>>> Location: https://tracker.mydomain.tld >>>> Connection: close >>>> Content-Type: text/html; charset=iso-8859-1 >> >> And that'll be the problem; the code from nikto does: >> if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'} >> =~ /speaking plain HTTP to an SSL/) >> >> Of course, the 301 doesn't return any data so it doesn't think that it's a >> valid port. Looks like we have a bug, but I'm not 100% certain of how to >> fix it; maybe we should check for error code, then check the appropriate >> header (e.g. in this case Location). >> >> Could you do me a favour and got to >> http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so >> that I don't lose track of what I'm doing (you don't need an assembla >> account to raise a ticket, though you won't be able to track it >> automagically if you don't). > > I'll do that as soon as I get to work. Should I let you know what the > ticket number (if any) is? > Just a quick follow-up on this, I tried doing a scan on some public sites, and I keep getting the same error: MadDaemon at darkhorse [~]# nikto -h www.microsoft.com -D d - Nikto v2.03/2.04 --------------------------------------------------------------------------- D:Thu Jan 15 12:48:25 2009 - Target id:1:ident:www.microsoft.com:ports_in:80:vhost:=: D:Thu Jan 15 12:48:25 2009 - Target id:1:ident:www.microsoft.com:ports_in:80: + No web server found on 207.46.193.254:80 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -h www.microsoft.com -D d --------------------------------------------------------------------------- D:Thu Jan 15 12:48:26 2009 T:Thu Jan 15 12:48:26 2009: Ending MadDaemon at darkhorse [~]# nikto -h www.oracle.com -D d - Nikto v2.03/2.04 --------------------------------------------------------------------------- D:Thu Jan 15 12:51:06 2009 - Target id:1:ident:www.oracle.com:ports_in:80:vhost:=: D:Thu Jan 15 12:51:06 2009 - Target id:1:ident:www.oracle.com:ports_in:80: + No web server found on 141.146.8.66:80 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -h www.oracle.com -D d --------------------------------------------------------------------------- D:Thu Jan 15 12:51:07 2009 T:Thu Jan 15 12:51:07 2009: Ending MadDaemon at darkhorse [~]# nikto -h www.freebsd.org -D d - Nikto v2.03/2.04 --------------------------------------------------------------------------- D:Thu Jan 15 12:51:59 2009 - Target id:1:ident:www.freebsd.org:ports_in:80:vhost:=: D:Thu Jan 15 12:51:59 2009 - Target id:1:ident:www.freebsd.org:ports_in:80: + No web server found on 69.147.83.33:80 --------------------------------------------------------------------------- + 1 host(s) tested Test Options: -h www.freebsd.org -D d --------------------------------------------------------------------------- D:Thu Jan 15 12:51:59 2009 T:Thu Jan 15 12:51:59 2009: Ending From maddaemon at gmail.com Thu Jan 15 18:55:07 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Thu, 15 Jan 2009 13:55:07 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> Message-ID: <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> Ticket #70 was opened. On Thu, Jan 15, 2009 at 4:43 AM, David Lodge wrote: > On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com > wrote: > [results from a direct connection] >>> Headers show the following (using both 80 & 443) >>> >>> HTTP/1.1 301 Moved Permanently >>> Date: Wed, 14 Jan 2009 21:16:02 GMT >>> Server: Apache >>> Location: https://tracker.mydomain.tld >>> Connection: close >>> Content-Type: text/html; charset=iso-8859-1 > > And that'll be the problem; the code from nikto does: > if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'} > =~ /speaking plain HTTP to an SSL/) > > Of course, the 301 doesn't return any data so it doesn't think that it's a > valid port. Looks like we have a bug, but I'm not 100% certain of how to > fix it; maybe we should check for error code, then check the appropriate > header (e.g. in this case Location). > > Could you do me a favour and got to > http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so > that I don't lose track of what I'm doing (you don't need an assembla > account to raise a ticket, though you won't be able to track it > automagically if you don't). > > dave From maddaemon at gmail.com Tue Jan 20 18:41:37 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Tue, 20 Jan 2009 13:41:37 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> Message-ID: <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> On Thu, Jan 15, 2009 at 1:55 PM, maddaemon at gmail.com wrote: > Ticket #70 was opened. > > On Thu, Jan 15, 2009 at 4:43 AM, David Lodge wrote: >> On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com >> wrote: >> [results from a direct connection] >>>> Headers show the following (using both 80 & 443) >>>> >>>> HTTP/1.1 301 Moved Permanently >>>> Date: Wed, 14 Jan 2009 21:16:02 GMT >>>> Server: Apache >>>> Location: https://tracker.mydomain.tld >>>> Connection: close >>>> Content-Type: text/html; charset=iso-8859-1 >> >> And that'll be the problem; the code from nikto does: >> if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'} >> =~ /speaking plain HTTP to an SSL/) >> >> Of course, the 301 doesn't return any data so it doesn't think that it's a >> valid port. Looks like we have a bug, but I'm not 100% certain of how to >> fix it; maybe we should check for error code, then check the appropriate >> header (e.g. in this case Location). >> >> Could you do me a favour and got to >> http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so >> that I don't lose track of what I'm doing (you don't need an assembla >> account to raise a ticket, though you won't be able to track it >> automagically if you don't). >> >> dave > I tried to update the ticket, but I can't seem to find a way to do that. The CHECKMETHODS=HEAD GET wasn't in the nikto.conf, so I added it and launched a scan. It now appears that Nikto automatically detects the redirect to SSL, and tests both port 80 as well as 443: --------------------------------------------------------------------------- + Target IP: 10.0.10.25 + Target Hostname: tracker.mydomain.tld + Target Port: 80 + Start Time: 2009-01-21 13:32:04 --------------------------------------------------------------------------- + Server: Apache - Root page / redirects to: https://tracker.mydomain.tld - Allowed HTTP Methods: GET, HEAD, OPTIONS ... + End Time: 2009-01-21 13:32:35 (31 seconds) --------------------------------------------------------------------------- + 1 host(s) tested --------------------------------------------------------------------------- + Target IP: 10.0.10.25 + Target Hostname: tracker.mydomain.tld + Target Port: 443 --------------------------------------------------------------------------- + SSL Info: Ciphers: Unknown Info: Unknown Subject: Unknown + Start Time: 2009-01-21 13:32:36 It still isn't able to get the ciphers list, but that's another issue entirely. Thanks, ~MD From dave at cirt.net Wed Jan 21 17:49:44 2009 From: dave at cirt.net (David Lodge) Date: Wed, 21 Jan 2009 17:49:44 -0000 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> Message-ID: On Tue, 20 Jan 2009 18:41:37 -0000, maddaemon at gmail.com wrote: > I tried to update the ticket, but I can't seem to find a way to do that. You need an assembla account to update tickets, as an anonymous user you can only create them... > The CHECKMETHODS=HEAD GET wasn't in the nikto.conf, so I added it and > launched a scan. It now appears that Nikto automatically detects the > redirect to SSL, and tests both port 80 as well as 443: Thought that was so; so I'm going to change the bug to mention that CHECKMETHODS should have a default set (probably to nikto 2.02 - which is HEAD). This is a lesson for me: don't change the config file without providing warnings or a default. > + SSL Info: Ciphers: Unknown > Info: Unknown > Subject: Unknown > It still isn't able to get the ciphers list, but that's another issue > entirely. Okay; that's interesting, I can have a look at that, but I'll need the results of a "-D d" to do that. Thanks dave From dave at cirt.net Wed Jan 21 23:14:13 2009 From: dave at cirt.net (David Lodge) Date: Wed, 21 Jan 2009 23:14:13 -0000 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> Message-ID: On Tue, 20 Jan 2009 18:41:37 -0000, maddaemon at gmail.com wrote: > > I tried to update the ticket, but I can't seem to find a way to do that. > > The CHECKMETHODS=HEAD GET wasn't in the nikto.conf, so I added it and > launched a scan. It now appears that Nikto automatically detects the > redirect to SSL, and tests both port 80 as well as 443: The version of Nikto in development will now check for the existence of CHECKMETHODS and warn and give it Nikto 2.02's value if it doesn't exist. I'm not going to fix Nikto 2.03 (as the config file included in the package is correct); though I'll warn about it on the cirt home page. Thanks dave From maddaemon at gmail.com Tue Jan 27 21:36:25 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Tue, 27 Jan 2009 16:36:25 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> Message-ID: <6c1774c50901271336y53361688ja730ff4a3dff8e66@mail.gmail.com> On Wed, Jan 21, 2009 at 12:49 PM, David Lodge wrote: > On Tue, 20 Jan 2009 18:41:37 -0000, maddaemon at gmail.com > wrote: >> >> I tried to update the ticket, but I can't seem to find a way to do that. > > You need an assembla account to update tickets, as an anonymous user you can > only create them... Actually, I created an account prior to reporting the bug. After I'm logged in, there's nothing to let me update the ticket - just view. *shrug* >> The CHECKMETHODS=HEAD GET wasn't in the nikto.conf, so I added it and >> launched a scan. It now appears that Nikto automatically detects the >> redirect to SSL, and tests both port 80 as well as 443: > > Thought that was so; so I'm going to change the bug to mention that > CHECKMETHODS should have a default set (probably to nikto 2.02 - which is > HEAD). This is a lesson for me: don't change the config file without > providing warnings or a default. > >> + SSL Info: Ciphers: Unknown >> Info: Unknown >> Subject: Unknown >> It still isn't able to get the ciphers list, but that's another issue >> entirely. > > Okay; that's interesting, I can have a look at that, but I'll need the > results of a "-D d" to do that. I thought I posted that earlier, but if not, I'll post it again tomorrow when I run another scan. > Thanks > > dave > -- From dave at cirt.net Wed Jan 28 09:41:44 2009 From: dave at cirt.net (David Lodge) Date: Wed, 28 Jan 2009 09:41:44 -0000 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: <6c1774c50901271336y53361688ja730ff4a3dff8e66@mail.gmail.com> References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> <6c1774c50901271336y53361688ja730ff4a3dff8e66@mail.gmail.com> Message-ID: On Tue, 27 Jan 2009 21:36:25 -0000, maddaemon at gmail.com wrote: >> You need an assembla account to update tickets, as an anonymous user >> you can >> only create them... > Actually, I created an account prior to reporting the bug. After I'm > logged in, there's nothing to let me update the ticket - just view. > *shrug* I'm not an expert on the assembla system; so I've invited you to join the team - that should definately give you permissions. dave From maddaemon at gmail.com Thu Jan 29 14:09:46 2009 From: maddaemon at gmail.com (maddaemon at gmail.com) Date: Thu, 29 Jan 2009 09:09:46 -0500 Subject: [Nikto-discuss] Nikto Not Finding Webserver In-Reply-To: References: <6c1774c50901131334s3389083l7adf09d07edb7f10@mail.gmail.com> <6c1774c50901141321l54f728cas1a4f319893c3ef91@mail.gmail.com> <6c1774c50901141325x4a38e2d7t20b572b781e7b84b@mail.gmail.com> <6c1774c50901151055n85bd7abl107089ff7c1f4b42@mail.gmail.com> <6c1774c50901201041p10cd9facs448e8c388b2e6a4c@mail.gmail.com> <6c1774c50901271336y53361688ja730ff4a3dff8e66@mail.gmail.com> Message-ID: <6c1774c50901290609g558855d1u377c89363c405bf8@mail.gmail.com> On Wed, Jan 28, 2009 at 4:41 AM, David Lodge wrote: > On Tue, 27 Jan 2009 21:36:25 -0000, maddaemon at gmail.com > wrote: >>> >>> You need an assembla account to update tickets, as an anonymous user you >>> can >>> only create them... >> >> Actually, I created an account prior to reporting the bug. After I'm >> logged in, there's nothing to let me update the ticket - just view. >> *shrug* > > I'm not an expert on the assembla system; so I've invited you to join the > team - that should definately give you permissions. > > dave > Thanks. I'll check it out after I've had some coffee :)