[Nikto-discuss] A suggestion for Nikto [shows vhost in report]
snow
snow at cyber-dolphin.net
Wed Jul 15 15:04:43 UTC 2009
Hello.
I have a suggestion for Nikto 2.03.
Please test it.
=========================================================
Show links using "vhost" on html report
=========================================================
I want the links for scanned item which using "vhost" as a hostname in
Nikto's html reports. So I tried it. I think I haven't test it completely,
but I could get some result that I wanted.
for example, here are samples using Nikto;
$ ./nikto.pl -h 172.20.60.200 -F htm -o logs/nikto-with-ip.html
$ ./nikto.pl -h www.localdomain -F htm -o logs/nikto-with-hostname.html
$ ./nikto.pl -h 172.20.60.200 -vhost virtual.localdomain -F htm \
-o logs/nikto-with-hostname.html
Then, the attachment htmls are generated by Nikto.
1) nikto-with-ip.html
2) nikto-with-hostname.html
3) nikto-with-hostname.html
Please see the source code's diff below.
1) plugin/nikto_reports.plugin
2) templates/htm_host_head.tmpl
3) tempaltes/htm_host_item.tmpl
-------------------------------------------------------------
1) plugin/nikto_reports.plugin
-------------------------------------------------------------
$ diff beta/nikto_reports.plugin original/nikto_reports.plugin
119d118
< $variables{"#TEMPL_VHOST"} = simple_enc($CLI{vhost});
142,149d140
< if ($CLI{vhost} ne "")
< {
< $variables{"#TEMPL_LINK_VHOST"} = "$protocol://$variables{\"#TEMPL_VHOST\"}:$CURRENT_PORT/";
< } else
< {
< $variables{"#TEMPL_LINK_VHOST"} = "N/A";
< }
<
199,207d189
< if ($variables{"#TEMPL_VHOST"} ne "")
< {
< $variables{"#TEMPL_ITEM_VHOST_LINK"} = "$protocol://$variables{\"#TEMPL_VHOST\"}:$CURRENT_PORT$variables{\"#TEMPL_URI\"}";
< }
< else
< {
< $variables{"#TEMPL_ITEM_VHOST_LINK"} = "";
< }
<
-------------------------------------------------------------
2) templates/htm_host_head.tmpl
-------------------------------------------------------------
$ diff beta/htm_host_head.tmpl original/htm_host_head.tmpl
12,15d11
< <tr>
< <td class="column-head"><b>Target vhost</b></td>
< <td>#TEMPL_VHOST</td>
< </tr>
49,54d44
< <td class="column-head"><b>Site Link (VHOST)</b></td>
< <td>
< <a href="#TEMPL_LINK_VHOST">#TEMPL_LINK_VHOST</a>
< </td>
< </tr>
< <tr>
-------------------------------------------------------------
3) tempaltes/htm_host_item.tmpl
-------------------------------------------------------------
$ diff beta/htm_host_item.tmpl original/htm_host_item.tmpl
18,19c18
< <a href="#TEMPL_ITEM_IP_LINK">#TEMPL_ITEM_IP_LINK</a><br>
< <a href="#TEMPL_ITEM_VHOST_LINK">#TEMPL_ITEM_VHOST_LINK</a>
---
> <a href="#TEMPL_ITEM_IP_LINK">#TEMPL_ITEM_IP_LINK</a>
Now, we can access the web server with "vhost" as a servername, just only
click the link in Nikto's report.
Thank you.
―――――― このメールにはファイルが添付されています ――――――
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nikto-with-ip.html
Type: application/octet-stream
Size: 5519 bytes
Desc: not available
Url : http://attrition.org/pipermail/nikto-discuss/attachments/20090715/387f9270/attachment-0003.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nikto-with-ip-and-vhost.html
Type: application/octet-stream
Size: 5773 bytes
Desc: not available
Url : http://attrition.org/pipermail/nikto-discuss/attachments/20090715/387f9270/attachment-0004.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nikto-with-hostname.html
Type: application/octet-stream
Size: 5527 bytes
Desc: not available
Url : http://attrition.org/pipermail/nikto-discuss/attachments/20090715/387f9270/attachment-0005.obj
More information about the Nikto-discuss
mailing list