debian/0000755000000000000000000000000011606067202007166 5ustar debian/nikto.doc-base0000644000000000000000000000041011606067202011704 0ustar Document: nikto Title: Nikto manual Author: CIRT, Inc. Abstract: This document describes how to use Nikto, a web server scanner. Section: Network/Monitoring Format: html Files: /usr/share/doc/nikto/nikto_manual.html Index: /usr/share/doc/nikto/nikto_manual.html debian/source/0000755000000000000000000000000011606067202010466 5ustar debian/source/format0000644000000000000000000000001411606067202011674 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000011606067202010615 5ustar debian/patches/01path.patch0000644000000000000000000000322411606067202012734 0ustar Fix paths to be compatible with Debian installation --- nikto/nikto.pl~ 2008-01-10 20:21:59.000000000 +0100 +++ nikto/nikto.pl 2008-03-23 16:06:17.000000000 +0100 @@ -6,7 +6,7 @@ use Getopt::Long; Getopt::Long::Configure('no_ignore_case'); -# use LW2; ### Change this line to use a different installed version +use LW2; ############################################################################### # Nikto # @@ -48,7 +48,7 @@ $VARIABLES{'DIV'} = "-" x 75; $VARIABLES{'name'} = "Nikto"; $VARIABLES{'version'} = "2.1.4"; -$VARIABLES{'configfile'} = "/etc/nikto.conf"; ### Change if it's having trouble finding it +$VARIABLES{'configfile'} = "/etc/nikto/config.txt"; # signal trap so we can close down reports properly $SIG{'INT'} = \&safe_quit; @@ -85,7 +85,6 @@ require "$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin"; nprint("T:" . localtime($COUNTERS{'scan_start'}) . ": Starting", "d"); require "$CONFIGFILE{'PLUGINDIR'}/nikto_single.plugin"; -require "$CONFIGFILE{'PLUGINDIR'}/LW2.pm"; my ($a, $b) = split(/\./, $LW2::VERSION); die("- You must use LW2 2.4 or later\n") if ($a != 2 || $b < 4); --- nikto/nikto.conf~ 2008-01-09 06:26:30.000000000 +0100 +++ nikto/nikto.conf 2008-03-24 08:39:17.000000000 +0100 @@ -23,10 +23,10 @@ #SKIPIDS= # if Nikto is having difficulty finding the 'plugins', set the full install path here -# EXECDIR=/usr/local/nikto +EXECDIR=/var/lib/nikto # The DTD -NIKTODTD=docs/nikto.dtd +NIKTODTD=/usr/share/doc/nikto/nikto.dtd # the default HTTP version to try... can/will be changed as necessary DEFAULTHTTPVER=1.0 debian/patches/02_fix_libwhisker_anti_ids.patch0000644000000000000000000000421111606067202017020 0ustar Fix paths to be compatible with Debian installation nikto.pl | 2 +- plugins/nikto_single.plugin | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nikto.pl b/nikto.pl index 55e8daf..2281675 100755 --- a/nikto.pl +++ b/nikto.pl @@ -99,7 +99,7 @@ LW2::http_init_request(\%request); $request{'whisker'}->{'ssl_save_info'} = 1; $request{'whisker'}->{'lowercase_incoming_headers'} = 1; $request{'whisker'}->{'timeout'} = $CLI{'timeout'} || 10; -if (defined $CLI{'evasion'}) { $request{'whisker'}->{'encode_anti_ids'} = $CLI{'evasion'}; } +if (defined $CLI{'evasion'}) { $request{'whisker'}->{'anti_ids'} = $CLI{'evasion'}; } $request{'User-Agent'} = $VARIABLES{'useragent'}; $request{'whisker'}->{'retry'} = 0; if ($CLI{'useproxy'} && ($CONFIGFILE{PROXYPORT} ne '') && ($CONFIGFILE{PROXYHOST} ne '')) { diff --git a/plugins/nikto_single.plugin b/plugins/nikto_single.plugin index 6ab7e40..ed5905e 100644 --- a/plugins/nikto_single.plugin +++ b/plugins/nikto_single.plugin @@ -101,8 +101,8 @@ sub single || $request{'whisker'}{$key}; } - $request{'whisker'}->{'encode_anti_ids'} = ask("Enable Encoding (0)"); - if ($request{'whisker'}->{'encode_anti_ids'} eq 1) { + $request{'whisker'}->{'anti_ids'} = ask("Enable Encoding (0)"); + if ($request{'whisker'}->{'anti_ids'} eq 1) { print " \t1 Random URI encoding (non-UTF8) \t2 Directory self-reference (/./) @@ -113,13 +113,13 @@ sub single \t7 Random case sensitivity \t8 Use Windows directory separator (\\)\n"; - $request{'whisker'}{'encode_anti_ids'} = ask("Encoding Methods"); - if ($request{'whisker'}{'encode_anti_ids'} eq "") { - delete($request{'whisker'}->{'encode_anti_ids'}); - } + $request{'whisker'}{'anti_ids'} = ask("Anti-IDS Methods"); + if ($request{'whisker'}{'anti_ids'} eq "") { + delete($request{'whisker'}->{'anti_ids'}); + } } else { - delete($request{'whisker'}->{'encode_anti_ids'}); + delete($request{'whisker'}->{'anti_ids'}); } print "-" x $width, " Done with questions\n"; debian/patches/series0000644000000000000000000000005611606067202012033 0ustar 01path.patch 02_fix_libwhisker_anti_ids.patch debian/copyright0000644000000000000000000000263211606067202011124 0ustar This package was debianized by Thomas Seyrat on Mon, 22 Apr 2002 16:19:45 +0200. This package was downloaded from Files: * Copyright: © 2001, 2002 Chris Sullo License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License only. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Files: debian/* Copyright: © 2002 Thomas Seyrat © 2008 Vincent Bernat License: GPL-2+ Files: plugins/db_* Copyright: © 2007 CIRT, Inc. License: other The license is non-free. This file may only be distributed and used with the full Nikto package. This file may not be used with any software product without written permission from CIRT, Inc. (c) 2007 CIRT, Inc., All Rights Reserved. By sending any database updates to CIRT, Inc., it is assumed that you grant CIRT, Inc., the unlimited, non-exclusive right to reuse, modify and relicense the changes. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL`. debian/rules0000755000000000000000000000054311606067202010250 0ustar #!/usr/bin/make -f %: dh $@ override_dh_install: dh_install install -D -m 644 nikto.conf debian/nikto/etc/nikto/config.txt install -D -m 755 nikto.pl debian/nikto/usr/bin/nikto -rm -f debian/nikto/var/lib/nikto/plugins/LW2.pm override_dh_installchangelogs: dh_installchangelogs docs/CHANGES.txt override_dh_installman: dh_installman docs/nikto.1 debian/nikto.docs0000644000000000000000000000004611606067202011164 0ustar docs/nikto_manual.html docs/nikto.dtd debian/compat0000644000000000000000000000000211606067202010364 0ustar 5 debian/nikto.dirs0000644000000000000000000000014611606067202011176 0ustar usr/bin var/lib/nikto/plugins var/lib/nikto/templates var/lib/nikto/docs etc/nikto usr/share/man/man1 debian/nikto.install0000644000000000000000000000015311606067202011701 0ustar plugins/* var/lib/nikto/plugins/ templates/* var/lib/nikto/templates/ docs/CHANGES.txt var/lib/nikto/docs/ debian/watch0000644000000000000000000000006711606067202010222 0ustar version=3 http://cirt.net/nikto/nikto-([\d\.]+).tar.gz debian/changelog0000644000000000000000000001726411606067202011052 0ustar nikto (1:2.1.4-2) unstable; urgency=low * Move CHANGES.txt to /var/lib/nikto/docs to allow updates. Closes: #632864 -- Vincent Bernat Sat, 09 Jul 2011 17:06:23 +0200 nikto (1:2.1.4-1) unstable; urgency=low * New upstream version. Update patches. * Bump Standards-Version to 3.9.2. No changes required. * Use debhelper 7 and a minimal debian/rules. -- Vincent Bernat Sat, 23 Apr 2011 16:17:27 +0200 nikto (1:2.1.1-1) unstable; urgency=low * New upstream version. * Switch to 3.0 quilt format (and from dpatch to quilt). * Bump Standards-Version to 3.8.4. No changes required. * Depends on libwhisker (>= 2.5) * Install manual page from upstream. * Ship DTD. * Ship templates. -- Vincent Bernat Mon, 08 Feb 2010 23:02:55 +0100 nikto (2.03-2) unstable; urgency=low * Fix anti-ids feature, thanks to a patch from Olivier Tétard. Closes: #551003. * Bump Standards-Version to 3.8.3. No change required. * Register manual in doc-base. -- Vincent Bernat Thu, 15 Oct 2009 18:00:56 +0200 nikto (2.03-1) unstable; urgency=low * New Upstream Version * Update to Standards-Version 3.8. No changes required. * Add Vcs-* fields to debian/control * Convert debian/copyright to machine readable format -- Vincent Bernat Sat, 13 Sep 2008 18:56:28 +0200 nikto (2.02-1) unstable; urgency=low * New upstream release (Closes: #410495, #474602) + Depends on libwhisker2-perl + Relicensed to GPLv2 only * Nikto is non-free, debian/copyright have been updated accordingly * Adopt the package (Closes: #434392) * In debian/control: + Add Homepage field + Bump Standards-Version + Move debhelper to Build-Depends because it is needed in the clean target + Depend on debhelper 5 (and bumps debian/compat) * Use dpatch instead of diff.gz for changes to config.txt and nikto.pl * Use of dh_installman to install the manual page and write a new simpler one pointing to the documentation in /usr/share/doc. This fixes the typo that was present in the old manual page (Closes: #383050) * Don't ship nikto.pl (as asked by section 10.4 of Policy Manual) * Add debian/watch file * Move plugins in /var/lib/nikto since they can be updated and provide a symlink for /usr/share/nikto. -- Vincent Bernat Mon, 24 Mar 2008 08:42:20 +0100 nikto (1.35-2) unstable; urgency=low * Acknowledging NMU. * Orphaning package and changing maintainer accordingly. -- Thomas Seyrat Mon, 23 Jul 2007 16:55:21 +0200 nikto (1.35-1.1) unstable; urgency=medium * Non-maintainer upload. * When writing HTML output, be sure to sanitize the server string received from the server to avoid XSS. (The upstream “fix” is really insufficient, as it only prints a warning.) (Really closes: #327339) -- Steinar H. Gunderson Tue, 12 Sep 2006 00:11:45 +0200 nikto (1.35-1) unstable; urgency=low * New upstream release (closes: #327339) * Bumped Standards-Version to 3.6.2 * Updated upstream URL * Moved upstream CHANGES.txt to /usr/share/nikto/plugins so it can be updated by nikto -update, and link it from /usr/share/doc/nikto/ * Updated plugins and databases as of 20050928. -- Thomas Seyrat Wed, 28 Sep 2005 10:37:14 +0200 nikto (1.34-1) unstable; urgency=low * New upstream release (closes: #302728) - Updated plugins and databases as of 20050417. * Fixed manpage bug (closes: #302770) -- Thomas Seyrat Sun, 17 Apr 2005 13:49:01 +0200 nikto (1.32-1) unstable; urgency=low * New upstream release (closes: #238352) - Updated plugins and databases as of 20040423. * Suggests: nmap -- Thomas Seyrat Fri, 23 Apr 2004 11:24:44 +0200 nikto (1.30-3) unstable; urgency=low * Updated plugins and databases as of 20030910. * Bumped Standards-Version to 3.6.1 -- Thomas Seyrat Wed, 10 Sep 2003 23:58:21 +0200 nikto (1.30-2) unstable; urgency=low * Added some sort of a manpage generated from nikto_usage.txt using txt2man. It's buggy, but better than nothing. (closes: #165707) * Added a short usage information line when only "nikto" is invoked in order to "convey rapidly all the needed information for a first test run of the program." (closes: #169087) * Somewhat updated plugins and databases. * Lower-cased first letter of short description. -- Thomas Seyrat Fri, 6 Jun 2003 18:17:10 +0200 nikto (1.30-1) unstable; urgency=low * New upstream release * Bumped Standards-Version to 3.5.10 -- Thomas Seyrat Tue, 3 Jun 2003 12:35:26 +0200 nikto (1.23-3) unstable; urgency=low * plugins_order.txt file was not included. (thanks Javier Fernandez-Sanguino Peña) (closes: #178082) * Patched nikto.pl to die if the plugins_order file is not present. * Don't link missing man pages to undocumented(7) anymore. -- Thomas Seyrat Fri, 7 Feb 2003 15:03:05 +0100 nikto (1.23-2) unstable; urgency=low * 1.23-1 simply did not work. Thanks Steffen Roecker. (closes: #176039) -- Thomas Seyrat Fri, 10 Jan 2003 08:46:25 +0100 nikto (1.23-1) unstable; urgency=low * New upstream version - Added Javier Fernandez-Sanguino Peña's Apache user enumeration plugin (closes: #155755) - Updated checks database (closes: #162178) * Bumped Standards-Version to 3.5.8 -- Thomas Seyrat Tue, 7 Jan 2003 11:05:02 +0100 nikto (1.21-3) unstable; urgency=low * Updated plugins and databases as of 20021016. * Bumped Standards-Version to 3.5.7 -- Thomas Seyrat Wed, 16 Oct 2002 10:54:10 +0200 nikto (1.21-2) unstable; urgency=low * Added plugin and patch from Javier Fernandez-Sanguino Peña to bruteforce ~user directories. (closes: #155755) -- Thomas Seyrat Tue, 24 Sep 2002 16:06:39 +0200 nikto (1.21-1) unstable; urgency=low * New upstream version * nikto.pl is now the main program, and nikto is a link to it to keep compatibility with upstream. (closes: #159502) -- Thomas Seyrat Wed, 4 Sep 2002 14:54:12 +0200 nikto (1.20-2) unstable; urgency=low * Applied patch from Javier Fernandez-Sanguino Peña : (closes: #156544) - Default config specifies a proxy server - Fixed patch from #155758 -- Thomas Seyrat Tue, 13 Aug 2002 15:47:40 +0200 nikto (1.20-1) unstable; urgency=low * New upstream release -- Thomas Seyrat Mon, 12 Aug 2002 02:35:34 +0200 nikto (1.10-3) unstable; urgency=low * Applied fixes from Javier Fernandez-Sanguino Peña : - Wrong option shown in usage (closes: #155756) - Port test would not work when using proxy (closes: #155758) * Updated plugins and databases as of 20020811. -- Thomas Seyrat Sun, 11 Aug 2002 16:36:12 +0200 nikto (1.10-2) unstable; urgency=low * Updated plugins and databases as of 20020630. -- Thomas Seyrat Sun, 30 Jun 2002 14:12:39 +0200 nikto (1.10-1) unstable; urgency=low * New upstream release * Plugins and databases as of 20020603. -- Thomas Seyrat Mon, 3 Jun 2002 15:58:33 +0200 nikto (1.1beta3-1) unstable; urgency=low * New upstream release. * Downgraded priority from 'optional' to 'extra'. * Fixed type in debian/control. -- Thomas Seyrat Wed, 24 Apr 2002 10:01:41 +0200 nikto (1.1beta2-1) unstable; urgency=low * Initial Release. (closes: #131256) -- Thomas Seyrat Mon, 22 Apr 2002 16:43:28 +0200 debian/control0000644000000000000000000000165711606067202010602 0ustar Source: nikto Section: non-free/net Priority: extra Maintainer: Vincent Bernat Build-Depends: debhelper (>= 7.0.50~) Standards-Version: 3.9.2 Homepage: http://cirt.net/nikto2 Vcs-Browser: http://git.debian.org/?p=collab-maint/nikto.git Vcs-Git: git://git.debian.org/git/collab-maint/nikto.git Package: nikto Architecture: all Depends: ${perl:Depends}, libwhisker2-perl (>= 2.5), libnet-ssleay-perl, ${misc:Depends} Suggests: nmap Description: web server security scanner Nikto is a pluggable web server and CGI scanner written in Perl, using rfp's LibWhisker to perform fast security or informational checks. . Features: - Easily updatable CSV-format checks database - Output reports in plain text or HTML - Available HTTP versions automatic switching - Generic as well as specific server software checks - SSL support (through libnet-ssleay-perl) - Proxy support (with authentication) - Cookies support debian/nikto.links0000644000000000000000000000014011606067202011347 0ustar var/lib/nikto/plugins/CHANGES.txt usr/share/doc/nikto/CHANGES.txt var/lib/nikto usr/share/nikto