dradis-nikto 4.3.0 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dradis/plugins/nikto/gem_version.rb +1 -1
- data/lib/dradis/plugins/nikto/importer.rb +4 -0
- data/lib/nikto/item.rb +15 -5
- data/spec/fixtures/files/{localhost.xml → sample_v2.1.4.xml} +0 -0
- data/spec/fixtures/files/sample_v2.5.0.xml +21 -0
- data/spec/{nikto_upload_spec.rb → upload_v2.1.4_spec.rb} +6 -13
- data/spec/upload_v2.5.0_spec.rb +50 -0
- data/templates/item.fields +5 -4
- data/templates/item.sample +1 -0
- data/templates/item.template +2 -2
- metadata +11 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81abf71c15931472ac651ec4dd01fc69e36ffd52196fc873d134aaf27c19b1f0
|
|
4
|
+
data.tar.gz: a4a804e20ab07bea1e818ca5ab65768952c55534b6398b5f577a890ad1c9572e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df52be70b4c064738986a7e30fad64502733365cf74cc0a2a371d3d41bdf74f41e73f94f5146db13f1852fbb56bba8d6541d037163cf477e514e15730cbcd657
|
|
7
|
+
data.tar.gz: 9b56e2e0e6a334cff3261e839d5767dc43bc0175d46c164838f28a8df52ab3548c9baabe7e74bc0cc087fcc9477e198c73220f09bb289abe39663673a1c9d2f8
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
module Dradis::Plugins::Nikto
|
|
2
2
|
class Importer < Dradis::Plugins::Upload::Importer
|
|
3
|
+
def self.templates
|
|
4
|
+
{ evidence: 'evidence', issue: 'item' }
|
|
5
|
+
end
|
|
6
|
+
|
|
3
7
|
# The framework will call this function if the user selects this plugin from
|
|
4
8
|
# the dropdown list and uploads a file.
|
|
5
9
|
# @returns true if the operation was successful, false otherwise
|
data/lib/nikto/item.rb
CHANGED
|
@@ -8,6 +8,8 @@ module Nikto
|
|
|
8
8
|
# Instead of providing separate methods for each supported property we rely
|
|
9
9
|
# on Ruby's #method_missing to do most of the work.
|
|
10
10
|
class Item
|
|
11
|
+
TAGS_WITH_CSV_CONTENT = %i[references].freeze
|
|
12
|
+
|
|
11
13
|
# Accepts an XML node from Nokogiri::XML.
|
|
12
14
|
def initialize(xml_node)
|
|
13
15
|
@xml = xml_node
|
|
@@ -18,10 +20,10 @@ module Nikto
|
|
|
18
20
|
def supported_tags
|
|
19
21
|
[
|
|
20
22
|
# attributes
|
|
21
|
-
:id, :
|
|
23
|
+
:id, :osvdbid, :osvdblink, :request_method,
|
|
22
24
|
|
|
23
25
|
# simple tags
|
|
24
|
-
:description, :
|
|
26
|
+
:description, :iplink, :namelink, :uri, :references
|
|
25
27
|
]
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -57,10 +59,18 @@ module Nikto
|
|
|
57
59
|
return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
|
|
58
60
|
|
|
59
61
|
# Then we try simple children tags
|
|
60
|
-
tag = @xml.xpath("./#{
|
|
61
|
-
|
|
62
|
-
|
|
62
|
+
tag = @xml.xpath("./#{method_name}").first
|
|
63
|
+
|
|
64
|
+
if tag && tag.text.present?
|
|
65
|
+
text = tag.text
|
|
66
|
+
TAGS_WITH_CSV_CONTENT.include?(method) ? cleanup_csv(text) : text
|
|
63
67
|
end
|
|
64
68
|
end
|
|
69
|
+
|
|
70
|
+
private
|
|
71
|
+
|
|
72
|
+
def cleanup_csv(text)
|
|
73
|
+
CSV.parse(text).join("\n")
|
|
74
|
+
end
|
|
65
75
|
end
|
|
66
76
|
end
|
|
File without changes
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
<?xml version="1.0" ?>
|
|
2
|
+
<!DOCTYPE niktoscan SYSTEM "docs/nikto.dtd">
|
|
3
|
+
<niktoscan>
|
|
4
|
+
<niktoscan hoststest="0" options="-h localhost -p 80 -out /tmp/localhost.xml" version="2.1.4" scanstart="Sun Jul 17 19:54:10 2011" scanend="Thu Jan 1 01:00:00 1970" scanelapsed=" seconds" nxmlversion="1.1">
|
|
5
|
+
<scandetails targetip="127.0.0.1" targethostname="localhost" targetport="80" targetbanner="Apache/2.2.16 (Debian)" starttime="2011-07-18 19:54:10" sitename="http://localhost:80/" siteip="http://127.0.0.1:80/" hostheader="localhost">
|
|
6
|
+
<ssl ciphers="DHE-RSA-AES256-SHA" issuers="/C=GB/ST=Berks/L=Ruscombe/O=XXXXXX/OU=XXXX/CN=asdf.com/emailAddress=someoneatasdf.com" info="/C=GB/ST=Berkshire/L=Ruscombe/O=Company/OU=UK/CN=vmx098" />
|
|
7
|
+
|
|
8
|
+
<item id="750000" osvdbid="3268" osvdblink="3268_LINK" method="GET">
|
|
9
|
+
<description><![CDATA[/: Directory indexing found.]]></description>
|
|
10
|
+
<uri><![CDATA[/]]></uri>
|
|
11
|
+
<namelink><![CDATA[http://localhost:80/]]></namelink>
|
|
12
|
+
<iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
|
|
13
|
+
<references><![CDATA["000000","CVE-2006-6133","https://example.com/"]]></references>
|
|
14
|
+
</item>
|
|
15
|
+
|
|
16
|
+
<statistics elapsed="10" itemsfound="44" itemstested="6456" endtime="2011-07-18 19:54:20" />
|
|
17
|
+
</scandetails>
|
|
18
|
+
|
|
19
|
+
</niktoscan>
|
|
20
|
+
|
|
21
|
+
</niktoscan>
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
module Dradis::Plugins
|
|
4
|
-
describe 'Nikto upload plugin' do
|
|
4
|
+
describe 'Nikto v2.1.4 upload plugin' do
|
|
5
5
|
before(:each) do
|
|
6
6
|
# Stub template service
|
|
7
7
|
templates_dir = File.expand_path('../../templates', __FILE__)
|
|
@@ -24,21 +24,14 @@ module Dradis::Plugins
|
|
|
24
24
|
#
|
|
25
25
|
# They return their argument hashes as objects mimicking
|
|
26
26
|
# Nodes, Issues, etc
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
OpenStruct.new(args)
|
|
32
|
-
end
|
|
33
|
-
allow(@content_service).to receive(:create_issue) do |args|
|
|
34
|
-
OpenStruct.new(args)
|
|
35
|
-
end
|
|
36
|
-
allow(@content_service).to receive(:create_evidence) do |args|
|
|
37
|
-
OpenStruct.new(args)
|
|
27
|
+
%w[evidence issue node note].each do |resource|
|
|
28
|
+
allow(@content_service).to receive("create_#{resource}") do |args|
|
|
29
|
+
OpenStruct.new(args)
|
|
30
|
+
end
|
|
38
31
|
end
|
|
39
32
|
end
|
|
40
33
|
|
|
41
|
-
let(:example_xml) { 'spec/fixtures/files/
|
|
34
|
+
let(:example_xml) { 'spec/fixtures/files/sample_v2.1.4.xml' }
|
|
42
35
|
|
|
43
36
|
def run_import!
|
|
44
37
|
@importer.import(file: example_xml)
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module Dradis::Plugins
|
|
4
|
+
describe 'Nikto v2.5.0 upload plugin' do
|
|
5
|
+
before(:each) do
|
|
6
|
+
# Stub template service
|
|
7
|
+
templates_dir = File.expand_path('../../templates', __FILE__)
|
|
8
|
+
expect_any_instance_of(Dradis::Plugins::TemplateService)
|
|
9
|
+
.to receive(:default_templates_dir).and_return(templates_dir)
|
|
10
|
+
|
|
11
|
+
# Init services
|
|
12
|
+
plugin = Dradis::Plugins::Nikto
|
|
13
|
+
|
|
14
|
+
@content_service = Dradis::Plugins::ContentService::Base.new(
|
|
15
|
+
logger: Logger.new(STDOUT),
|
|
16
|
+
plugin: plugin
|
|
17
|
+
)
|
|
18
|
+
|
|
19
|
+
@importer = Dradis::Plugins::Nikto::Importer.new(
|
|
20
|
+
content_service: @content_service,
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
# Stub dradis-plugins methods
|
|
24
|
+
#
|
|
25
|
+
# They return their argument hashes as objects mimicking
|
|
26
|
+
# Nodes, Issues, etc
|
|
27
|
+
%w[evidence issue node note].each do |resource|
|
|
28
|
+
allow(@content_service).to receive("create_#{resource}") do |args|
|
|
29
|
+
OpenStruct.new(args)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
let(:example_xml) { 'spec/fixtures/files/sample_v2.5.0.xml' }
|
|
35
|
+
|
|
36
|
+
def run_import!
|
|
37
|
+
@importer.import(file: example_xml)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
it 'creates issue with references' do
|
|
41
|
+
expect(@content_service).to receive(:create_issue) do |args|
|
|
42
|
+
expect(args[:text]).to include("#[Title]#\n\/\: Directory indexing found.")
|
|
43
|
+
expect(args[:text]).to include("#[References]#\n000000\nCVE-2006-6133\nhttps://example.com/")
|
|
44
|
+
OpenStruct.new(args)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
run_import!
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
data/templates/item.fields
CHANGED
data/templates/item.sample
CHANGED
data/templates/item.template
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dradis-nikto
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Martin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dradis-plugins
|
|
@@ -125,9 +125,11 @@ files:
|
|
|
125
125
|
- lib/nikto/scan.rb
|
|
126
126
|
- lib/nikto/ssl.rb
|
|
127
127
|
- lib/tasks/thorfile.rb
|
|
128
|
-
- spec/fixtures/files/
|
|
129
|
-
- spec/
|
|
128
|
+
- spec/fixtures/files/sample_v2.1.4.xml
|
|
129
|
+
- spec/fixtures/files/sample_v2.5.0.xml
|
|
130
130
|
- spec/spec_helper.rb
|
|
131
|
+
- spec/upload_v2.1.4_spec.rb
|
|
132
|
+
- spec/upload_v2.5.0_spec.rb
|
|
131
133
|
- templates/evidence.fields
|
|
132
134
|
- templates/evidence.sample
|
|
133
135
|
- templates/evidence.template
|
|
@@ -159,11 +161,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
159
161
|
- !ruby/object:Gem::Version
|
|
160
162
|
version: '0'
|
|
161
163
|
requirements: []
|
|
162
|
-
rubygems_version: 3.
|
|
164
|
+
rubygems_version: 3.2.32
|
|
163
165
|
signing_key:
|
|
164
166
|
specification_version: 4
|
|
165
167
|
summary: Nikto add-on for the Dradis Framework.
|
|
166
168
|
test_files:
|
|
167
|
-
- spec/fixtures/files/
|
|
168
|
-
- spec/
|
|
169
|
+
- spec/fixtures/files/sample_v2.1.4.xml
|
|
170
|
+
- spec/fixtures/files/sample_v2.5.0.xml
|
|
169
171
|
- spec/spec_helper.rb
|
|
172
|
+
- spec/upload_v2.1.4_spec.rb
|
|
173
|
+
- spec/upload_v2.5.0_spec.rb
|