dradis-nikto 3.6.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b85379eda93e80def439da2374ad41846fd91b98
+  data.tar.gz: f98f0c4cf2972aa13f581fc43474a083ace135d4
+SHA512:
+  metadata.gz: d70d3923b273e473979f6bfcaff937c4566194c1601423dc381266ae04833922c8925b943d10e5f550d5f1a0f7bb54536a7cc1002116ec25d363fed40f01385e
+  data.tar.gz: 2fdec35fbf69c6d43eadd5aa4b4cfb5aede869c9e4342d1807638c8cb76c8a073b1612228e3076ba14c628756d0e3e93ee60a48aef3be70cccde130445a7316d

data/.gitignore

@@ -0,0 +1,7 @@
+# Bundler config
+Gemfile.lock
+/.bundle/
+/vendor/bundle/
+
+# Gem artifacts
+/pkg/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+-f d

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## Dradis Framework 3.6 (March XX, 2017) ##
+
+*   No changes.

data/CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# Plugin contribution guidelines
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)

data/Gemfile

@@ -0,0 +1,23 @@
+source 'https://rubygems.org'
+
+# Declare your gem's dependencies in dradispro-duoweb.gemspec.
+# Bundler will treat runtime dependencies like base dependencies, and
+# development dependencies will be added by default to the :development group.
+gemspec
+
+# jquery-rails is used by the dummy application
+# gem "jquery-rails"
+
+# Declare any dependencies that are still in development here instead of in
+# your gemspec. These might include edge Rails or gems from your path or
+# Git. Remember to move these dependencies to your gemspec before releasing
+# your gem to rubygems.org.
+
+# To use debugger
+# gem 'debugger'
+
+if Dir.exists?('../dradis-plugins')
+  gem 'dradis-plugins', path: '../dradis-plugins'
+else
+  gem 'dradis-plugins', github: 'dradis/dradis-plugins'
+end

data/LICENSE

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

data/README.md

@@ -0,0 +1,27 @@
+# Nikto plugin for Dradis
+
+[![Build Status](https://secure.travis-ci.org/dradis/dradis-nikto.png?branch=master)](http://travis-ci.org/dradis/dradis-nikto) [![Code Climate](https://codeclimate.com/github/dradis/dradis-nikto.png)](https://codeclimate.com/github/dradis/dradis-nikto.png)
+
+Upload Nikto files into Dradis.
+
+The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
+
+
+## More information
+
+See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
+
+
+## Contributing
+
+See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
+
+
+## License
+
+Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
+
+
+## Feature requests and bugs
+
+Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/dradis-nikto.gemspec

@@ -0,0 +1,34 @@
+$:.push File.expand_path('../lib', __FILE__)
+require 'dradis/plugins/nikto/version'
+version = Dradis::Plugins::Nikto::VERSION::STRING
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |spec|
+  spec.platform    = Gem::Platform::RUBY
+  spec.name        = 'dradis-nikto'
+  spec.version     = version
+  spec.summary     = 'Nikto add-on for the Dradis Framework.'
+  spec.description = 'This add-on allows you to upload and parse output produced from Nikto web server scanner into Dradis.'
+
+  spec.license     = 'GPL-2'
+
+  spec.authors     = ['Daniel Martin']
+  spec.email       = ['etd@nomejortu.com']
+  spec.homepage    = 'http://dradisframework.org'
+
+  spec.files       = `git ls-files`.split($\)
+  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files  = spec.files.grep(%r{^(test|spec|features)/})
+
+  # By not including Rails as a dependency, we can use the gem with different
+  # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
+  # until we bump Dradis Pro to 4.1.
+  # s.add_dependency 'rails', '~> 4.1.1'
+  spec.add_dependency 'dradis-plugins', '~> 3.6'
+  spec.add_dependency 'nokogiri', '~> 1.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'combustion', '~> 0.5.2'
+end

data/lib/dradis-nikto.rb

@@ -0,0 +1,10 @@
+# Hook to the framework base clases
+require 'dradis-plugins'
+
+# Load this add-on's engine
+require 'dradis/plugins/nikto'
+
+# Load supporting Nikto classes
+require 'nikto/scan'
+require 'nikto/ssl'
+require 'nikto/item'

data/lib/dradis/plugins/nikto.rb

@@ -0,0 +1,11 @@
+module Dradis
+  module Plugins
+    module Nikto
+    end
+  end
+end
+
+require 'dradis/plugins/nikto/engine'
+require 'dradis/plugins/nikto/field_processor'
+require 'dradis/plugins/nikto/importer'
+require 'dradis/plugins/nikto/version'

data/lib/dradis/plugins/nikto/engine.rb

@@ -0,0 +1,13 @@
+module Dradis
+  module Plugins
+    module Nikto
+      class Engine < ::Rails::Engine
+        isolate_namespace Dradis::Plugins::Nikto
+
+        include ::Dradis::Plugins::Base
+        description 'Processes Nikto output'
+        provides :upload
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nikto/field_processor.rb

@@ -0,0 +1,25 @@
+module Dradis
+  module Plugins
+    module Nikto
+      class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
+
+        def post_initialize(args={})
+          @nikto_object = case data.name
+            when 'scandetails' then ::Nikto::Scan.new(data)
+            when 'item' then ::Nikto::Item.new(data)
+            when 'ssl' then ::Nikto::Ssl.new(data)
+          end
+        end
+
+        def value(args={})
+          field = args[:field]
+          # fields in the template are of the form <foo>.<field>, where <foo>
+          # is common across all fields for a given template (and meaningless).
+          _, name = field.split('.')
+          @nikto_object.try(name) || 'n/a'
+        end
+
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nikto/gem_version.rb

@@ -0,0 +1,19 @@
+module Dradis
+  module Plugins
+    module Nikto
+      # Returns the version of the currently loaded Dradis as a <tt>Gem::Version</tt>
+      def self.gem_version
+        Gem::Version.new VERSION::STRING
+      end
+
+      module VERSION
+        MAJOR = 3
+        MINOR = 6
+        TINY = 0
+        PRE = nil
+
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+      end
+    end
+  end
+end

data/lib/dradis/plugins/nikto/importer.rb

@@ -0,0 +1,74 @@
+module Dradis::Plugins::Nikto
+  class Importer < Dradis::Plugins::Upload::Importer
+    # The framework will call this function if the user selects this plugin from
+    # the dropdown list and uploads a file.
+    # @returns true if the operation was successful, false otherwise
+    def import(params={})
+      file_content = File.read( params[:file] )
+      file_name = File.basename( params[:file] )
+
+      # Hack because the Nikto file isn't correctly formatted yet
+      # https://trac.assembla.com/Nikto_2/ticket/229
+      xml_arr = file_content.split("\n")
+      xml_arr[2,0] = "<nikto>"
+      xml_arr << "</nikto>"
+      xml = xml_arr.join
+
+      logger.info{ 'Parsing Nikto output...' }
+      doc = Nokogiri::XML(xml)
+      logger.info{ 'Done.' }
+
+      if doc.xpath('/nikto/niktoscan/scandetails').empty?
+        error = "No scan results were detected in the uploaded file (/nikto/niktoscan/scandetails). Ensure you uploaded a Nikto XML report."
+        logger.fatal{ error }
+        content_service.create_note text: error
+        return false
+      end
+
+      doc.xpath('/nikto/niktoscan/scandetails').each do |xml_scan|
+        if xml_scan.has_attribute? "sitename"
+          host_label = xml_scan['sitename']
+        else
+          host_label = xml_scan['siteip']
+        end
+
+        # Hack to include the file name in the xml
+        # so we can use it in the template
+        xml_scan['filename'] = file_name
+
+        # Scan details
+        logger.info{ 'Adding ' + host_label }
+        host_node = content_service.create_node(label: host_label, type: :host)
+        scan_text = template_service.process_template(template: 'scan', data: xml_scan)
+        content_service.create_note(
+          text: scan_text,
+          node: host_node)
+
+        # Check for SSL cert tag and add that data in as well
+        unless xml_scan.at_xpath("ssl").nil?
+          xml_ssl = xml_scan.at_xpath("ssl")
+          ssl_text = template_service.process_template(template: 'ssl', data: xml_ssl)
+          content_service.create_note(
+            text: ssl_text,
+            node: host_node)
+        end
+
+        # Items
+        xml_scan.xpath("item").each do |xml_item|
+          item_label = xml_item.has_attribute?("id") ? xml_item["id"] : "Unknown"
+          item_node = content_service.create_node(
+          label: item_label,
+          type: :default,
+          parent: host_node)
+
+          item_text = template_service.process_template(template: 'item', data: xml_item)
+          content_service.create_note(
+            text: item_text,
+            node: item_node)
+        end
+      end
+
+      logger.info("All Done!")
+    end
+  end
+end

data/lib/dradis/plugins/nikto/version.rb

@@ -0,0 +1,13 @@
+require_relative 'gem_version'
+
+module Dradis
+  module Plugins
+    module Nikto
+      # Returns the version of the currently loaded Nikto as a
+      # <tt>Gem::Version</tt>.
+      def self.version
+        gem_version
+      end
+    end
+  end
+end

data/lib/nikto/item.rb

@@ -0,0 +1,66 @@
+module Nikto
+  # This class represents each of the <item> elements in the Nikto
+  # XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Item
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendants or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # attributes
+        :id, :request_method, :osvdblink, :osvdbid,
+
+        # simple tags
+        :description, :uri, :namelink, :iplink
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+      # We need the translations_table because 'method' is a reserved word
+      translations_table = {
+        request_method: 'method'
+      }
+      method_name = translations_table.fetch(method, method.to_s)
+
+      # First we try the attributes
+      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+
+      # Then we try simple children tags
+      tag = @xml.xpath("./#{ method_name }").first
+      if tag
+        return tag.text
+      end
+    end
+  end
+end

data/lib/nikto/scan.rb

@@ -0,0 +1,51 @@
+module Nikto
+  # This class represents the <scandetails> element in the Nikto XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Scan
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendants or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # attributes
+        :targetip, :targethostname, :targetport, :targetbanner, :starttime,
+        :sitename, :siteip, :hostheader, :errors, :checks, :filename
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+      method_name = method.to_s
+      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+    end
+  end
+end

data/lib/nikto/ssl.rb

@@ -0,0 +1,50 @@
+module Nikto
+  # This class represents the <ssl> element in the Nikto XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Ssl
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendants or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # attributes
+        :ciphers, :issuers, :info
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+      method_name = method.to_s
+      return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
+    end
+  end
+end

data/lib/tasks/thorfile.rb

@@ -0,0 +1,26 @@
+class NiktoTasks < Thor
+  include Rails.application.config.dradis.thor_helper_module
+
+  namespace "dradis:plugins:nikto"
+
+  desc "upload FILE", "upload Nikto XML results"
+  def upload(file_path)
+    require 'config/environment'
+
+    logger = Logger.new(STDOUT)
+    logger.level = Logger::DEBUG
+
+    unless File.exists?(file_path)
+      $stderr.puts "** the file [#{file_path}] does not exist"
+      exit -1
+    end
+
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Nikto::Importer.new(logger: logger)
+    importer.import(file: file_path)
+
+    logger.close
+  end
+
+end

data/spec/fixtures/files/localhost.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" ?>
+<!DOCTYPE niktoscan SYSTEM "docs/nikto.dtd">
+<niktoscan hoststest="0" options="-h localhost -p 80 -out /tmp/localhost.xml" version="2.1.4" scanstart="Sun Jul 17 19:54:10 2011" scanend="Thu Jan  1 01:00:00 1970" scanelapsed=" seconds" nxmlversion="1.1">
+<scandetails targetip="127.0.0.1" targethostname="localhost" targetport="80" targetbanner="Apache/2.2.16 (Debian)" starttime="2011-07-18 19:54:10" sitename="http://localhost:80/" siteip="http://127.0.0.1:80/" hostheader="localhost">
+<ssl ciphers="DHE-RSA-AES256-SHA" issuers="/C=GB/ST=Berks/L=Ruscombe/O=XXXXXX/OU=XXXX/CN=asdf.com/emailAddress=someoneatasdf.com" info="/C=GB/ST=Berkshire/L=Ruscombe/O=Company/OU=UK/CN=vmx098" />
+
+<item id="750000" osvdbid="3268" osvdblink="3268_LINK" method="GET">
+<description><![CDATA[/: Directory indexing found.]]></description>
+<uri><![CDATA[/]]></uri>
+<namelink><![CDATA[http://localhost:80/]]></namelink>
+<iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+</item>
+
+<item id="600050" osvdbid="0" osvdblink="0_LINK" method="HEAD">
+<description><![CDATA[Apache/2.2.16 appears to be outdated (current is at least Apache/2.2.19). Apache 1.3.42 (final release) and 2.0.64 are also current.]]></description>
+<uri><![CDATA[/]]></uri>
+<namelink><![CDATA[http://localhost:80/]]></namelink>
+<iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+</item>
+
+<item id="999990" osvdbid="0" osvdblink="0_LINK" method="GET">
+<description><![CDATA[Allowed HTTP Methods: GET, HEAD, POST, OPTIONS ]]></description>
+<uri><![CDATA[/]]></uri>
+<namelink><![CDATA[http://localhost:80/]]></namelink>
+<iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+</item>
+
+<item id="750000" method="GET">
+<description><![CDATA[/?show=http://cirt.net/rfiinc.txt??: Directory indexing found.]]></description>
+<uri><![CDATA[/?show=http://cirt.net/rfiinc.txt??]]></uri>
+<namelink><![CDATA[http://localhost:80/?show=http://cirt.net/rfiinc.txt??]]></namelink>
+<iplink><![CDATA[http://127.0.0.1:80/?show=http://cirt.net/rfiinc.txt??]]></iplink>
+</item>
+
+<statistics elapsed="10" itemsfound="44" itemstested="6456" endtime="2011-07-18 19:54:20" />
+</scandetails>
+
+
+</niktoscan>

data/spec/nikto_upload_spec.rb

@@ -0,0 +1,120 @@
+require 'spec_helper'
+
+describe 'Nikto upload plugin' do
+  describe "Importer" do
+
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      # Init services
+      plugin = Dradis::Plugins::Nikto
+
+      @content_service = Dradis::Plugins::ContentService.new(plugin: plugin)
+      template_service = Dradis::Plugins::TemplateService.new(plugin: plugin)
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service,
+        template_service: template_service
+      )
+
+      # Stub dradis-plugins methods
+      #
+      # They return their argument hashes as objects mimicking
+      # Nodes, Issues, etc
+      allow(@content_service).to receive(:create_node) do |args|
+        puts "create_node: #{ args.inspect }"
+        OpenStruct.new(args)
+      end
+      allow(@content_service).to receive(:create_note) do |args|
+        puts "create_note: #{ args.inspect }"
+        OpenStruct.new(args)
+      end
+      allow(@content_service).to receive(:create_issue) do |args|
+        puts "create_issue: #{ args.inspect }"
+        OpenStruct.new(args)
+      end
+      allow(@content_service).to receive(:create_evidence) do |args|
+        puts "create_evidence: #{ args.inspect }"
+        OpenStruct.new(args)
+      end
+    end
+
+    it "creates nodes, issues, notes and an evidences as needed" do
+      # Host node and basic host info note
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('http://localhost:80/')
+        expect(args[:type]).to eq(:host)
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("http://localhost:80/")
+        expect(args[:text]).to include("#[Title]#\nNikto upload: localhost.xml")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("http://localhost:80/")
+        expect(args[:text]).to include("SSL Cert Information")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('750000')
+        expect(args[:parent].label).to eq("http://localhost:80/")
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("750000")
+        expect(args[:text]).to include("/: Directory indexing found.")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        expect(args[:text]).to include("OSVDB: \"3268\":3268_LINK")
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('600050')
+        expect(args[:parent].label).to eq("http://localhost:80/")
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("600050")
+        expect(args[:text]).to include("Apache/2.2.16 appears to be outdated")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('999990')
+        expect(args[:parent].label).to eq("http://localhost:80/")
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("999990")
+        expect(args[:text]).to include("Allowed HTTP Methods: GET, HEAD, POST, OPTIONS")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        OpenStruct.new(args)
+      end.once
+
+      expect(@content_service).to receive(:create_node) do |args|
+        expect(args[:label]).to eq('750000')
+        expect(args[:parent].label).to eq("http://localhost:80/")
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:node].label).to eq("750000")
+        expect(args[:text]).to include("/?show=http://cirt.net/rfiinc.txt??: Directory indexing found.")
+        expect(args[:text]).to_not include("not recognized by the plugin")
+        expect(args[:text]).to include("OSVDB: \"n/a\":n/a")
+        OpenStruct.new(args)
+      end.once
+
+      # Run the import
+      @importer.import(file: 'spec/fixtures/files/localhost.xml')
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
+require 'combustion'
+
+Combustion.initialize!
+
+RSpec.configure do |config|
+end

data/templates/item.fields

@@ -0,0 +1,8 @@
+item.id
+item.request_method
+item.osvdbid
+item.osvdblink
+item.description
+item.uri
+item.namelink
+item.iplink

data/templates/item.sample

@@ -0,0 +1,6 @@
+<item id="750000" method="GET" osvdbid="3268" osvdblink="3268_LINK">
+  <description><![CDATA[/: Directory indexing found.]]></description>
+  <uri><![CDATA[/]]></uri>
+  <namelink><![CDATA[http://localhost:80/]]></namelink>
+  <iplink><![CDATA[http://127.0.0.1:80/]]></iplink>
+</item>

data/templates/item.template

@@ -0,0 +1,10 @@
+#[Title]#
+Finding
+
+
+#[Details]#
+OSVDB: "%item.osvdbid%":%item.osvdblink%
+Request Method: %item.request_method%
+Description: %item.description%
+Link: %item.namelink%
+IP Based Link: %item.iplink%

data/templates/scan.fields

@@ -0,0 +1,11 @@
+scan.filename
+scan.targetip
+scan.targethostname
+scan.targetport
+scan.targetbanner
+scan.starttime
+scan.sitename
+scan.siteip
+scan.hostheader
+scan.errors
+scan.checks

data/templates/scan.sample

@@ -0,0 +1 @@
+<scandetails targetip="127.0.0.1" targethostname="localhost" targetport="80" targetbanner="Apache/2.2.16 (Debian)" starttime="2011-07-18 19:54:10" sitename="http://localhost:80/" siteip="http://127.0.0.1:80/" hostheader="localhost"/>

data/templates/scan.template

@@ -0,0 +1,14 @@
+#[Title]#
+Nikto upload: %scan.filename%
+
+#[Details]#
+IP: %scan.targetip%
+Hostname: %scan.targethostname%
+Port: %scan.targetport%
+Banner: %scan.targetbanner%
+Starttime: %scan.starttime%
+Site Name: %scan.sitename%
+Site IP: %scan.siteip%
+Host Header: %scan.hostheader%
+Errors: %scan.errors%
+Total Checks: %scan.checks%

data/templates/ssl.fields

@@ -0,0 +1,3 @@
+ssl.ciphers
+ssl.issuers
+ssl.info

data/templates/ssl.sample

@@ -0,0 +1 @@
+<ssl ciphers="" issuers="" info=""/>

data/templates/ssl.template

@@ -0,0 +1,7 @@
+#[Title]#
+SSL Cert Information
+
+#[Details]#
+Ciphers: %ssl.ciphers%
+Issuers: %ssl.issuers%
+Info: %ssl.info%

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: dradis-nikto
+version: !ruby/object:Gem::Version
+  version: 3.6.0
+platform: ruby
+authors:
+- Daniel Martin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dradis-plugins
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+description: This add-on allows you to upload and parse output produced from Nikto
+  web server scanner into Dradis.
+email:
+- etd@nomejortu.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- dradis-nikto.gemspec
+- lib/dradis-nikto.rb
+- lib/dradis/plugins/nikto.rb
+- lib/dradis/plugins/nikto/engine.rb
+- lib/dradis/plugins/nikto/field_processor.rb
+- lib/dradis/plugins/nikto/gem_version.rb
+- lib/dradis/plugins/nikto/importer.rb
+- lib/dradis/plugins/nikto/version.rb
+- lib/nikto/item.rb
+- lib/nikto/scan.rb
+- lib/nikto/ssl.rb
+- lib/tasks/thorfile.rb
+- spec/fixtures/files/localhost.xml
+- spec/nikto_upload_spec.rb
+- spec/spec_helper.rb
+- templates/item.fields
+- templates/item.sample
+- templates/item.template
+- templates/scan.fields
+- templates/scan.sample
+- templates/scan.template
+- templates/ssl.fields
+- templates/ssl.sample
+- templates/ssl.template
+homepage: http://dradisframework.org
+licenses:
+- GPL-2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Nikto add-on for the Dradis Framework.
+test_files:
+- spec/fixtures/files/localhost.xml
+- spec/nikto_upload_spec.rb
+- spec/spec_helper.rb