ruby-nikto 0.1.0

data/lib/nikto/xml/statistics.rb

@@ -0,0 +1,64 @@
+require 'time'
+
+module Nikto
+  class XML
+    #
+    # Represents a `statistics` XML element.
+    #
+    class Statistics
+
+      #
+      # Initializes the statistics object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `statistics` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The number of seconds elapsed.
+      #
+      # @return [Intger]
+      #   The parsed value of the `elapsed` attribute.
+      #
+      def elapsed
+        @elapsed ||= @node['elapsed'].to_i
+      end
+
+      #
+      # The number of items found.
+      #
+      # @return [Intger]
+      #   The parsed value of the `itemsfound` attribute.
+      #
+      def items_found
+        @items_found ||= @node['itemsfound'].to_i
+      end
+
+      #
+      # The number of items tested.
+      #
+      # @return [Intger]
+      #   The parsed value of the `itemstested` attribute.
+      #
+      def items_tested
+        @items_tested ||= @node['itemstested'].to_i
+      end
+
+      #
+      # The end-time of the scan.
+      #
+      # @return [Time]
+      #   The parsed value of the `endtime` attribute.
+      #
+      def end_time
+        @end_time ||= Time.parse(@node['endtime'])
+      end
+
+    end
+  end
+end

data/lib/nikto/xml.rb

@@ -0,0 +1,230 @@
+require 'nikto/xml/scan_details'
+
+require 'nokogiri'
+
+module Nikto
+  #
+  # Represents an nikto XML file or XML data.
+  #
+  # ## Example
+  #
+  #     require 'nikto/xml'
+  #
+  #     Nikto::XML.open('nikto.xml') do |xml|
+  #       xml.each_scan_details do |scan_details|
+  #         puts "#{scan_details.site_name}"
+  #     
+  #         scan_details.each_item do |item|
+  #           puts "  #{item.uri}"
+  #           puts
+  #           puts "    #{item.description}"
+  #           puts
+  #         end
+  #       end
+  #     end
+  #
+  class XML
+
+    # The parsed XML document.
+    #
+    # @return [Nokogiri::XML]
+    #
+    # @api private
+    attr_reader :doc
+
+    # The path to the XML file.
+    #
+    # @return [String, nil]
+    attr_reader :path
+
+    #
+    # Creates a new XML object.
+    #
+    # @param [Nokogiri::XML] doc
+    #   The parsed XML document.
+    #
+    # @param [String, nil] path
+    #   The path to the XML file.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @api private
+    #
+    def initialize(doc, path: nil)
+      @doc  = doc
+      @path = File.expand_path(path) if path
+
+      yield self if block_given?
+    end
+
+    #
+    # Parses the given XML String.
+    #
+    # @param [String] xml
+    #   The XML String.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @return [XML]
+    #   The parsed XML.
+    #
+    # @api public
+    #
+    def self.parse(xml,&block)
+      new(Nokogiri::XML(xml),&block)
+    end
+
+    #
+    # Opens an parses an XML file.
+    #
+    # @param [String] path
+    #   The path to the XML file.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @return [XML]
+    #   The parsed XML.
+    #
+    # @api public
+    #
+    def self.open(path,&block)
+      path = File.expand_path(path)
+      doc  = Nokogiri::XML(File.open(path))
+
+      new(doc, path: path, &block)
+    end
+
+    #
+    # The `hoststest` value.
+    #
+    # @return [Integer]
+    #   The parsed value of the `hoststest` attribute.
+    #
+    def hosts_test
+      @hosts_test ||= @doc.root['@hoststest'].to_i
+    end
+
+    #
+    # Additional command-line options passed to `nikto`.
+    #
+    # @return [String]
+    #   The value of the `options` attribute.
+    #
+    def options
+      @doc.root['options']
+    end
+
+    #
+    # When the scan started.
+    #
+    # @return [Time]
+    #   The parsed value of the `scanstart` attribute.
+    #
+    def scan_start
+      @scan_start ||= Time.parse(@doc.root['scanstart'])
+    end
+
+    #
+    # When the scan completed.
+    #
+    # @return [Time]
+    #   The parsed value `scanned` attribute.
+    #
+    def scan_end
+      @scan_end ||= Time.parse(@doc.root['scanend'])
+    end
+
+    #
+    # The duration of the scan.
+    #
+    # @return [String]
+    #   The value of the `scanelapsed` attribute.
+    #
+    def scan_elapsed
+      @doc.root['scanelapsed']
+    end
+
+    #
+    # The Nikto XML schema version.
+    #
+    # @return [String]
+    #   The value of the `nxmlversion` attribute.
+    #
+    def nikto_xml_version
+      @doc.root['nxmlversion']
+    end
+
+    #
+    # Parses each `scandetails` child element.
+    #
+    # @yield [scan_details]
+    #   If a block is given, it will be yielded each scan details object.
+    #
+    # @yieldparam [ScanDetails] scan_details
+    #   A scan details object.
+    #
+    # @return [Enumerator]
+    #   If no block is given, an Enumerator will be returned.
+    #
+    def each_scan_details
+      return enum_for(__method__) unless block_given?
+
+      @doc.xpath('/niktoscan/scandetails').each do |node|
+        yield ScanDetails.new(node)
+      end
+    end
+
+    #
+    # The scan details.
+    #
+    # @return [Array<ScanDetails>]
+    #
+    def scan_details
+      each_scan_details.to_a
+    end
+
+    alias each_target each_scan_details
+
+    alias targets scan_details
+
+    #
+    # The first scan details object.
+    #
+    # @return [ScanDetails, nil]
+    #
+    def target
+      each_target.first
+    end
+
+    #
+    # Converts the XML object to a String.
+    #
+    # @return [String]
+    #   The path to the XML if {#path} is set, or the XML if the XML was parsed
+    #   from a String.
+    #
+    def to_s
+      if @path
+        @path
+      else
+        @doc.to_s
+      end
+    end
+
+  end
+end

data/lib/nikto.rb

@@ -0,0 +1,2 @@
+require 'nikto/command'
+require 'nikto/version'

data/ruby-nikto.gemspec

@@ -0,0 +1,58 @@
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require File.join('nikto','version')
+                  Nikto::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files = if gemspec['files'] then glob[gemspec['files']]
+              else                     `git ls-files`.split($/)
+              end
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = gemspec['requirements']
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end

data/spec/command_spec.rb

@@ -0,0 +1,97 @@
+require 'spec_helper'
+require 'nikto/command'
+
+describe Nikto::Command do
+  describe described_class::OptionString do
+    let(:map) do
+      {
+        :a => '1',
+        :b => '2',
+        :c => '3'
+      }
+    end
+
+    subject { described_class.new(map) }
+
+    describe "#initialize" do
+      it "must initialize #type to be a Map of the options" do
+        expect(subject.type).to be_kind_of(CommandMapper::Types::Map)
+        expect(subject.type.map).to eq(map)
+      end
+
+      it "must set #separator to ''" do
+        expect(subject.separator).to eq('')
+      end
+    end
+  end
+
+  describe described_class::PortList do
+    describe "#validate" do
+      context "when given a single port number" do
+        let(:value) { 443 }
+
+        it "must return true" do
+          expect(subject.validate(value)).to be(true)
+        end
+      end
+
+      context "when given a Range of port numbers" do
+        let(:value) { (1..1024) }
+
+        it "must return true" do
+          expect(subject.validate(value)).to be(true)
+        end
+      end
+
+      context "when given an Array of port numbers" do
+        let(:value) { [80, 443] }
+
+        it "must return true" do
+          expect(subject.validate(value)).to be(true)
+        end
+
+        context "and the Array contains Ranges" do
+          let(:value) { [80, (1..42), 443] }
+
+          it "must return true" do
+            expect(subject.validate(value)).to be(true)
+          end
+        end
+      end
+    end
+
+    describe "#format" do
+      context "when given a single port number" do
+        let(:value) { 443 }
+
+        it "must return the formatted port number" do
+          expect(subject.format(value)).to eq(value.to_s)
+        end
+      end
+
+      context "when given a Range of port numbers" do
+        let(:value) { (1..1024) }
+
+        it "must return the formatted port number range (ex: 1-102)" do
+          expect(subject.format(value)).to eq("#{value.begin}-#{value.end}")
+        end
+      end
+
+      context "when given an Array of port numbers" do
+        let(:value) { [80, 443] }
+
+        it "must return the formatted list of port numbers" do
+          expect(subject.format(value)).to eq(value.join(','))
+        end
+
+        context "and the Array contains Ranges" do
+          let(:value) { [80, (1..42), 443] }
+
+          it "must return the formatted list of port numbers and port ranges" do
+            expect(subject.format(value)).to eq("#{value[0]},#{value[1].begin}-#{value[1].end},#{value[2]}")
+          end
+        end
+      end
+    end
+  end
+end

data/spec/fixtures/nikto.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" ?>
+<!DOCTYPE niktoscan SYSTEM "/usr/share/doc/nikto/nikto.dtd">
+<niktoscan hoststest="0" options="-host example.com -output nikto.xml" version="2.1.6" scanstart="Mon Nov 29 07:22:56 2021" scanend="Wed Dec 31 16:00:00 1969" scanelapsed=" seconds" nxmlversion="1.2">
+
+<scandetails targetip="93.184.216.34" targethostname="example.com" targetport="80" targetbanner="ECS (sec/974D)" starttime="2021-11-29 07:22:57" sitename="http://example.com:80/" siteip="http://93.184.216.34:80/" hostheader="example.com" errors="0" checks="4587">
+
+
+<item id="#ID#" osvdbid="#TEMPL_OSVDB#" osvdblink="#TEMPL_OSVDB_LINK#" method="#TEMPL_HTTP_METHOD#">
+<description><![CDATA[#TEMPL_MSG#]]></description>
+<uri><![CDATA[#TEMPL_URI#]]></uri>
+<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>
+<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>
+</item>
+
+<item id="#ID#" osvdbid="#TEMPL_OSVDB#" osvdblink="#TEMPL_OSVDB_LINK#" method="#TEMPL_HTTP_METHOD#">
+<description><![CDATA[#TEMPL_MSG#]]></description>
+<uri><![CDATA[#TEMPL_URI#]]></uri>
+<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>
+<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>
+</item>
+
+<item id="#ID#" osvdbid="#TEMPL_OSVDB#" osvdblink="#TEMPL_OSVDB_LINK#" method="#TEMPL_HTTP_METHOD#">
+<description><![CDATA[#TEMPL_MSG#]]></description>
+<uri><![CDATA[#TEMPL_URI#]]></uri>
+<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>
+<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>
+</item>
+
+<item id="#ID#" osvdbid="#TEMPL_OSVDB#" osvdblink="#TEMPL_OSVDB_LINK#" method="#TEMPL_HTTP_METHOD#">
+<description><![CDATA[#TEMPL_MSG#]]></description>
+<uri><![CDATA[#TEMPL_URI#]]></uri>
+<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>
+<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>
+</item>
+
+<item id="#ID#" osvdbid="#TEMPL_OSVDB#" osvdblink="#TEMPL_OSVDB_LINK#" method="#TEMPL_HTTP_METHOD#">
+<description><![CDATA[#TEMPL_MSG#]]></description>
+<uri><![CDATA[#TEMPL_URI#]]></uri>
+<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>
+<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>
+</item>
+
+<statistics elapsed="178" itemsfound="5" itemstested="4587" endtime="2021-11-29 07:25:55" />
+</scandetails>
+
+
+</niktoscan>

data/spec/nikto_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+require 'nikto/version'
+
+describe Nikto do
+  it "should have a VERSION constant" do
+    expect(subject.const_get('VERSION')).to_not be_empty
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rspec'
+require 'simplecov'
+SimpleCov.start
+
+require 'nikto/version'
+include Nikto

data/spec/xml/item_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'nikto/xml/item'
+require 'nokogiri'
+
+describe Nikto::XML::Item do
+  let(:fixtures_dir) { File.expand_path(File.join(__dir__,'..','fixtures')) }
+  let(:path) { File.join(fixtures_dir,'nikto.xml') }
+  let(:xml)  { File.read(path) }
+  let(:doc)  { Nokogiri::XML(File.open(path)) }
+  let(:node) { doc.at_xpath('/niktoscan/scandetails/item') }
+
+  subject { described_class.new(node) }
+
+  describe "#description" do
+    subject { super().description }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the inner text of the 'description' child element" do
+      expect(subject).to eq(node.at_xpath('description').inner_text)
+    end
+  end
+
+  describe "#uri" do
+    subject { super().uri }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the inner text of the 'uri' child element" do
+      expect(subject).to eq(node.at_xpath('uri').inner_text)
+    end
+  end
+
+  describe "#name_link" do
+    subject { super().name_link }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the inner text of the 'namelink' child element" do
+      expect(subject).to eq(node.at_xpath('namelink').inner_text)
+    end
+  end
+
+  describe "#ip_link" do
+    subject { super().ip_link }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the inner text of the 'iplink' child element" do
+      expect(subject).to eq(node.at_xpath('iplink').inner_text)
+    end
+  end
+end