ruby-nikto 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4fcc497451a7d1d6bd7ed21bd253f113afd7907e7846d78cd78fdacfa5b05038
+  data.tar.gz: 4e3cf53c1f2a0354720e1ebe13e4e3f2fd8da7a82bf21f9687bfdfa9a758a9da
+SHA512:
+  metadata.gz: 388a8492bb9faa2a4ee6c3235ffd5119511b4993cac47e984f45f1498c4d12a00e6c354b1255fa9caeeb38d767cf826c91acbf60af1dfa0174ba094e28c53e16
+  data.tar.gz: 9ac99ff184756ae910eccc8b555393ac99f7e13fe01f16bf105c24645b805d09da9d4ddf407b2fc794373882b78cf01a3a387b6ad94e450a4e947d4d6f62defc

data/.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+tab_width = 8
+trim_trailing_whitespace = true
+
+[{Gemfile,Rakefile,*.rb,*.gemspec,*.yml}]
+indent_style = space
+indent_size = 2

data/.github/workflows/ruby.yml

@@ -0,0 +1,31 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.6
+          - 2.7
+          - 3.0
+          - jruby
+          - truffleruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install libxml2-dev and libxslt1-dev
+        run: |
+          sudo apt update -y && \
+          sudo apt install -y --no-install-recommends --no-install-suggests libxml2-dev libxslt1-dev
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test

data/.gitignore

@@ -0,0 +1,9 @@
+/Gemfile.lock
+/doc
+/pkg
+.DS_Store
+.yardoc
+*.db
+*.log
+*.swp
+*~

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.specopts

@@ -0,0 +1 @@
+--colour --format specdoc

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title 'Ruby Nikto Documentation' --protected --files ChangeLog.md,LICENSE.txt

data/ChangeLog.md

@@ -0,0 +1,9 @@
+### 0.1.0 / 2021-11-30
+
+* Initial release:
+  * Added {Nikto::Command}.
+  * Added {Nikto::XML}.
+  * Added {Nikto::XML::ScanDetails}.
+  * Added {Nikto::XML::Item}.
+  * Added {Nikto::XML::Statistics}.
+

data/Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+gemspec
+
+# gem 'command_mapper', '~> 0.1.1', github: 'postmodern/command_mapper.rb'
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks', '~> 0.2'
+  gem 'rspec',          '~> 3.0'
+  gem 'simplecov',      '~> 0.7'
+
+  gem 'kramdown'
+  gem 'yard',           '~> 0.9'
+  gem 'yard-spellcheck', require: false
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2009-2021 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,80 @@
+# ruby-nikto
+
+[![CI](https://github.com/postmodern/ruby-nikto/actions/workflows/ruby.yml/badge.svg)](https://github.com/postmodern/ruby-nikto/actions/workflows/ruby.yml)
+[![Gem Version](https://badge.fury.io/rb/ruby-nikto.svg)](https://badge.fury.io/rb/ruby-nikto)
+
+* [Source](https://github.com/sophsec/ruby-nikto)
+* [Issues](https://github.com/sophsec/ruby-nikto/issues)
+
+## Description
+
+A Ruby interface to [nikto].
+
+## Features
+
+* Provides a [Ruby interface][Nikto::Command] for running the `nikto` utility.
+* Provides a [parser][Nikto::XML] for enumerating Nikto XML scan files.
+
+[Nikto::Command]: https://rubydoc.info/gems/ruby-nikto/Nikto/Command
+[Nikto::XML]: https://rubydoc.info/gems/ruby-nikto/Nikto/XML
+
+## Examples
+
+Run Nikto from Ruby:
+
+```ruby
+require 'nikto/command'
+    
+Nikto::Command.run(host: 'example.com', output: 'nikto.xml')
+```
+
+Parse Nikto XML scan files:
+
+```ruby
+require 'nikto/xml'
+
+Nikto::XML.open('nikto.xml') do |xml|
+  xml.each_scan_details do |scan_details|
+    puts "#{scan_details.site_name}"
+
+    scan_details.each_item do |item|
+      puts "  #{item.uri}"
+      puts
+      puts "    #{item.description}"
+      puts
+    end
+  end
+end
+```
+
+## Requirements
+
+* [nikto] >= 2.1.0
+* [command_mapper](http://github.com/postmodern/command_mapper.rb#readme) ~> 0.1
+* [nokogiri](https://github.com/sparklemotion/nokogiri#readme) ~> 1.0
+
+## Install
+
+```shell
+$ gem install ruby-nikto
+```
+
+### gemspec
+
+```ruby
+gemspec.add_dependency 'ruby-nikto', '~> 0.1'
+```
+
+### Gemfile
+
+```ruby
+gem 'ruby-nikto', '~> 0.1'
+```
+
+## License
+
+Copyright (c) 2009-2021 Hal Brodigan
+
+See {file:LICENSE.txt} for license information.
+
+[nikto]: https://github.com/sullo/nikto#readme

data/Rakefile

@@ -0,0 +1,10 @@
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new

data/gemspec.yml

@@ -0,0 +1,24 @@
+name: ruby-nikto
+summary: A Ruby interface to Nikto.
+description: A Ruby interface to Nikto, the Web Server scanner.
+license: MIT
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: http://github.com/sophsec/ruby-nikto
+has_yard: true
+
+metadata:
+  documentation_uri: https://rubydoc.info/gems/ruby-nikto
+  source_code_uri:   https://github.com/postmodern/ruby-nikto
+  bug_tracker_uri:   https://github.com/postmodern/ruby-nikto/issues
+  changelog_uri:     https://github.com/postmodern/ruby-nikto/blob/master/ChangeLog.md
+  rubygems_mfa_required: 'true'
+
+requirements: nikto >= 2.1.0
+
+dependencies:
+  command_mapper: ~> 0.1
+  nokogiri: ~> 1.0
+
+development_dependencies:
+  bundler: ~> 2.0

data/lib/nikto/command.rb

@@ -0,0 +1,188 @@
+require 'command_mapper/command'
+
+module Nikto
+  #
+  # Provides an interface for invoking the `nikto` utility.
+  #
+  # ## Example
+  #
+  #     require 'nikto/command'
+  #     
+  #     Nikto::Command.run(host: 'example.com', output: 'nikto.xml')
+  #
+  # ## `nikto` options:
+  #
+  # * `-Cgidirs` - `nikto.cgi_dirs`
+  # * `-config` - `nikto.config`
+  # * `-dbcheck` - `nikto.dbcheck`
+  # * `-Display` - `nikto.display`
+  # * `-evasion` - `nikto.evasion`
+  # * `-findonly` - `nikto.find_only`
+  # * `-Format` - `nikto.format`
+  # * `-host` - `nikto.host`
+  # * `-Help` - `nikto.help`
+  # * `-id` - `nikto.id`
+  # * `-list-plugins` - `nikto.list_plugins`
+  # * `-mutate` - `nikto.mutate`
+  # * `-mutate-options` - `nikto.mutate_options`
+  # * `-nolookup` - `nikto.no_lookup`
+  # * `-nossl` - `nikto.no_ssl`
+  # * `-no404` - `nikto.no_404`
+  # * `-output` - `nikto.output`
+  # * `-plugins` - `nikto.plugins`
+  # * `-port` - `nikto.port`
+  # * `-Pause` - `nikto.pause`
+  # * `-root` - `nikto.root`
+  # * `-ssl` - `nikto.ssl`
+  # * `-Single` - `nikto.single`
+  # * `-timeout` - `nikto.timeout`
+  # * `-Tuning` - `nikto.tuning`
+  # * `-useproxy` - `nikto.use_proxy`
+  # * `-update` - `nikto.update`
+  # * `-Version` - `nikto.version`
+  # * `-vhost` - `nikto.vhost`
+  #
+  # @see http://linux.die.net/man/1/nikto
+  #
+  class Command < CommandMapper::Command
+
+    class OptionString < CommandMapper::Types::List
+
+      #
+      # @param [Hash{Symbol => String}] options
+      #
+      def initialize(options)
+        super(type: CommandMapper::Types::Map.new(options), separator: '')
+      end
+
+    end
+
+    class PortList < CommandMapper::Types::Num
+
+      def validate(value)
+        case value
+        when Array
+          value.each do |element|
+            valid, message = validate(element)
+
+            unless valid
+              return [valid, message]
+            end
+          end
+
+          return true
+        when Range
+          valid, message = super(value.begin)
+
+          unless valid
+            return [valid, message]
+          end
+
+          valid, message = super(value.end)
+
+          unless valid
+            return [valid, message]
+          end
+
+          return true
+        else
+          super(value)
+        end
+      end
+
+      def format(value)
+        case value
+        when Array
+          value.map(&method(:format)).join(',')
+        when Range
+          "#{value.begin}-#{value.end}"
+        else
+          super(value)
+        end
+      end
+
+    end
+    
+    command 'nikto' do
+      option '-Cgidirs', name: :cgi_dirs, value: true
+      option '-config', value: {type: InputFile.new}
+      option '-dbcheck'
+      option '-Display', value: {
+                           type: OptionString.new(
+                             :show_redirects => '1',
+                             :show_cookies => '2',
+                             :show_200_responses => '3',
+                             :show_auth_urls => '4',
+                             :debug => 'D',
+                             :verbose => 'V'
+                           )
+                         }
+
+      option '-evasion', value: {
+                           type: OptionString.new(
+                             :random_uri_encoding => '1',
+                             :directory_self_reference => '2',
+                             :premature_url_ending => '3',
+                             :prepend_random_strings => '4',
+                             :fake_parameter => '5',
+                             :tab_request_spacer => '6',
+                             :random_url_case => '7',
+                             :windows_directory_separator => '8'
+                           )
+                         }
+      option '-findonly', name: :find_only
+      option '-Format', name: :format, value: {
+                                         type: Enum[:csv, :htm, :txt, :xml]
+                                       }
+      option '-host', value: true
+      option '-Help', name: :help
+      option '-id', value: {type: KeyValue.new(separator: ':')}
+      option '-list-plugins'
+      option '-mutate', value: {
+                          type: OptionString.new(
+                            :test_all_files => '1',
+                            :enum_password_file_names => '2',
+                            :enum_user_dirs => '3',
+                            :enum_cgi_users => '4',
+                            :bruteforce_subcomdains => '5',
+                            :bruteforce_directories => '6'
+                          )
+                        }
+      option '-mutate-options', value: true
+      option '-nolookup', name: :no_lookup
+      option '-nossl', name: :no_ssl
+      option '-no404', name: :no_404
+      option '-output', value: true
+      option '-plugins', value: {type: List.new}
+      option '-port', value: {type: PortList.new}
+      option '-Pause', name: :pause, value: {type: Num.new}
+      option '-root', value: true
+      option '-ssl', value: {type: PortList.new}
+      option '-Single', name: :single
+      option '-timeout', value: {type: Num.new}
+      option '-Tuning', name: :tuning, value: {
+                                         type: OptionString.new(
+                                           :file_upload => '0',
+                                           :interesting_files => '1',
+                                           :default_files => '2',
+                                           :information_disclosure => '3',
+                                           :injection => '4',
+                                           :remote_file_retriveal_inside_web_root => '5',
+                                           :denail_of_service => '6',
+                                           :remote_file_retriveal_server_wide => '7',
+                                           :command_execution => '8',
+                                           :sql_injection => '9',
+                                           :authentication_bypass => 'a',
+                                           :software_identification => 'b',
+                                           :remote_source_inclusion => 'c',
+                                           :reverse_tuning_options => 'x'
+                                         )
+                                       }
+      option '-useproxy', name: :use_proxy
+      option '-update'
+      option '-Version', name: :version
+      option '-vhost'
+    end
+
+  end
+end

data/lib/nikto/version.rb

@@ -0,0 +1,4 @@
+module Nikto
+  # ruby-nikto version
+  VERSION = '0.1.0'
+end

data/lib/nikto/xml/item.rb

@@ -0,0 +1,55 @@
+module Nikto
+  class XML
+    class Item
+
+      #
+      # Initializes the item object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `item` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The text of the `description` child element.
+      #
+      # @return [String]
+      #
+      def description
+        @description ||= @node.at_xpath('description').inner_text
+      end
+
+      #
+      # The text of the `uri` child element.
+      #
+      # @return [String]
+      #
+      def uri
+        @uri ||= @node.at_xpath('uri').inner_text
+      end
+
+      #
+      # The text of the `namelink` child element.
+      #
+      # @return [String]
+      #
+      def name_link
+        @name_link ||= @node.at_xpath('namelink').inner_text
+      end
+
+      #
+      # The text of the `iplink` child element.
+      #
+      # @return [String]
+      #
+      def ip_link
+        @ip_link ||= @node.at_xpath('iplink').inner_text
+      end
+
+    end
+  end
+end

data/lib/nikto/xml/scan_details.rb

@@ -0,0 +1,175 @@
+require 'nikto/xml/item'
+require 'nikto/xml/statistics'
+
+require 'time'
+
+module Nikto
+  class XML
+    #
+    # Represents a `scandetails` XML element.
+    #
+    class ScanDetails
+
+      #
+      # Initializes the scan details object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `scandetails` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The target's IP address.
+      #
+      # @return [String]
+      #   The value of the `targetip` attribute.
+      #
+      def target_ip
+        @node['targetip']
+      end
+
+      #
+      # The target's hostname.
+      #
+      # @return [String]
+      #   The value of the `targethostname` attribute.
+      #
+      def target_hostname
+        @node['targethostname']
+      end
+
+      #
+      # The target's port number.
+      #
+      # @return [Integer]
+      #   The parsed value of the `targetport` attribute.
+      #
+      def target_port
+        @target_port ||= @node['targetport'].to_i
+      end
+
+      #
+      # The target's banner value.
+      #
+      # @return [String]
+      #   The value of the `targetbanner` attribute.
+      #
+      def target_banner
+        @node['targetbanner']
+      end
+
+      #
+      # When the target started being scanned.
+      #
+      # @return [Time]
+      #   The parsed value `starttime` attribute.
+      #
+      def start_time
+        @start_time ||= Time.parse(@node['starttime'])
+      end
+
+      #
+      # The site name.
+      #
+      # @return [String]
+      #   The value of the `sitename` attribute.
+      #
+      def site_name
+        @node['sitename']
+      end
+
+      #
+      # The site's IP address.
+      #
+      # @return [String]
+      #   The value of the `siteip` attribute.
+      #
+      def site_ip
+        @node['siteip']
+      end
+
+      #
+      # The `Host` header.
+      #
+      # @return [String]
+      #   The value of the `hostheader` attribute.
+      #
+      def host_header
+        @node['hostheader']
+      end
+
+      #
+      # How many errors occurred.
+      #
+      # @return [Integer]
+      #   The parsed value of the `errors` attribute.
+      #
+      def errors
+        @errors ||= @node['errors'].to_i
+      end
+
+      #
+      # Determines if any errors occurred.
+      #
+      # @return [Boolean]
+      #
+      def errors?
+        errors > 0
+      end
+
+      #
+      # How many checks were performed on the target.
+      #
+      # @return [Integer]
+      #   The parsed value of the `checks` attribute.
+      #
+      def checks
+        @checks ||= @node['checks'].to_i
+      end
+
+      #
+      # Enumerates over the found items.
+      #
+      # @yield [item]
+      #   If a block is given, it will be passed each item object.
+      #
+      # @yieldparam [Item] item
+      #   An item object.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator object will be returned.
+      #
+      def each_item
+        return enum_for(__method__) unless block_given?
+
+        @node.xpath('item').each do |node|
+          yield Item.new(node)
+        end
+      end
+
+      #
+      # The found items for the target.
+      #
+      # @return [Array<Item>]
+      #
+      def items
+        each_item.to_a
+      end
+
+      #
+      # The statistics associated with the scan.
+      #
+      # @return [Statistics]
+      #   Represents the `statistics` XML element.
+      #
+      def statistics
+        @statistics ||= Statistics.new(@node.at_xpath('statistics'))
+      end
+
+    end
+  end
+end