Add ID 007152 to nikto_core.plugin 1389 line

reactivespace · Mar 30, 2017 · f6cfcdd · f6cfcdd
1 parent a930c04
commit f6cfcdd
Showing 1 changed file with 34 additions and 34 deletions.
diff --git a/program/plugins/nikto_core.plugin b/program/plugins/nikto_core.plugin
@@ -179,7 +179,7 @@ sub status_report {
         }
     }
     else { $timeleft = sprintf("%.0f seconds", $secleft); }
-    
+
     my $perc_compl =
         ($COUNTERS{'totalrequests'} / ($COUNTERS{'total_checks'} * $COUNTERS{'total_targets'}) * 100);
 
@@ -197,7 +197,7 @@ sub status_report {
  	}
 
     nprint($line);
-    nprint("- STATUS: " . running_average_print($mark)); 
+    nprint("- STATUS: " . running_average_print($mark));
 
     return;
 }
@@ -538,15 +538,15 @@ sub general_config {
                ) or usage();
 
     # 404string
-    if ($CLI{'404string'} ne '') { 
+    if ($CLI{'404string'} ne '') {
         my $s = validate_and_fix_regex($CLI{'404string'});
         $VARIABLES->{'ERRSTRINGS'}->{$s} = 1;
         }
 
     # 404code
     if ($CLI{'404code'} ne '') {
         foreach my $code (split(/\s?,\s?/, $CLI{'404code'})) {
-            if ($code =~ /[^\d]/) { 
+            if ($code =~ /[^\d]/) {
                  nprint("+ ERROR: Invalid 404code, must be an integer");
                  exit;
                  }
@@ -609,7 +609,7 @@ sub general_config {
         }
         $CLI{'until'} = $pausetime;
     }
-    
+
     if ($CLI{'useragent'}) {
         push(@options,"USERAGENT=" . $CLI{'useragent'});
     }
@@ -718,9 +718,9 @@ sub general_config {
     $CLI{'format'}='txt' if $CLI{'format'} eq 'text';
     $CLI{'format'}='htm' if $CLI{'format'} eq 'html';
 
-    if ($CLI{'format'} !~ /^(?:txt|htm|csv|json|sql|nbe|xml|none)$/) { 
-        nprint("+ ERROR: Invalid output format"); 
-        exit; 
+    if ($CLI{'format'} !~ /^(?:txt|htm|csv|json|sql|nbe|xml|none)$/) {
+        nprint("+ ERROR: Invalid output format");
+        exit;
 	}
 
     if ((defined $CLI{'file'}) && ($CLI{'format'} eq "")) {
@@ -1264,7 +1264,7 @@ sub check_dbs {
                 $count++;
                 my @L = parse_csv($line);
                 if ($#L ne 3) { nprint("\t+ ERROR: Invalid syntax ($#L): $line"); next; }
-                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) { 
+                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {
                     nprint("\t+ ERROR: Duplicate Test ID: $L[0]");
                 }
                 else { $ALL_IDS{$L[0]}=1; }
@@ -1386,7 +1386,7 @@ sub check_dbs {
                 if ($L[2] =~ /[^a-e0-9]/) {
                     nprint("\t+ ERROR: Invalid Tuning Type: $line");
                 }
-                if ($L[3] =~ '^(/@|//)' && $L[0] !~ /(000396|000447|000543|000544|000545|000928|000929|001208|001373|001497|002761|002762|003029)/i) {
+                if ($L[3] =~ '^(/@|//)' && $L[0] !~ /(000396|000447|000543|000544|000545|000928|000929|001208|001373|001497|002761|002762|003029|007152)/i) {
                     nprint("\t+ ERROR: Possible incorrect slashes: $line");
                     nprint("\t+ If two or more slashes are needed for this test: Please add the ID $L[0] at line " . (__LINE__-2) . " in the nikto_core.plugin.");
                 }
@@ -1533,16 +1533,16 @@ sub check_dbs {
     # Try to grab the test IDs from plugins to check for duplicates. Not foolproof.
     nprint("Checking plugins for duplicate test IDs");
     my @pluginlist = dirlist("$CONFIGFILE{'PLUGINDIR'}", '\.plugin$');
-    foreach my $pf (@pluginlist) { 
+    foreach my $pf (@pluginlist) {
 	open(PF,"<$CONFIGFILE{'PLUGINDIR'}/$pf") || die print STDERR "+ ERROR: Unable to open '$file': $@\n";
 	my @file=<PF>;
 	close(PF);
   	my @adds= grep(/add_vulnerability\(/, @file);
-	foreach my $addv (@adds) { 
+	foreach my $addv (@adds) {
 		chomp($addv);
 		my @bits = parse_csv($addv);
 		$bits[2] =~ s/\s+//g;
-		if ($bits[2] =~ /^[\d]+$/) { 
+		if ($bits[2] =~ /^[\d]+$/) {
                 	if (($bits[2] ne 0) && exists($ALL_IDS{$bits[2]})) {
                         nprint("\t+ ERROR: Duplicate Test ID: $bits[2]");
                         }
@@ -1551,8 +1551,8 @@ sub check_dbs {
 		}
 	}
 
-    # Look for bad/invalid IDs 
-    foreach my $id (keys %ALL_IDS) { 
+    # Look for bad/invalid IDs
+    foreach my $id (keys %ALL_IDS) {
 	chomp($id);
 	next if (($id eq 0) || ($id eq '') || ($id eq 'nikto_id'));
 	if ($id =~ /[^\d]/) { nprint("+ERROR: Invalid test ID: $id"); next; }
@@ -1562,7 +1562,7 @@ sub check_dbs {
     # Suggest some open IDs
     my $open=();
     my $id='000001';
-    while ($#open < 6) { 
+    while ($#open < 6) {
                 if (!exists($ALL_IDS{$id})) { push(@open,$id); }
  		$id++;
 		}
@@ -1712,15 +1712,15 @@ sub load_plugins {
                 push(@PLUGINS, $pluginhash);
                 nprint("- Loaded \"$pluginhash->{full_name}\" plugin.", "v");
             }
-           else { 
+           else {
 		nprint("WARNING: No init found for $plugin_name\n","d");
 		}
         }
     }
     $CONFIGFILE{'@@ALL'} = join(';', @all_names);
     my @torun = split(/;/, expand_pluginlist($CLI{'plugins'}, 0));
     # Force-enable report plugins if needed
-    if (($CLI{'file'} ne '') && ($CLI{'plugins'} =~/\@NONE/)) { 
+    if (($CLI{'file'} ne '') && ($CLI{'plugins'} =~/\@NONE/)) {
 	push(@torun,'report_csv') if $CLI{'file'} =~ /csv/i;
 	push(@torun,'report_json') if $CLI{'file'} =~ /json/i;
 	push(@torun,'report_html') if $CLI{'file'} =~ /html?/i;
@@ -1883,7 +1883,7 @@ sub report_head {
                                          summary    => $plugin->{report_summary},
                                          handle     => $handle,
                                          };
-                                         
+
                     push(@REPORTS, $report_entry);
                 }
             }
@@ -1963,11 +1963,11 @@ sub check_updates {
     my $server       = "CIRT.net";
 
 	nprint("-update is deprecated in git versions of Nikto; please pull directly from git.");
-	
+
     # set up our mark
     my %mark = ('ident' => $server,
                 'ssl'   => 1,
-                'port'  => 443 
+                'port'  => 443
                 );
 
     for (my $i = 0 ; $i <= $#ARGV ; $i++) {
@@ -2321,20 +2321,20 @@ sub running_average {
         }
 
 #######################################################################
-sub running_average_print { 
+sub running_average_print {
 	use List::Util qw(sum);
 	my $message;
 	my ($mark) = @_;
 	my @data = @{$mark->{'running_avg'}};
 	my $elements=$#data;
 	$elements++;
-	if ($elements eq 100 ) { 
+	if ($elements eq 100 ) {
 		my $s = sum(@data);
 		my $avg = $s / $elements;
 		$avg = sprintf("%.5f", $avg);
 		$message = "100 requests: $avg sec, ";
 		}
-	if ($elements > 10) { 
+	if ($elements > 10) {
 		@data=splice(@data,9);
 		my $s = sum(@data);
 		$elements=$#data;
@@ -2345,7 +2345,7 @@ sub running_average_print {
 		}
 
 	if ($message eq '') { $message="Not enough data"; }
-	return "Running average: $message.";	
+	return "Running average: $message.";
 	}
 
 #######################################################################
@@ -2399,7 +2399,7 @@ sub nfetch {
         $request{'whisker'}->{'version'} = $httpver;
     }
 
-    if ($flags->{'nohost'}) { 
+    if ($flags->{'nohost'}) {
 		$request{'whisker'}->{'host'} = $mark->{'ip'};
 	}
 
@@ -2464,7 +2464,7 @@ sub nfetch {
             $mark->{'ssl_cert_issuer'}  = $result{'whisker'}->{'ssl_cert_issuer'};
             $mark->{'ssl_cert_subject'} = $result{'whisker'}->{'ssl_cert_subject'};
             # ssl_cert_altnaems comes back as an array
-            foreach my $n (@{$result{'whisker'}->{'ssl_cert_altnames'}}) { 
+            foreach my $n (@{$result{'whisker'}->{'ssl_cert_altnames'}}) {
 		next if $n =~ /^[\d]+$/; # type
 		$mark->{'ssl_cert_altnames'} .= "$n, ";
 		}
@@ -2647,7 +2647,7 @@ sub parse_csv {
     return @new;
 }
 #######################################################################
-sub check_modules { 
+sub check_modules {
     # Check dependencies
     eval "require JSON::PP";
     if ($@) {
@@ -2746,7 +2746,7 @@ sub send_updates {
     # set up our mark
     my %mark = ('ident' => 'cirt.net',
                 'ssl'   => 1,
-                'port'  => 443 
+                'port'  => 443
                 );
 
     for (my $i = 0 ; $i <= $#ARGV ; $i++) {
@@ -2776,7 +2776,7 @@ sub send_updates {
         ($code, $content) = nfetch(\%mark, "/nikto-updates.php?version=$upd_enc", "GET");
     }
 
-    if ($code != 200) { 
+    if ($code != 200) {
 	nprint("+ ERROR $code: Update failed, please notify sullo\@cirt.net of this code.");
 	}
     elsif ($content !~ /SUCCESS/) {
@@ -2898,7 +2898,7 @@ sub usage {
        -no404              Disables 404 checks
        -Plugins+           List of plugins to run (default: ALL)
        -port+              Port to use (default 80)
-       -root+              Prepend root value to all requests, format is /directory 
+       -root+              Prepend root value to all requests, format is /directory
        -ssl                Force ssl mode on port
        -Tuning+            Scan tuning
        -timeout+           Timeout for requests (default 10 seconds)
@@ -2910,7 +2910,7 @@ sub usage {
 	Note: This is the short help output. Use -H for full help text.\n\n";
     }
 
-    check_modules(); 
+    check_modules();
 
     exit;
 }
@@ -3009,7 +3009,7 @@ sub add_vulnerability {
                     response => $response,
                     reason   => $reason,
                     );
-                    
+
     push(@RESULTS, $resulthash);
     $mark->{total_vulns}++;
 
@@ -3214,7 +3214,7 @@ sub gmt_offset {
 sub expand_range {
 	local $" = '..';
     my (@range);
-	
+
 	sort {$a <=> $b}
 		map {
 			map {