8000 Updated nikto scanner to v2.5.0 (closes #604) by Ilyesbdlala · Pull Request #617 · secureCodeBox/secureCodeBox · GitHub
[go: up one dir, main page]
Skip to content

Updated nikto scanner to v2.5.0 (closes #604) #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Ilyesbdlala wants to merge 13 commits into from
Closed

Updated nikto scanner to v2.5.0 (closes #604) #617

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
ac25908
Changed checkout branch for nikto image
Ilyesbdlala Aug 26, 2021
d4de520
Updated parser and parser-tests for nikto 2.5.0
Ilyesbdlala Aug 26, 2021
bfb01bf
Updated test files and jest snapshots
Ilyesbdlala Aug 26, 2021
3581ffd
Change appVersion to to 2.5.0 in Chart.yaml
Ilyesbdlala Aug 26, 2021
6161b59
Updating Helm Docs
Ilyesbdlala Aug 26, 2021
c0e70b8
update nikto integration test
Ilyesbdlala Aug 27, 2021
2afbd81
update nikto snapshot
Ilyesbdlala Aug 27, 2021
68c289f
update nikto inline snapshot
Ilyesbdlala Aug 27, 2021
9374088
Fixed small typo
Ilyesbdlala Aug 30, 2021
e40ab23
Updated examples
Ilyesbdlala Aug 30, 2021
2e67620
Merge branch 'main' into bugfix/update_nikto
Ilyesbdlala Aug 31, 2021
df2c547
Removed unnecessary raw results files from nikto scanner examples folder
Ilyesbdlala Sep 3, 2021
6d7e499
Limited the findings.yaml files in nikto examples folder to 5 finding…
Ilyesbdlala Sep 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
10000
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -699,6 +699,7 @@ jobs:
with:
repository: "sullo/nikto"
path: nikto
ref: nikto-2.5.0
Copy link
Member
@nigthknight nigthknight Sep 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be great to create a variable containing the desired version to minimize the locations we have to update for a new release


- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
Expand All @@ -719,7 +720,7 @@ jobs:
with:
images: ${{ env.DOCKER_NAMESPACE }}/scanner-nikto
tag-sha: true
tag-custom: 2.1.6
tag-custom: 2.5.0
tag-semver: |
{{ version }}

Expand Down
2 changes: 1 addition & 1 deletion scanners/nikto/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ type: application
# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
version: v3.1.0-alpha1
# appVersion - Nikto doesn't really version its releases
appVersion: 2.1.6
appVersion: 2.5.0
kubeVersion: ">=v1.11.0-0"

keywords:
Expand Down
2 changes: 1 addition & 1 deletion scanners/nikto/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: "Nikto"
category: "scanner"
type: "Webserver"
state: "released"
appVersion: "2.1.6"
appVersion: "2.5.0"
usecase: "Webserver Vulnerability Scanner"
---

Expand Down
112 changes: 44 additions & 68 deletions scanners/nikto/examples/demo-bodgeit/findings.yaml
View file
Open in desktop
527D
Original file line number Diff line number Diff line change
Expand Up @@ -7,119 +7,95 @@
"name": "The anti-clickjacking X-Frame-Options header is not present.",
"description": null,
"category": "X-Frame-Options Header",
"location": "http://bodgeit/",
"location": "http://bodgeit",
"osi_layer": "NETWORK",
"severity": "LOW",
"attributes": {
"ip_address": "10.105.36.237",
"ip_address": "10.100.171.235",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"banner": "",
"method": "GET",
"port": 8080,
"niktoId": 999957
"niktoId": 999957,
"references": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"
},
"id": "9fc0b231-3a91-4976-ad59-35d59a585a38"
"id": "c8632fdf-0afd-45df-a71c-9eb5bf988c2b",
"parsed_at": "2021-08-30T15:03:12.577Z"
},
{
"name": "The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS",
"name": "The anti-clickjacking X-Frame-Options header is not present.",
"description": null,
"category": "X-XSS-Protection",
"location": "http://bodgeit/",
"category": "X-Frame-Options Header",
"location": "http://bodgeit",
"osi_layer": "NETWORK",
"severity": "LOW",
"attributes": {
"ip_address": "10.105.36.237",
"ip_address": "10.100.171.235",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"banner": "",
"method": "GET",
"port": 8080,
"niktoId": 999102
"niktoId": 999957,
"references": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"
},
"id": "fd763ddc-beaf-4bb0-91f6-334fadfaad03"
"id": "428ddc0f-e852-4ae3-afaf-3107fd57e3c3",
"parsed_at": "2021-08-30T15:03:12.577Z"
},
{
"name": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type",
"name": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.",
"description": null,
"category": "X-Content-Type-Options Header",
"location": "http://bodgeit/",
"location": "http://bodgeit",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"ip_address": "10.105.36.237",
"ip_address": "10.100.171.235",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"banner": "",
"method": "GET",
"port": 8080,
"niktoId": 999103
},
"id": "08fc1392-6da9-4d57-beb2-dc7f72bea503"
},
{
"name": "/favicon.ico file identifies this app/server as: Apache Tomcat (possibly 5.5.26 through 8.0.15), Alfresco Community",
"description": null,
"category": "Identified Software",
"location": "http://bodgeit/favicon.ico",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"ip_address": "10.105.36.237",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"method": "GET",
"port": 8080,
"niktoId": 500645
},
"id": "4a6b694c-b0ac-465e-929e-8e67cbded3a8"
},
{
"name": "Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS",
"description": null,
"category": "Nikto Finding",
"location": "http://bodgeit/",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"ip_address": "10.105.36.237",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"method": "OPTIONS",
"port": 8080,
"niktoId": 999990
"niktoId": 999103,
"references": "https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/"
},
"id": "7fe0661b-1eac-4e7c-ad02-0fa5b293700c"
"id": "49f31cc3-0a73-4460-9428-e0b85b251690",
"parsed_at": "2021-08-30T15:03:12.577Z"
},
{
"name": "HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.",
"name": "The anti-clickjacking X-Frame-Options header is not present.",
"description": null,
"category": "Nikto Finding",
"location": "http://bodgeit/",
"category": "X-Frame-Options Header",
"location": "http://bodgeit",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"severity": "LOW",
"attributes": {
"ip_address": "10.105.36.237",
"ip_address": "10.100.171.235",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"banner": "",
"method": "GET",
"port": 8080,
"niktoId": 400001
"niktoId": 999957,
"references": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"
},
"id": "f63b2cd6-cb19-43f5-a086-c5084e8b8e2b"
"id": "fecf8260-fce3-4653-b9ac-89944f5a74fb",
"parsed_at": "2021-08-30T15:03:12.577Z"
},
{
"name": "HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.",
"name": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.",
"description": null,
"category": "Nikto Finding",
"location": "http://bodgeit/",
"category": "X-Content-Type-Options Header",
"location": "http://bodgeit",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"ip_address": "10.105.36.237",
"ip_address": "10.100.171.235",
"hostname": "bodgeit",
"banner": "Apache-Coyote/1.1",
"banner": "",
"method": "GET",
"port": 8080,
"niktoId": 400000
"niktoId": 999103,
"references": "https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/"
},
"id": "237ff776-7fc1-4509-b51e-d916b3951422"
"id": "6cdb06d1-0229-41d7-b6dc-dd71f203ca0e",
"parsed_at": "2021-08-30T15:03:12.577Z"
}
]
]
57 changes: 0 additions & 57 deletions scanners/nikto/examples/demo-bodgeit/nikto-results.json
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions .../examples/demo-secureCodeBox.io/scan.yaml → ...ples/demo-docs.securecodebox.io/scan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,14 @@
apiVersion: 'execution.securecodebox.io/v1'
kind: Scan
metadata:
name: 'nikto-www.securecodebox.io'
name: 'nikto-docs.securecodebox.io'
labels:
organization: 'secureCodeBox'
spec:
scanType: 'nikto'
parameters:
- '-h'
- 'https://www.securecodebox.io'
- 'https://docs.securecodebox.io/'
- '-Tuning'
# Only enable fast (ish) Scan Options, remove attack option like SQLi and RCE. We will leave those to ZAP
- '1,2,3,5,7,b'
Loading
0