Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Integrating nikto fingerprints on runtime
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 17 Dec 2013 00:29:14 +0200

Hi guys,

A couple of months ago i contacted Chris Sullo (also CC'ed on this mail), one of
the authors of Nikto, the great scanner which performs comprehensive tests
against web servers for multiple items. I asked permission for integrating
Nikto's large database to our http-fingerprint file. Chris told me that this is
not possible due to the licensing issues. You can read the whole response at the
bottom of this mail.

That leaves us with one choice: parsing nikto's database on runtime. I think we
are mostly interested on db_tests file of Nikto that contains the bulk of the
web test information. I wrote a patch for it that seems to work good. The patch
actually implements a new option, http-fingerprints.nikto-db-path, that takes a
path for nikto database as an argument. It then converts the records in nikto's
database into our Lua table format and adds them to our current fingerprints if
they don't exist already.

Unfortunately, while our Lua format table is pretty flexible, i got into some
limitations with our current implementation:

* It doesn't support records with more than one 'dontmatch' patterns for a
  probe.

* It doesn't support logical AND for the 'match' patterns.

* It doesn't support sending additional headers for a probe.

That means, if a nikto fingerprint needs one of the above features, it won't be
loaded. At the time of writing this, 6546 out of the 6573 Nikto fingerprints are
being loaded successfully. I believe that the best way to make our format really
flexible is by optionally providing a callback function that is called for each
probe.

You will find my patch attached. Please test it and let me know what you think.

----- Forwarded message from Sullo <sullo () cirt net> -----

Date: Tue, 17 Sep 2013 21:00:53 -0400
From: Sullo <sullo () cirt net>
To: George Chatzisofroniou <sophron () latthi com>
Subject: Re: Permission for integrating Nikto's database to Nmap

Thank you for reaching out. Unfortunately I can't grant permission to
include any of the databases with nmap/NSE due to the licensing issues.

You could potentially write a parser for it and have the user point/config
the NSE to a copy they received with Nikto--there is another tool that does
this but the name is escaping me at the moment.

Thanks again for reaching out and good luck with the project!

Regards,
Sullo


On Wed, Sep 4, 2013 at 4:25 AM, George Chatzisofroniou
<sophron () latthi com>wrote:

Hi Chris,

I'm George and i work as a Google Summer of Code Student for the Nmap
Project.
My project is titled as "Web Scanning Specialist".

I'm not sure if you are aware of the Nmap Scripting Engine. It is one of
Nmap's
most powerful features that allows users to write simple scripts in Lua to
automate a wide variety of tasks.

We have an http-enum script in NSE that parses a fingerprint file and
enumerates
directories used by popular web applications and servers. It would be
great if
we could integrate nikto's database into our current fingerprints file. I
know
nikto's database is not licensed under the GPL, that's why i'm asking your
permission.

You can see the script idea in some more detail in our wiki:

https://secwiki.org/w/Nmap/Script_Ideas#http-nikto-fingerprints

Please let me know if that's possible,

--
George Chatzisofroniou




-- 

http://cirt.net     |      http://richsec.com/

----- End forwarded message -----

-- 
George Chatzisofroniou

Attachment: integrate_nikto_fingerprints_on_runtime.diff
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]