Integrating nikto fingerprints on runtime

[George Chatzisofroniou <sophron () latthi com>]

Hi guys,

A couple of months ago i contacted Chris Sullo (also CC'ed on this mail), one of
the authors of Nikto, the great scanner which performs comprehensive tests
against web servers for multiple items. I asked permission for integrating
Nikto's large database to our http-fingerprint file. Chris told me that this is
not possible due to the licensing issues. You can read the whole response at the
bottom of this mail.

That leaves us with one choice: parsing nikto's database on runtime. I think we
are mostly interested on db_tests file of Nikto that contains the bulk of the
web test information. I wrote a patch for it that seems to work good. The patch
actually implements a new option, http-fingerprints.nikto-db-path, that takes a
path for nikto database as an argument. It then converts the records in nikto's
database into our Lua table format and adds them to our current fingerprints if
they don't exist already.

Unfortunately, while our Lua format table is pretty flexible, i got into some
limitations with our current implementation:

* It doesn't support records with more than one 'dontmatch' patterns for a
  probe.

* It doesn't support logical AND for the 'match' patterns.

* It doesn't support sending additional headers for a probe.

That means, if a nikto fingerprint needs one of the above features, it won't be
loaded. At the time of writing this, 6546 out of the 6573 Nikto fingerprints are
being loaded successfully. I believe that the best way to make our format really
flexible is by optionally providing a callback function that is called for each
probe.

You will find my patch attached. Please test it and let me know what you think.

----- Forwarded message from Sullo <sullo () cirt net> -----

Date: Tue, 17 Sep 2013 21:00:53 -0400
From: Sullo <sullo () cirt net>
To: George Chatzisofroniou <sophron () latthi com>
Subject: Re: Permission for integrating Nikto's database to Nmap

Thank you for reaching out. Unfortunately I can't grant permission to
include any of the databases with nmap/NSE due to the licensing issues.

You could potentially write a parser for it and have the user point/config
the NSE to a copy they received with Nikto--there is another tool that does
this but the name is escaping me at the moment.

Thanks again for reaching out and good luck with the project!

Regards,
Sullo


On Wed, Sep 4, 2013 at 4:25 AM, George Chatzisofroniou
<sophron () latthi com>wrote:

> Hi Chris,
>
> I'm George and i work as a Google Summer of Code Student for the Nmap
> Project.
> My project is titled as "Web Scanning Specialist".
>
> I'm not sure if you are aware of the Nmap Scripting Engine. It is one of
> Nmap's
> most powerful features that allows users to write simple scripts in Lua to
> automate a wide variety of tasks.
>
> We have an http-enum script in NSE that parses a fingerprint file and
> enumerates
> directories used by popular web applications and servers. It would be
> great if
> we could integrate nikto's database into our current fingerprints file. I
> know
> nikto's database is not licensed under the GPL, that's why i'm asking your
> permission.
>
> You can see the script idea in some more detail in our wiki:
>
> https://secwiki.org/w/Nmap/Script_Ideas#http-nikto-fingerprints
>
> Please let me know if that's possible,
>
> --
> George Chatzisofroniou



-- 

http://cirt.net     |      http://richsec.com/

----- End forwarded message -----

-- 
George Chatzisofroniou

Attachment: integrate_nikto_fingerprints_on_runtime.diff
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/