| title | path | category | usecase | release |
|---|---|---|---|---|
Nikto |
scanner/Nikto |
scanner |
Webserver Vulnerability Scanner |
Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.
This repository contains a self contained µService utilizing the Nikto scanner for the secureCodeBox project. To learn more about the Nikto scanner itself visit cirt.net or Nikto GitHub.
To hand over supported parameters through api usage, you can set following attributes:
[
{
"name": "nikto",
"context": "some Context",
"target": {
"name": "targetName",
"location": "http://your-target.com/",
"attributes": {
"NIKTO_PORTS": "[int port]",
"NIKTO_PARAMETER": "[String parameter]" "//See official Nikto documentation"
}
}
}
]Example configuration:
[
{
"name": "nikto",
"context": "Example Test",
"target": {
"name": "BodgeIT",
"location": "bodgeit.example.com",
"attributes": {
"NIKTO_PORTS": "80",
"NIKTO_PARAMETER": ""
}
}
}
]Example Output:
{
"findings": [
{
"id": "3412b590-ceaa-47a7-b8d6-76a9d988b562",
"name": "The anti-clickjacking X-Frame-Options header is not present.",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"reference": {
"id": "OSVDB-0",
"source": "OSVDB-0"
},
"attributes": {
"http_method": "GET",
"hostname": "bodgeit.example.com",
"path": "/",
"ip_address": "192.168.0.1",
"port": 80
},
"location": "bodgeit.example.com:80/",
"false_positive": false
},
{
"id": "afab5c05-2bf3-4032-9b13-87b5978a0d34",
"name": "The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"reference": {
"id": "OSVDB-0",
"source": "OSVDB-0"
},
"attributes": {
"http_method": "GET",
"hostname": "bodgeit.example.com",
"path": "/",
"ip_address": "192.168.0.1",
"port": 80
},
"location": "bodgeit.example.com:80/",
"false_positive": false
},
{
"id": "456dd677-e777-4ec3-973d-a26bfa257a97",
"name": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type",
"osi_layer": "APPLICATION",
"severity": "INFORMATIONAL",
"reference": {
"id": "OSVDB-0",
"source": "OSVDB-0"
},
"attributes": {
"http_method": "GET",
"hostname": "bodgeit.example.com",
"path": "/",
"ip_address": "192.168.0.1",
"port": 80
},
"location": "bodgeit.example.com:80/",
"false_positive": false
}
]
}To configure this service specify the following environment variables:
| Environment Variable | Value Example |
|---|---|
ENGINE_ADDRESS |
http://engine |
ENGINE_BASIC_AUTH_USER |
username |
ENGINE_BASIC_AUTH_PASSWORD |
123456 |
- Clone the repository
- You might need to install some dependencies
gem install sinatra rest-client - Run locally
ruby src/main.rb
To run the testsuite run:
rake test
To build the docker container run:
docker build -t CONTAINER_NAME .
