Skip to content

Commit

Permalink
More complete fix compared to 890e895 for target names that have an u…
Browse files Browse the repository at this point in the history 
…nderscore:

- no more temporary hash; now it directly sets %markhash
- more efficient code
- better defaults and error checking
  • Loading branch information
Sullo committed Sep 27, 2024
1 parent 890e895 commit 8112c38
Showing 1 changed file with 20 additions and 48 deletions.
68 changes: 20 additions & 48 deletions program/plugins/nikto_core.plugin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1253,12 +1253,11 @@ sub set_targets {
}
}

# Now parse the list of checkhosts, store in %targs by host_-_port
my $targs = {};
# Now parse the list of checkhosts
foreach my $host (@checkhosts) {
$host =~ s/\s+//g;
if ($host eq '') { next; }
my ($defhost, $defport) = '';
my $markhash = {};

# is it a URL?
if ($host =~ /^https?:\/\//) {
Expand All @@ -1268,75 +1267,48 @@ sub set_targets {
exit 1;
}
my @hostdata = LW2::uri_split($host);

$defhost = $hostdata[2];
$defport = $hostdata[3];
$targs{ $defhost . "_-_" . $defport } = ($root ne "") ? $root : '/';
$markhash->{'ident'} = $hostdata[2];
$markhash->{'port'} = $hostdata[3];
if ($markhash->{'port'} eq '') {
if ($host =~ /^https:/) { $markhash->{'port'}=443; }
else { $markhash->{'port'}=$defaultport;}
}
$markhash->{'root'} = $root || '/';

if (($hostdata[0] ne '/') && ($hostdata[0] ne '') && ($root eq '')) {
$hostdata[0] =~ s/\/$//;
$targs{ $defhost . "_-_" . $defport } = $hostdata[0];
$markhash->{'root'} = $hostdata[0];
nprint("- Added -root value of '$hostdata[0]' from URI",
"v", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
}
}
else {
if ((index $host, '[') == 0) { # looks like accepted IPv6 format
if ($host =~ /^(\[?$LW2::IPv6_re_inc_zoneid\]?)(?:[:](\d+))?$/) {
$defhost = $1;
$defport = $2;
$markhash->{'ident'} = $1;
$markhash->{'port'} = $2;
}
else {
nprint("- ERROR: Unrecognised target host format: $host",
"", ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'}));
}
}
else {
my @h = split(/\:|\,/, $host)
; # Q. Is host,port format ever going to reach here, or will the port be incorrectly split off earlier as another host
$defhost = $h[0];
$defport = $h[1];
if (scalar @h > 2) { # Possible invalid IPv6 format has been supplied
my @h = split(/\:|\,/, $host);
if (scalar @h > 2 || $h[0] eq '') { # Possible invalid IPv6 format has been supplied
nprint(
"- ERROR: Target host '$host' contains more than one colon (:). If specifying an IPv6 target, use the [IPv6] format.",
"",
"- ERROR: Target host '$host' contains more than one colon (:). If specifying an IPv6 target, use the [IPv6] format.", "",
($mark->{'hostname'}, $mark->{'ip'}, $mark->{'displayname'})
);

# TODO skip this host if going through a file of targets
}
}
$targs{ $defhost . "_-_" . $defport } = ($root ne "") ? $root : '/';
}
}

foreach my $host (keys %targs) {
my ($h, $p) = split(/_-_/, $host);
if ($p eq '') {
foreach my $port (@ports) {
my $markhash = {};
if ($root ne '') {
$markhash->{'root'} = $root;
nprint("- Added -root value of '$root' from CLI", "v");
else {
$markhash->{'ident'} = $h[0];
$markhash->{'port'} = $h[1] || $defaultport;
}

$markhash->{'ident'} = $h;
$markhash->{'port'} = $port;
if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }
nprint("- Target:$markhash->{'ident'} port:$markhash->{'port'}",
"v",
($markhash->{'hostname'}, $markhash->{'ip'}, $markhash->{'displayname'}));
push(@marks, $markhash);
}
$markhash->{'root'} = $root || '/';
}
else {
my $markhash = {};
if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }

$markhash->{'ident'} = $h;
$markhash->{'port'} = $p;
push(@marks, $markhash);
}
push(@marks, $markhash);
}

return @marks;
Expand Down

0 comments on commit 8112c38

Please sign in to comment.