API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 25th, 2019
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.41 KB | None | 0 0
raw download clone embed print report
  1. #VERSION,2.01
  2. ###############################################################################
  3. # Copyright (C) 2014 Chris Sullo
  4. #
  5. # This program is free software; you can redistribute it and/or
  6. # modify it under the terms of the GNU General Public License
  7. # as published by the Free Software Foundation; version 2
  8. # of the License only.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with this program; if not, write to
  17. # Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18. ###############################################################################
  19. # PURPOSE:
  20. # Check for the bash 'shellshock' vulnerability
  21. ###############################################################################
  22. sub nikto_shellshock_init {
  23. my $id = { name => "shellshock",
  24. full_name => "shellshock",
  25. author => "sullo",
  26. description => "Look for the bash 'shellshock' vulnerability.",
  27. hooks => { scan => { method => \&nikto_shellshock, weight => 20 }, },
  28. copyright => "2014 Chris Sullo",
  29. options => { uri => "uri to assess", },
  30. };
  31.  
  32. return $id;
  33. }
  34.  
  35. sub nikto_shellshock {
  36. my ($mark, $parameters) = @_;
  37. my ($found, @names,);
  38.  
  39.  
  40. # This would be better coming from live scan results and not db_variables
  41. my @files = split(/ /, $VARIABLES{"\@SHELLSHOCK"});
  42.  
  43. push(@files, "");
  44. my %headers;
  45. $headers{'User-Agent'} = '() { :; }; echo Nikto-Added-CVE-2014-6271: true;echo;echo;';
  46. $headers{'Referer'} = '() { _; } >_[$($())] { echo Nikto-Added-CVE-2014-6278: true; echo;echo; }';
  47. my @dirs = split(/ /, $VARIABLES{'@CGIDIRS'});
  48. push(@dirs, "/");
  49.  
  50. #check for FP... error in page
  51. my $checkcontent=1;
  52. my ($res, $content, $error, $request, $response) = nfetch($mark, "/", "GET", "", \%headers, "", "shellshock");
  53. if ($content =~ /Nikto-Added-CVE/) {
  54. $checkcontent=0;
  55. nprint("Content seems to contain error headers, ignoring content match in shellshock plugin","v");
  56. }
  57.  
  58. if (defined $parameters->{'uri'}) {
  59.  
  60. # request by hostname
  61. my ($res, $content, $error, $request, $response) = nfetch($mark, "$parameters->{'uri'}", "GET", "", \%headers, "", "shellshock");
  62. if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
  63. add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999949, 112004, "GET",
  64. "$parameters->{'uri'}", $request, $response);
  65. }
  66. if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
  67. add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999948, 112004, "GET",
  68. "$parameters->{'uri'}", $request, $response);
  69. }
  70. }
  71. else {
  72. foreach my $cgidir (@dirs) {
  73. foreach my $file (@files) {
  74. return if $mark->{'terminate'};
  75.  
  76. # request by hostname
  77. my ($res, $content, $error, $request, $response) = nfetch($mark, "$cgidir$file", "GET", "", \%headers, "", "shellshock");
  78. if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
  79. add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999947, 112004, "GET",
  80. "$cgidir$file", $request, $response);
  81. }
  82. if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
  83. add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999946, 112004, "GET",
  84. "$cgidir$file", $request, $response);
  85. }
  86. }
  87. }
  88. }
  89. }
  90.  
  91. 1;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!