Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #VERSION,2.01
- ###############################################################################
- # Copyright (C) 2014 Chris Sullo
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; version 2
- # of the License only.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to
- # Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- ###############################################################################
- # PURPOSE:
- # Check for the bash 'shellshock' vulnerability
- ###############################################################################
- sub nikto_shellshock_init {
- my $id = { name => "shellshock",
- full_name => "shellshock",
- author => "sullo",
- description => "Look for the bash 'shellshock' vulnerability.",
- hooks => { scan => { method => \&nikto_shellshock, weight => 20 }, },
- copyright => "2014 Chris Sullo",
- options => { uri => "uri to assess", },
- };
- return $id;
- }
- sub nikto_shellshock {
- my ($mark, $parameters) = @_;
- my ($found, @names,);
- # This would be better coming from live scan results and not db_variables
- my @files = split(/ /, $VARIABLES{"\@SHELLSHOCK"});
- push(@files, "");
- my %headers;
- $headers{'User-Agent'} = '() { :; }; echo Nikto-Added-CVE-2014-6271: true;echo;echo;';
- $headers{'Referer'} = '() { _; } >_[$($())] { echo Nikto-Added-CVE-2014-6278: true; echo;echo; }';
- my @dirs = split(/ /, $VARIABLES{'@CGIDIRS'});
- push(@dirs, "/");
- #check for FP... error in page
- my $checkcontent=1;
- my ($res, $content, $error, $request, $response) = nfetch($mark, "/", "GET", "", \%headers, "", "shellshock");
- if ($content =~ /Nikto-Added-CVE/) {
- $checkcontent=0;
- nprint("Content seems to contain error headers, ignoring content match in shellshock plugin","v");
- }
- if (defined $parameters->{'uri'}) {
- # request by hostname
- my ($res, $content, $error, $request, $response) = nfetch($mark, "$parameters->{'uri'}", "GET", "", \%headers, "", "shellshock");
- if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
- add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999949, 112004, "GET",
- "$parameters->{'uri'}", $request, $response);
- }
- if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
- add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999948, 112004, "GET",
- "$parameters->{'uri'}", $request, $response);
- }
- }
- else {
- foreach my $cgidir (@dirs) {
- foreach my $file (@files) {
- return if $mark->{'terminate'};
- # request by hostname
- my ($res, $content, $error, $request, $response) = nfetch($mark, "$cgidir$file", "GET", "", \%headers, "", "shellshock");
- if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
- add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999947, 112004, "GET",
- "$cgidir$file", $request, $response);
- }
- if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
- add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999946, 112004, "GET",
- "$cgidir$file", $request, $response);
- }
- }
- }
- }
- }
- 1;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement