profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/eschultze/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

eschultze/URLextractor 344

Information gathering & website reconnaissance | https://phishstats.info/

eschultze/phishstats-api-network 24

Visualize networks of phishing by querying the phishstats.info API

OWASP/www-chapter-porto-alegre 3

OWASP Foundation Web Respository

eschultze/awesome-osint 2

:scream: A curated list of amazingly awesome OSINT

eschultze/awesome-malware-analysis 1

A curated list of awesome malware analysis tools and resources.

eschultze/awesome-security 0

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

eschultze/MISP 0

MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)

eschultze/nuclei-templates 0

Community curated list of templates for the nuclei engine to find a security vulnerability in application.

eschultze/owasp.github.io 0

OWASP Foundation main site repository

issue commentsullo/nikto

IPv6

Definitely need someone to test this @richardleach or @drwetter!

Please also check with -D S to see if the v6 address is properly scrubbed (replaced with ::) in the displayed output. Please also test with -D DS to ensure the debug output is scrubbed.

Thanks!

drwetter

comment created time in 42 minutes

push eventsullo/nikto

sullo

commit sha e845daf9d088f817c0b5b6c65f3556a40b7e1cd1

Scrub IPv6 Addresses properly: #489 and #687

view details

push time in 43 minutes

issue closedsullo/nikto

Bug: Debug stripping missed an entry

Expected behavior

References to target domain should be stripped

Actual behavior

References were left in the whisker object when the host value was set to a different value.

Steps to reproduce

  1. Run with -D DS
  2. Check the output and look for the host that was being scanned.
D:Thu Jul 16 05:28:47 2020 'Request Hash' = {
    'Connection' => 'Keep-Alive',
    'whisker' => {
        'trailing_slurp' => 0, 
        'force_bodysnatch' => 0, 
        'ignore_duplicate_headers' => 0, 
        'http_eol' => "\r\n",
        'uri' => '/crossdomain.xml',
        'uri_postfix' => '',
        'lowercase_incoming_headers' => 1, 
        'invalid_protocol_return_value' => 1, 
        'uri_param_sep' => '?',
        'require_newline_after_headers' => 0, 
        'force_close' => 0, 
        'normalize_incoming_headers' => 1, 
        'ssl' => 0, 
        'ssl_save_info' => 1, 
        'http_space2' => ' ',
        'include_host_in_uri' => 1, 
        'version' => '1.1',
        'protocol' => 'HTTP',
        'proxy_port' => 8080, 
        'force_open' => 0, 
        'max_size' => 750000,
        'http_space1' => ' ',
        'ssl_rsacertfile' => undef,
        'MAGIC' => 31339,
        'method' => 'GET',
        'uri_prefix' => '',
        'port' => 80,
        'proxy_host' => 'localhost',
        'retry' => 0, 
        'timeout' => 10,
        'keep-alive' => 1, 
        'ssl_certfile' => undef,
        'host' => '< this isn't redacted >'
    },    
    'User-Agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0',
    'host' => 'example.com'
};

Nikto version

Run:

./nikto.pl -Version

Latest from Git this morning.

Further technical info

There were also lots references left in location fields and body text from redirects where the site did a 301 or 302 and specified the full URL. Probably not much you can do about the body text as that is likely to reveal info even if you remove the hostname, but checking location headers is probably worth thinking about.

Or putting an extra comment in here to tell people to manually check the log before sending it in.

closed time in an hour

digininja

push eventsullo/nikto

sullo

commit sha 880f02788bfba7abd7c66f7c226cd65bd928af65

Fix #687 - scrubbing of target details from output scrub() is now called with two arguments: first - value to scrub second - array of values to scrub nprint now accepts an arbitrary number of scrub values after the first two values passed, and sends to scrub() All calls of nprint() now pass their locally scoped values of ip, hostname, and displayname Additionally, a bug where the same IP address would be reported as multiple IPs is fixed

view details

push time in an hour

startedrubycdp/cuprite

started time in 18 hours

issue openedsullo/nikto

Bug: JSON output is not valid when the target is not a webserver

Expected behavior

The json report should be valid.

Actual behavior

When nikto is run on a port where there is no webserver the output is

{"id": "000029","OSVDB": "0","url":"/","msg":"No web server found on localhost:8080"}}

At the end there too many is a }. One came from report_item and the other from report_close

Steps to reproduce

  1. Start netcat : nc -lvp 8080
  2. Run nikto: nikto -host http://localhost:8080 -ask no -o /tmp/out.json

Nikto version

---------------------------------------------------------------------------
Nikto Versions
---------------------------------------------------------------------------
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.1.6
LibWhisker                         2.5
db_404_strings                     2.003
db_content_search                  2.000
db_dictionary                      1.0
db_dir_traversal                   2.1.6
db_domino                          2.1.6
db_drupal                          1.00
db_embedded                        2.004
db_favicon                         2.010
db_headers                         2.008
db_httpoptions                     2.002
db_multiple_index                  2.005
db_outdated                        2.017
db_parked_strings                  2.001
db_realms                          2.002
db_server_msgs                     2.006
db_tests                           2.021
db_variables                       2.004
nikto_apache_expect_xss.plugin     2.04
nikto_apacheusers.plugin           2.06
nikto_auth.plugin                  2.04
nikto_cgi.plugin                   2.06
nikto_clientaccesspolicy.plugin    1.00
nikto_content_search.plugin        2.05
nikto_cookies.plugin               2.05
nikto_core.plugin                  2.1.5
nikto_dictionary_attack.plugin     2.04
nikto_dir_traversal.plugin         2.1.6
nikto_dishwasher.plugin            2.20
nikto_docker_registry.plugin       2.20
nikto_domino.plugin                2.1.6
nikto_drupal.plugin                1.00
nikto_embedded.plugin              2.07
nikto_favicon.plugin               2.09
nikto_fileops.plugin               1.00
nikto_headers.plugin               2.11
nikto_httpoptions.plugin           2.10
nikto_ms10_070.plugin              1.00
nikto_msgs.plugin                  2.07
nikto_multiple_index.plugin        2.03
nikto_negotiate.plugin             2.00
nikto_origin_reflection.plugin     2.01
nikto_outdated.plugin              2.09
nikto_parked.plugin                2.00
nikto_paths.plugin                 2.00
nikto_put_del_test.plugin          2.04
nikto_report_csv.plugin            2.07
nikto_report_html.plugin           2.06
nikto_report_json.plugin           2.00
nikto_report_nbe.plugin            2.02
nikto_report_sqlg.plugin           2.00
nikto_report_text.plugin           2.05
nikto_report_xml.plugin            2.06
nikto_robots.plugin                2.06
nikto_shellshock.plugin            2.01
nikto_siebel.plugin                1.00
nikto_sitefiles.plugin             2.00
nikto_ssl.plugin                   2.01
nikto_strutshock.plugin            2.01
nikto_tests.plugin                 2.04
---------------------------------------------------------------------------
---------------------------------------------------------------------------

created time in 19 hours

startedpuresec/sas-top-10

started time in a day

startedawslabs/aws-well-architected-labs

started time in a day

push eventKingOfBugbounty/KingOfBugBountyTips

KingOfTips

commit sha 364e1b5c43d9db580b1f8985302f36f799844813

Update Readme.md

view details

push time in a day

push eventKingOfBugbounty/KingOfBugBountyTips

KingOfTips

commit sha 7929d29b80d52b657304f12da3fd6c4ca2154cf3

Update Readme.md

view details

push time in a day

push eventKingOfBugbounty/KingOfBugBountyTips

KingOfTips

commit sha 13f23057412bf64ea56e982d2821a022ded06bab

Update Readme.md

view details

push time in a day

startedvueuse/vue-demi

started time in 3 days

PR closed enaqx/awesome-pentest

Update README.md

I added a collaboration/management tool

+1 -0

1 comment

1 changed file

missbcross

pr closed time in 3 days

pull request commentenaqx/awesome-pentest

Update README.md

This appears to be an advertisement.

missbcross

comment created time in 3 days

issue openedjivoi/awesome-osint

WhatsMyName (WebBreacher)

Useful github OSINT website for usernames.

https://github.com/WebBreacher/WhatsMyName

created time in 3 days

issue commentsullo/nikto

Bug: Low number of scans

It'll take a while for me. @konstantingoretzki ?

Was confirmed already in https://github.com/sullo/nikto/issues/719#issuecomment-835847356

drwetter

comment created time in 3 days

issue commentsullo/nikto

Feature: OPTIONSBLEED

https://github.com/hannob/snallygaster/blob/88873b4e427f495dc8ea12a7994ed2326c6781e1/snallygaster#L444-L472 could be also useful.

drwetter

comment created time in 3 days

startedferdikoomen/openapi-typescript-codegen

started time in 4 days

issue commentrahiel/telegram-send

unable to configure more than user using telegram_send

It looks like telegram-send store a single chat_id in the config file.

So I've edited the send() function of telegram_send.py to add a chat_id argument:

def send(*,
         chat_id=None, messages=None, files=None, images=None, stickers=None, animations=None, videos=None, audios=None,
         captions=None, locations=None, conf=None, parse_mode=None, silent=False, disable_web_page_preview=False,
         timeout=30):
    """Send data over Telegram. All arguments are optional.

And in the same function I've added an if statement:

if chat_id is None:
   chat_id = int(config["chat_id"]) if config["chat_id"].isdigit() else config["chat_id"]

So now I can add a specific chat_id when I send a message: telegram_send.send(chat_id=chat_id,messages=["MyMessage"])

And I retrieve all the chat_id with:

def getchatid(token):
    url = 'https://api.telegram.org/bot'+token+'/getUpdates'
    data = requests.get(url)
    js = data.json()
    chat_id = []
    for x in js['result']:
        if 'message' in x:
            chat_id.append(x['message']['from']['id'])
    return list(set(chat_id))
shukl08vk

comment created time in 4 days

issue commentrahiel/telegram-send

unable to configure more than user using telegram_send

I have the same problem, if someone has a solution I also would like to know how to deal with that.

shukl08vk

comment created time in 4 days

starteddry-rb/workshop-app

started time in 4 days

PR opened enaqx/awesome-pentest

Update README.md

I added a collaboration/management tool

+1 -0

0 comment

1 changed file

pr created time in 4 days

issue closedsullo/nikto

Bug: Low number of scans

Expected behavior

If I add -T/-Tuning options it should scan more, not less

Actual behavior + steps to reproduce

myprompt% $PATH/nikto.git/program/nikto.pl   -useragent <..>  -host <..> -Tuning 1 
[..]
+ 2463  requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2020-09-19 18:57:52 (GMT2) (12 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
myprompt% myprompt% $PATH/nikto.git/program/nikto.pl   -useragent <..>  -host <..> -Tuning 12
[..]
+ 565 requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2020-09-19 19:02:51 (GMT2) (3 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
myprompt% myprompt% $PATH/nikto.git/program/nikto.pl   -useragent <..>  -host <..> -Tuning 123
[..]
+ 530 requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2020-09-19 19:03:30 (GMT2) (2 seconds)
+ 787 requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2020-09-19 19:03:41 (GMT2) (3 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
myprompt% myprompt% $PATH/nikto.git/program/nikto.pl   -useragent <..>  -host <..> -Tuning 23
+ 787 requests: 0 error(s) and 8 item(s) reported on remote host
+ End Time:           2020-09-19 19:03:41 (GMT2) (3 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Nikto version

freshly pulled from github


I used always the negated version before (-T x<numbers> and just to be more clear I wanted to change that. Do I or nikto miss something?

closed time in 5 days

drwetter

issue closedsullo/nikto

Bug: More Tuning options result in less results

Expected behavior

Scanning with -T 12 should contain the results for -T 1 and -T 2.

Actual behavior

If I combine both scan types via scan tuning I do not get any finding at all (I've got them if I only do one after another) and less request are made.

Steps to reproduce

  1. Use any system to scan. I use a local docker container of the dvwa image, so: docker run --rm -it -p 80:80 vulnerables/web-dvwa
  2. Scan via nikto:
  • T1: sudo docker run --net=host --rm sullo/nikto -h http://localhost:80 -Tuning 1

    ...
    + /login.php: Admin login page/section found.
    + 2151 requests: 0 error(s) and 6 item(s) reported on remote host
    + End Time:           2021-04-24 00:55:27 (GMT0) (3 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested
    ...
    
  • T2: sudo docker run --net=host --rm sullo/nikto -h http://localhost:80 -Tuning 2

    ...
    + OSVDB-3268: /config/: Directory indexing found.
    + OSVDB-3268: /docs/: Directory indexing found.
    + /.gitignore: .gitignore file found. It is possible to grasp the directory structure.
    + 1238 requests: 0 error(s) and 8 item(s) reported on remote host
    + End Time:           2021-04-24 00:56:51 (GMT0) (2 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested
    
  • T12: sudo docker run --net=host --rm sullo/nikto -h http://localhost:80 -Tuning 12

    ...
    !!no /login.php or /config/ , /docs/ and /.gitignore found!!
    + 493 requests: 0 error(s) and 5 item(s) reported on remote host
    + End Time:           2021-04-24 00:58:33 (GMT0) (2 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested
    
  1. Compare all scan results.

Nikto version

I've used nikto via the self-build docker version and also the preinstalled version on Kali Linux. Both are Nikto v2.1.6. Same result with both installations.

Last commit of the git version:

commit d27173173bebac29fa89ef3a493febab16594a12 (HEAD -> master, origin/master, origin/HEAD)
Author: sullo <sullo@cirt.net>
Date:   Thu Apr 8 16:13:22 2021 -0400

    Uncomment report-to so it's not reported #717

Further technical info

I've compared some outputs via -D D. Not sure if I can naively can compare these outputs, but for me it's noticable that there are scans / results missing compared to doing the scans sequently.

nikto -h http://localhost:80 -Tuning 12 -D D > combined.txt
nikto -h http://localhost:80 -Tuning 1 -D D > one.txt    
nikto -h http://localhost:80 -Tuning 2 -D D > two.txt
                                                                            
wc -l combined.txt                        
> 28834 combined.txt
                                                                            
wc -l one.txt                                        
> 147035 one.txt
                                                                            
wc -l two.txt 
> 81553 two.txt

cat combined.txt | grep .gitignore
> $? is 1 - no match
cat one.txt | grep .gitignore
> $? is 1 - no match                                                                         
cat two.txt | grep .gitignore                                   
>                'uri' => '/.gitignore',
>                'uri_requested' => '/.gitignore',
>                'uri' => '/.gitignore',
> + /.gitignore: .gitignore file found. It is possible to grasp the directory structure.

Further info

Not sure if this is the same as #700 as I am not 100% sure if I have understood @drwetter correctly.

closed time in 5 days

konstantingoretzki

issue commentsullo/nikto

Feature: OPTIONSBLEED

Interesting bug. The only idea I can think of to check for this would be to assume that all actual HTTP methods would match /^[A-Z]+$/. Anything in the Allow header that doesn't match that pattern would have to alert.

Sounds good. I believe one comma should be added and the pattern seems to require extra care: Allow: POST,OPTIONS,GET,HEAD should be ok (including maybe some spaces). However others are not ok: (taken from https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html): Allow: ,GET,,,POST,OPTIONS,HEAD,, or Allow: GET,HEAD,OPTIONS,,HEAD,,HEAD,,HEAD,,

Maybe I am missing something but the alternative you suggested doesn't sound so difficult:

Standard methods: GET, POST, HEAD, PUT, PATCH, DELETE, TRACE, OPTIONS, CONNECT (~from old HTTP.1.1 standard) WebDAV: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK

In addition: https://datatracker.ietf.org/doc/html/rfc7237#section-3

I believe a list of possible methods would need a while to be implemented correctly but seems a real

drwetter

comment created time in 5 days

issue commentsullo/nikto

Bug: Low number of scans

It'll take a while for me. @konstantingoretzki ?

drwetter

comment created time in 5 days

PR opened jivoi/awesome-osint

Update README.md

Add Licenseplates

+1 -0

0 comment

1 changed file

pr created time in 5 days

startedoruga-ui/oruga

started time in 5 days

startedOTRF/OSSEM

started time in 5 days

PR opened jivoi/awesome-osint

Add Intelligence X
+1 -0

0 comment

1 changed file

pr created time in 5 days