outdated.db for the nikto_outdated Plug-in
The
nikto_outdated
plug-in, as the name suggests, checks
the version of the web server as given by the
Server
: header to determine if it is outdated. It
does this by comparing the retrieved banner to the
versions in the
outdated.db
file.
It’s important to note that web servers vary in
terms of how they announce themselves in the
Server
: header. It’s easy for us
to see that Apache/1.3.26-WebDav and
apache-1.3.26
php/4.3.1 represent the same version of the
Apache web server, but
it’s challenging for the scanner to see this. The
nikto_outdated
plug-in tries to take a best guess
as to what the separators are (a space, /
,
-
, etc.) and then translates alphabetic characters
to their equivalent ASCII ordinals (as in the debug output a few
paragraphs down).
The syntax of outdated.db is as follows:
[Web Server Banner], [Current Version], [Display Message] "Apache/","Apache/2.0.47","@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Apache 1.3.28 is still maintained and considered secure."
The first entry is the string the plug-in matches on to determine if
the current line’s checks should be run. The second
entry is the version of the web server that is considered up-to-date.
The third entry is the message displayed if the version is outdated.
The @RUNNING_VER
and
@CURRENT_VER
tokens will be replaced with the
strings that their names suggest.
The logic flow of the plug-in is best illustrated by putting the program in debug mode ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.