[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Unable to scan servers using HTTPS #763

Open
ElephasMax opened this issue Apr 19, 2022 · 8 comments
Open

Bug: Unable to scan servers using HTTPS #763

ElephasMax opened this issue Apr 19, 2022 · 8 comments
Labels
bug

Comments

@ElephasMax
Copy link

Expected behavior

I expected nikto to successfully connect to a https webserver to conduct its scans

Actual behavior

Received the following errors:

Linux kali 5.16.0-kali6-cloud-amd64 #1 SMP PREEMPT Debian 5.16.14-1kali2 (2022-03-23) x86_64 GNU/Linux:

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.

Linux ubuntu 5.13.0-35-generic #40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /home/elephas/nikto/program/plugins/LW2.pm line 5157.

LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 42851: 1 - ERROR_SYSCALL(-1,5) :

Steps to reproduce

  1. Clone nikto from repo using instructions in README
  2. ./nikto.pl -h https://subdomain.domain.com/random_customer_id/#/authenticate

Nikto version

Run:

./nikto.pl -Version

Nikto Versions

File Version Last Mod

Nikto main 2.1.6
LibWhisker 2.5
db_404_strings 2.003
db_content_search 2.000
db_dictionary 1.0
db_dir_traversal 2.1.6
db_domino 2.1.6
db_drupal 1.00
db_embedded 2.004
db_favicon 2.010
db_headers 2.008
db_httpoptions 2.002
db_multiple_index 2.005
db_outdated 2.017
db_parked_strings 2.001
db_realms 2.002
db_server_msgs 2.006
db_tests 2.021
db_variables 2.004
nikto_apache_expect_xss.plugin 2.04
nikto_apacheusers.plugin 2.06
nikto_auth.plugin 2.04
nikto_cgi.plugin 2.06
nikto_clientaccesspolicy.plugin 1.00
nikto_content_search.plugin 2.05
nikto_cookies.plugin 2.05
nikto_core.plugin 2.1.5
nikto_dictionary_attack.plugin 2.04
nikto_dir_traversal.plugin 2.1.6
nikto_dishwasher.plugin 2.20
nikto_docker_registry.plugin 2.20
nikto_domino.plugin 2.1.6
nikto_drupal.plugin 1.00
nikto_embedded.plugin 2.07
nikto_favicon.plugin 2.09
nikto_fileops.plugin 1.00
nikto_headers.plugin 2.11
nikto_httpoptions.plugin 2.10
nikto_ms10_070.plugin 1.00
nikto_msgs.plugin 2.07
nikto_multiple_index.plugin 2.03
nikto_negotiate.plugin 2.00
nikto_origin_reflection.plugin 2.01
nikto_outdated.plugin 2.09
nikto_parked.plugin 2.00
nikto_paths.plugin 2.00
nikto_put_del_test.plugin 2.04
nikto_report_csv.plugin 2.07
nikto_report_html.plugin 2.06
nikto_report_json.plugin 2.00
nikto_report_nbe.plugin 2.02
nikto_report_sqlg.plugin 2.00
nikto_report_text.plugin 2.05
nikto_report_xml.plugin 2.06
nikto_robots.plugin 2.06
nikto_shellshock.plugin 2.01
nikto_siebel.plugin 1.00
nikto_sitefiles.plugin 2.00
nikto_ssl.plugin 2.01
nikto_strutshock.plugin 2.01
nikto_tests.plugin 2.04

and paste the output here.

Further technical info

Will comment separately

E.g. you can obtain Nikto debug output by running -D D and redirecting to a file.
You may also scrub the output of hostnames and IPs by specifying -D DS.
@ElephasMax ElephasMax added the bug label Apr 19, 2022
@digininja
Copy link
Contributor
digininja commented Apr 19, 2022 via email

@sullo
Copy link
Owner
sullo commented Apr 20, 2022

Could you also change to the 2.5.0 branch and try again?

From the base dir of nikto, run:
git checkout nikto-2.5.0

and it should switch you.

Thanks

@ElephasMax
Copy link
Author

@digininja Yes I can curl

@sullo I get a "SSL negotiation failed" error on both Kali and Ubuntu.. I recloned the repo, checked out nikto-2.5.0, and ran "./nikto.pl -h xxxxxx"

@sullo
Copy link
Owner
sullo commented Apr 20, 2022
edited
Loading

This will tell us something, I think.

Copy nikto.conf.default to nikto.conf (in the main program directory)
Edit nikto.conf and look for this section


# Choose SSL libs:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose what's available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto

Change the last line to SSLeay and test. Then change it to SSL and test.

Forcefully choosing SSL vs SSLeay might solve the problem for you, but if not it can help us determine if it's an underlying module error or in nikto/libwhisker.

@ElephasMax
Copy link
Author

Kali:

SSLeay: No web server found on xxxxxx:443

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /var/lib/nikto/plugins/LW2.pm line 5157.
 at /var/lib/nikto/plugins/LW2.pm line 5157.
; Connection reset by peer at /var/lib/nikto/plugins/LW2.pm line 5157.
: Connection reset by peer

Ubuntu:

SSLeay:

ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 5168: 1 - ERROR_SYSCALL(-1,5)

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
 at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
; Connection reset by peer at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
: Connection reset by peer

@sullo
Copy link
Owner
sullo commented Apr 20, 2022

Thanks, that helps a lot... if maybe not enough.

If this is a public endpoint I could test that would help tremendously--you can deliver via email or twitter DM -- whatever works.

If I can't, I'd suggest running SSLTest and seeing if there are any weird results, or if you have a similar one that works try to spot a difference that may be impacting this.

Unfortunately debugging TLS/SSL connections in nikto/libwhisker/modules are some of the most difficult tasks, especially if I can't try it directly.

Note: A workaround may be to run nikto through a Burp or other proxy, which would then negotiate the connection directly to the target. See https://github.com/sullo/nikto/wiki/Annotated-Option-List if you haven't used the proxy options before.

@stappersg
Copy link

@ElephasMax in case this issue dropped from your priority list, please close it.

@ElephasMax
Copy link
Author

@sullo I haven't heard back since I sent the email. Are you still looking into it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@digininja @sullo @ElephasMax @stappersg