--- nikto-2.03.orig/debian/changelog +++ nikto-2.03/debian/changelog @@ -0,0 +1,199 @@ +nikto (2.03-1) unstable; urgency=low + + * New Upstream Version + * Update to Standards-Version 3.8. No changes required. + * Add Vcs-* fields to debian/control + * Convert debian/copyright to machine readable format + + -- Vincent Bernat Sat, 13 Sep 2008 18:56:28 +0200 + +nikto (2.02-1) unstable; urgency=low + + * New upstream release (Closes: #410495, #474602) + + Depends on libwhisker2-perl + + Relicensed to GPLv2 only + * Nikto is non-free, debian/copyright have been updated accordingly + * Adopt the package (Closes: #434392) + * In debian/control: + + Add Homepage field + + Bump Standards-Version + + Move debhelper to Build-Depends because it is needed in the clean + target + + Depend on debhelper 5 (and bumps debian/compat) + * Use dpatch instead of diff.gz for changes to config.txt and nikto.pl + * Use of dh_installman to install the manual page and write a new + simpler one pointing to the documentation in /usr/share/doc. This + fixes the typo that was present in the old manual page (Closes: #383050) + * Don't ship nikto.pl (as asked by section 10.4 of Policy Manual) + * Add debian/watch file + * Move plugins in /var/lib/nikto since they can be updated and provide a + symlink for /usr/share/nikto. + + -- Vincent Bernat Mon, 24 Mar 2008 08:42:20 +0100 + +nikto (1.35-2) unstable; urgency=low + + * Acknowledging NMU. + * Orphaning package and changing maintainer accordingly. + + -- Thomas Seyrat Mon, 23 Jul 2007 16:55:21 +0200 + +nikto (1.35-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * When writing HTML output, be sure to sanitize the server string received + from the server to avoid XSS. (The upstream “fix” is really insufficient, + as it only prints a warning.) (Really closes: #327339) + + -- Steinar H. Gunderson Tue, 12 Sep 2006 00:11:45 +0200 + +nikto (1.35-1) unstable; urgency=low + + * New upstream release (closes: #327339) + * Bumped Standards-Version to 3.6.2 + * Updated upstream URL + * Moved upstream CHANGES.txt to /usr/share/nikto/plugins so it can + be updated by nikto -update, and link it from /usr/share/doc/nikto/ + * Updated plugins and databases as of 20050928. + + -- Thomas Seyrat Wed, 28 Sep 2005 10:37:14 +0200 + +nikto (1.34-1) unstable; urgency=low + + * New upstream release (closes: #302728) + - Updated plugins and databases as of 20050417. + * Fixed manpage bug (closes: #302770) + + -- Thomas Seyrat Sun, 17 Apr 2005 13:49:01 +0200 + +nikto (1.32-1) unstable; urgency=low + + * New upstream release (closes: #238352) + - Updated plugins and databases as of 20040423. + * Suggests: nmap + + -- Thomas Seyrat Fri, 23 Apr 2004 11:24:44 +0200 + +nikto (1.30-3) unstable; urgency=low + + * Updated plugins and databases as of 20030910. + * Bumped Standards-Version to 3.6.1 + + -- Thomas Seyrat Wed, 10 Sep 2003 23:58:21 +0200 + +nikto (1.30-2) unstable; urgency=low + + * Added some sort of a manpage generated from nikto_usage.txt using + txt2man. It's buggy, but better than nothing. (closes: #165707) + * Added a short usage information line when only "nikto" is invoked in + order to "convey rapidly all the needed information for a first test + run of the program." (closes: #169087) + * Somewhat updated plugins and databases. + * Lower-cased first letter of short description. + + -- Thomas Seyrat Fri, 6 Jun 2003 18:17:10 +0200 + +nikto (1.30-1) unstable; urgency=low + + * New upstream release + * Bumped Standards-Version to 3.5.10 + + -- Thomas Seyrat Tue, 3 Jun 2003 12:35:26 +0200 + +nikto (1.23-3) unstable; urgency=low + + * plugins_order.txt file was not included. (thanks Javier + Fernandez-Sanguino Peña) (closes: #178082) + * Patched nikto.pl to die if the plugins_order file is not + present. + * Don't link missing man pages to undocumented(7) anymore. + + -- Thomas Seyrat Fri, 7 Feb 2003 15:03:05 +0100 + +nikto (1.23-2) unstable; urgency=low + + * 1.23-1 simply did not work. Thanks Steffen Roecker. (closes: #176039) + + -- Thomas Seyrat Fri, 10 Jan 2003 08:46:25 +0100 + +nikto (1.23-1) unstable; urgency=low + + * New upstream version + - Added Javier Fernandez-Sanguino Peña's Apache user enumeration + plugin (closes: #155755) + - Updated checks database (closes: #162178) + * Bumped Standards-Version to 3.5.8 + + -- Thomas Seyrat Tue, 7 Jan 2003 11:05:02 +0100 + +nikto (1.21-3) unstable; urgency=low + + * Updated plugins and databases as of 20021016. + * Bumped Standards-Version to 3.5.7 + + -- Thomas Seyrat Wed, 16 Oct 2002 10:54:10 +0200 + +nikto (1.21-2) unstable; urgency=low + + * Added plugin and patch from Javier Fernandez-Sanguino Peña to + bruteforce ~user directories. (closes: #155755) + + -- Thomas Seyrat Tue, 24 Sep 2002 16:06:39 +0200 + +nikto (1.21-1) unstable; urgency=low + + * New upstream version + * nikto.pl is now the main program, and nikto is a link to it to + keep compatibility with upstream. (closes: #159502) + + -- Thomas Seyrat Wed, 4 Sep 2002 14:54:12 +0200 + +nikto (1.20-2) unstable; urgency=low + + * Applied patch from Javier Fernandez-Sanguino Peña : (closes: #156544) + - Default config specifies a proxy server + - Fixed patch from #155758 + + -- Thomas Seyrat Tue, 13 Aug 2002 15:47:40 +0200 + +nikto (1.20-1) unstable; urgency=low + + * New upstream release + + -- Thomas Seyrat Mon, 12 Aug 2002 02:35:34 +0200 + +nikto (1.10-3) unstable; urgency=low + + * Applied fixes from Javier Fernandez-Sanguino Peña : + - Wrong option shown in usage (closes: #155756) + - Port test would not work when using proxy (closes: #155758) + * Updated plugins and databases as of 20020811. + + -- Thomas Seyrat Sun, 11 Aug 2002 16:36:12 +0200 + +nikto (1.10-2) unstable; urgency=low + + * Updated plugins and databases as of 20020630. + + -- Thomas Seyrat Sun, 30 Jun 2002 14:12:39 +0200 + +nikto (1.10-1) unstable; urgency=low + + * New upstream release + * Plugins and databases as of 20020603. + + -- Thomas Seyrat Mon, 3 Jun 2002 15:58:33 +0200 + +nikto (1.1beta3-1) unstable; urgency=low + + * New upstream release. + * Downgraded priority from 'optional' to 'extra'. + * Fixed type in debian/control. + + -- Thomas Seyrat Wed, 24 Apr 2002 10:01:41 +0200 + +nikto (1.1beta2-1) unstable; urgency=low + + * Initial Release. (closes: #131256) + + -- Thomas Seyrat Mon, 22 Apr 2002 16:43:28 +0200 --- nikto-2.03.orig/debian/rules +++ nikto-2.03/debian/rules @@ -0,0 +1,55 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 + +INSTALLB := install -o0 -g0 -m 0755 +INSTALLF := install -o0 -g0 -m 0644 +INSTALLD := install -o0 -g0 -d + +TARGET := debian/nikto + +include /usr/share/dpatch/dpatch.make + +clean: clean-patched unpatch +clean-patched: + dh_testdir + dh_testroot + dh_clean + +build: patch + +install: + dh_testdir + dh_testroot + dh_clean + dh_installdirs + + $(INSTALLF) config.txt $(TARGET)/etc/nikto/ + $(INSTALLF) plugins/* $(TARGET)/var/lib/nikto/plugins/ + $(INSTALLF) docs/CHANGES.txt $(TARGET)/var/lib/nikto/plugins/ + $(INSTALLB) nikto.pl $(TARGET)/usr/bin/nikto + + # We depends on libwhisker2-perl so we don't need to ship this one + -rm -f $(TARGET)/var/lib/nikto/plugins/LW2.pm + + # Uncomment this to remove non-free stuff + # rm $(TARGET)/var/lib/nikto/plugins/db_* + +binary-arch: binary-indep + +binary-indep: install + dh_testdir + dh_testroot + dh_installdocs + dh_installman debian/nikto.1 + dh_installchangelogs docs/CHANGES.txt + dh_link + dh_compress + dh_fixperms + dh_installdeb + dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: clean clean-unpatch binary-arch binary-indep binary install patch unpatch --- nikto-2.03.orig/debian/nikto.dirs +++ nikto-2.03/debian/nikto.dirs @@ -0,0 +1,4 @@ +usr/bin +var/lib/nikto/plugins +etc/nikto +usr/share/man/man1 --- nikto-2.03.orig/debian/compat +++ nikto-2.03/debian/compat @@ -0,0 +1 @@ +5 --- nikto-2.03.orig/debian/nikto.1 +++ nikto-2.03/debian/nikto.1 @@ -0,0 +1,106 @@ +.\" Hey, EMACS: -*- nroff -*- +.TH NIKTO 1 "2008-03-26" +.SH NAME +nikto \- web security scanner +.SH SYNOPSIS +.B nikto +.RI \fB\-h\fR\ \fIhost\fR\ [\fIoptions\fR] +.SH DESCRIPTION +\fBnikto\fP is a web server assessment tool. It is designed to find +various default and insecure files, configurations and programs on any +type of web server. It is designed to find many types of web server +problems including server and software misconfigurations, default +files and programs, insecure files and programs and outdated servers +and programs. +.SH OPTIONS +You can find complete documentation of all options in the file +.I /usr/share/doc/nikto/nikto_manual.html +. +.TP +.B \-h, \-host +Host(s) to target. Can be an IP address, hostname or text file of hosts. +.TP +.B \-Cgidirs +Scan these CGI directories in place of those specified in config.txt. +.TP +.B \-config +Specify an alternative config file in place of +.I /etc/nikto/config.txt +.TP +.B \-dbcheck +Check the scan databases for syntax errors. +.TP +.B \-evasion +Specify the LibWhisker IDS evasion technique to use. See the complete +manual for possible values. +.TP +.B \-findonly +Only discover HTTP(S) port and server headers. +.TP +.B \-Format +Save the output file in one of the specified format (csv, htm, txt or xml). +.TP +.B \-id +ID and password to use for authentication. +.TP +.B \-mutate +Specify mutation technique. See the complete manual for possible values. +.TP +.B \-nolookup +Do not perform name lookups on IP addresses. +.TP +.B \-output +Write report to the specified file. +.TP +.B \-p, \-port +Which port(s) to test. Default to 80. +.TP +.B \-Pause +Delay in seconds between each test. +.TP +.B \-Display +Control the output of Nikto. See the complete manual, chapter 5, for +possible values. +.TP +.B \-root +Prepend the specified value to the beginning of every request. +.TP +.B \-ssl +Only test SSL on the ports specified. +.TP +.B \-Single +Perform a single request. See the complete manual for more information. +.TP +.B \-timeout +Delay in seconds before timeout. +.TP +.B \-Tuning +Specify which kind of tests to run against target. See the complete +manual for possible values. +.TP +.B \-update +Update the plugins and databases from cirt.net. +.TP +.B \-useproxy +Use the HTTP proxy defined in config.txt. +.TP +.B \-Version +Display versions of Nikto, plugins and database. +.TP +.B \-vhost +Specify the Host header to be sent with each request. +.TP +.B \-Help +Display extended help information. +.SH FILES +.TP +.I /etc/nikto/config.txt +Configuration file for nikto +.TP +.I /var/lib/nikto/plugins +Plugins for nikto +.SH AUTHOR +nikto was written by Chris Sullo. +.PP +This manual page was written by Vincent Bernat , +for the Debian project (but may be used by others). --- nikto-2.03.orig/debian/watch +++ nikto-2.03/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://cirt.net/nikto/nikto-([\d\.]+).tar.gz --- nikto-2.03.orig/debian/copyright +++ nikto-2.03/debian/copyright @@ -0,0 +1,38 @@ +This package was debianized by Thomas Seyrat on +Mon, 22 Apr 2002 16:19:45 +0200. + +This package was downloaded from + +Files: * +Copyright: © 2001, 2002 Chris Sullo +License: GPL-2 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License only. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + +Files: debian/* +Copyright: © 2002 Thomas Seyrat + © 2008 Vincent Bernat +License: GPL-2+ + +Files: plugins/db_* +Copyright: © 2007 CIRT, Inc. +License: other + The license is non-free. + + This file may only be distributed and used with the full Nikto + package. This file may not be used with any software product + without written permission from CIRT, Inc. (c) 2007 CIRT, Inc., + All Rights Reserved. + + By sending any database updates to CIRT, Inc., it is assumed + that you grant CIRT, Inc., the unlimited, non-exclusive right to + reuse, modify and relicense the changes. + +On Debian systems, the complete text of the GNU General Public License +can be found in `/usr/share/common-licenses/GPL`. --- nikto-2.03.orig/debian/control +++ nikto-2.03/debian/control @@ -0,0 +1,26 @@ +Source: nikto +Section: non-free/net +Priority: extra +Maintainer: Vincent Bernat +Build-Depends: debhelper (>= 5.0.0), dpatch +Standards-Version: 3.8.0 +Homepage: http://cirt.net/nikto2 +Vcs-Browser: http://git.debian.org/?p=collab-maint/nikto.git +Vcs-Git: git://git.debian.org/git/collab-maint/nikto.git + +Package: nikto +Architecture: all +Depends: ${perl:Depends}, libwhisker2-perl, libnet-ssleay-perl +Suggests: nmap +Description: web server security scanner + Nikto is a pluggable web server and CGI scanner written in Perl, using + rfp's LibWhisker to perform fast security or informational checks. + . + Features: + - Easily updatable CSV-format checks database + - Output reports in plain text or HTML + - Available HTTP versions automatic switching + - Generic as well as specific server software checks + - SSL support (through libnet-ssleay-perl) + - Proxy support (with authentication) + - Cookies support --- nikto-2.03.orig/debian/nikto.docs +++ nikto-2.03/debian/nikto.docs @@ -0,0 +1 @@ +docs/nikto_manual.html --- nikto-2.03.orig/debian/nikto.links +++ nikto-2.03/debian/nikto.links @@ -0,0 +1,2 @@ +var/lib/nikto/plugins/CHANGES.txt usr/share/doc/nikto/CHANGES.txt +var/lib/nikto usr/share/nikto --- nikto-2.03.orig/debian/patches/01path.dpatch +++ nikto-2.03/debian/patches/01path.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01path.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix paths to be compatible with Debian installation + +@DPATCH@ + +--- nikto/nikto.pl~ 2008-01-10 20:21:59.000000000 +0100 ++++ nikto/nikto.pl 2008-03-23 16:06:17.000000000 +0100 +@@ -49,7 +49,7 @@ + $DIV = "-" x 75; + $NIKTO{version} = "2.02"; + $NIKTO{name} = "Nikto"; +-$NIKTO{configfile} = "config.txt"; ### Change this line if your setup is having trouble finding it ++$NIKTO{configfile} = "/etc/nikto/config.txt"; ### Change this line if your setup is having trouble finding it + $http_eol = "\r\n"; + + # read the --config option +@@ -67,9 +67,9 @@ + nprint("T:$STARTTIME: Starting", "d"); + require "$NIKTO{plugindir}/nikto_reports.plugin"; ### Change this line if your setup is having trouble finding it + require "$NIKTO{plugindir}/nikto_single.plugin"; ### Change this line if your setup is having trouble finding it +-require "$NIKTO{plugindir}/LW2.pm"; ### Change this line if your setup is having trouble finding it ++# require "$NIKTO{plugindir}/LW2.pm"; ### Change this line if your setup is having trouble finding it + +-# use LW2; ### Change this line to use a different installed version ++use LW2; ### Change this line to use a different installed version + + ($a, $b) = split(/\./, $LW2::VERSION); + die("- You must use LW2 2.4 or later\n") if ($a != 2 || $b < 4); +--- nikto/config.txt~ 2008-01-09 06:26:30.000000000 +0100 ++++ nikto/config.txt 2008-03-24 08:39:17.000000000 +0100 +@@ -17,7 +17,7 @@ + #SKIPIDS= + + # if Nikto is having difficulty finding the 'plugins', set the full install path here +-# EXECDIR=/usr/local/nikto ++EXECDIR=/var/lib/nikto + + # the default HTTP version to try... can/will be changed as necessary + DEFAULTHTTPVER=1.0 --- nikto-2.03.orig/debian/patches/00list +++ nikto-2.03/debian/patches/00list @@ -0,0 +1 @@ +01path