This update is focused on headers!

- add db_headers_suggested - report missing suggested headers (set in db_headers_suggested) - db_headers renamed to db_headers_common
sullo · Nov 1, 2024 · 40c5f75 · 40c5f75
1 parent badb856
commit 40c5f75
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 5 deletions.
diff --git a/program/databases/db_headers_common b/program/databases/db_headers_common
@@ -34,6 +34,7 @@
 "bfcache-opt-in"
 "cache-control"
 "cf-cache-status"
+"cf-edge-cache"
 "cf-ray"
 "cf-request-id"
 "commerce-server-software"

diff --git a/program/plugins/nikto_core.plugin b/program/plugins/nikto_core.plugin
@@ -1332,7 +1332,7 @@ sub set_targets {
 
 ###############################################################################
 sub load_databases {
-    my @dbs    = qw/db_parked_strings db_404_strings  db_outdated  db_variables/;
+    my @dbs    = qw/db_parked_strings db_404_strings  db_outdated  db_variables db_headers_suggested/;
     my $prefix = $_[0] || '';
 
     # Only load the right databases if -Userdbs is set
@@ -1391,6 +1391,15 @@ sub load_databases {
                 }
             }
 
+            # db_headers_suggested
+            elsif ($file =~ /u?db_headers_suggested/) {
+                foreach my $l (@file) {
+                    my @T = parse_csv($l);
+                    next if $T[0] eq '';
+                    $VARIABLES->{'SUGGESTED_HEADERS'}->{$T[0]} = $T[1];
+                }
+            }
+
             # db_404_strings
             elsif ($file =~ /u?db_404_strings/) {
                 foreach my $l (@file) {
@@ -3027,7 +3036,8 @@ sub usage {
 
 #######################################################################
 sub init_db {
-    my $dbname   = $_[0];
+    my $dbname   = shift;
+    return if $dbname eq "";
     my $filename = "$CONFIGFILE{'DBDIR'}/" . $dbname;
     my (@dbarray, @headers);
     my $hashref = {};

diff --git a/program/plugins/nikto_headers.plugin b/program/plugins/nikto_headers.plugin
@@ -18,7 +18,7 @@
 # PURPOSE:
 # General HTTP headers checks
 ###############################################################################
-use vars qw/$HEADERSDB %HEADERSSUG/;
+use vars qw/$HEADERSDB/;
 
 sub nikto_headers_init {
     my $id = {
@@ -43,7 +43,6 @@ sub nikto_headers_init {
 
 sub nikto_headers_load {
     $HEADERSDB = init_db("db_headers_common");
-    $HEADERSSUG = init_db("db_headers_suggested")
 }
 
 sub nikto_headers_postfetch {
@@ -739,6 +738,22 @@ sub nikto_headers {
 
     #######################################################################
     # Missing suggested headers
-    print "called once\n";
+    ($res, $content, $errors, $request, $result) =
+      nfetch($mark, '/', "GET", "", , , "headers: Suggested Headers Test", "1.1");
+
+    while (my ($header, $ref) = each %{ $VARIABLES->{'SUGGESTED_HEADERS'} }) {
+        if (!exists $result->{$header}) {
+             add_vulnerability(
+                 $mark,
+                 $request->{'whisker'}{'uri'} . ": Suggested security header missing: " . $header,
+                 "013587",
+                 $ref,
+                 "GET",
+                 "/",
+                 $request,
+                 $result
+                 );
+             }
+     }
 }
 1;