Add nikto scanner integration

Author: J12934

integrations/nikto/nikto-parse-definition.yaml

@@ -0,0 +1,7 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: ParseDefinition
+metadata:
+  name: "nikto-json"
+spec:
+  handlesResultsType: nikto-json
+  image: scbexperimental/parser-nikto

integrations/nikto/nikto-scan-type.yaml

@@ -0,0 +1,23 @@
+apiVersion: 'execution.experimental.securecodebox.io/v1'
+kind: ScanType
+metadata:
+  name: 'nikto'
+spec:
+  extractResults:
+    type: nikto-json
+    location: '/home/securecodebox/nikto-results.json'
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: 10
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: nikto
+              image: scbexperimental/nikto:latest
+              command:
+                - 'nikto'
+                - '-F'
+                - 'json'
+                - '-o'
+                - '/home/securecodebox/nikto-results.json'

integrations/nikto/parser/Dockerfile

@@ -0,0 +1,3 @@
+FROM scbexperimental/parser-sdk-nodejs:latest
+WORKDIR /home/app/parser-wrapper/parser/
+COPY --chown=app:app ./parser.js ./parser.js

integrations/nikto/parser/__snapshots__/parser.test.js.snap

@@ -0,0 +1,246 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`parses www.securecodebox.io result file into findings 1`] = `
+Array [
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999986,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Retrieved via header: 1.1 varnish",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999986,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Retrieved x-served-by header: cache-fra19151-FRA",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999986,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Retrieved access-control-allow-origin header: *",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999957,
+      "port": 443,
+    },
+    "category": "X-Frame-Options Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "The anti-clickjacking X-Frame-Options header is not present.",
+    "osi_layer": "NETWORK",
+    "severity": "LOW",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999102,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-timer' found, with contents: S1585519074.290715,VS0,VE1",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-cache' found, with contents: HIT",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-proxy-cache' found, with contents: MISS",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-fastly-request-id' found, with contents: 12821df5c3f5eb828b1a4ce7d4e3637faa71291a",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-github-request-id' found, with contents: DB72:2841:1B0932:23C885:5E8119E0",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999100,
+      "port": 443,
+    },
+    "category": "Uncommon Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Uncommon header 'x-served-by' found, with contents: cache-fra19151-FRA",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999955,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "The site uses SSL and Expect-CT header is not present.",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999103,
+      "port": 443,
+    },
+    "category": "X-Content-Type-Options Header",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "PUT",
+      "niktoId": 999962,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "Server banner changed from 'GitHub.com' to 'Varnish'",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+  Object {
+    "attributes": Object {
+      "banner": "GitHub.com",
+      "hostname": "www.securecodebox.io",
+      "ip_address": "185.199.108.153",
+      "method": "GET",
+      "niktoId": 999966,
+      "port": 443,
+    },
+    "category": "Nikto Finding",
+    "description": null,
+    "location": "https://www.securecodebox.io/",
+    "name": "The Content-Encoding header is set to \\"deflate\\" this may mean that the server is vulnerable to the BREACH attack.",
+    "osi_layer": "NETWORK",
+    "severity": "INFORMATIONAL",
+  },
+]
+`;

integrations/nikto/parser/__testFiles__/www.securecodebox.io.json

@@ -0,0 +1 @@
+{"host":"www.securecodebox.io","ip":"185.199.108.153","port":"443","banner":"GitHub.com","vulnerabilities":[{"id": "999986","OSVDB": "0","method":"GET","url":"/","msg":"Retrieved via header: 1.1 varnish"},{"id": "999986","OSVDB": "0","method":"GET","url":"/","msg":"Retrieved x-served-by header: cache-fra19151-FRA"},{"id": "999986","OSVDB": "0","method":"GET","url":"/","msg":"Retrieved access-control-allow-origin header: *"},{"id": "999957","OSVDB": "0","method":"GET","url":"/","msg":"The anti-clickjacking X-Frame-Options header is not present."},{"id": "999102","OSVDB": "0","method":"GET","url":"/","msg":"The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-timer' found, with contents: S1585519074.290715,VS0,VE1"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-cache' found, with contents: HIT"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-proxy-cache' found, with contents: MISS"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-fastly-request-id' found, with contents: 12821df5c3f5eb828b1a4ce7d4e3637faa71291a"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-github-request-id' found, with contents: DB72:2841:1B0932:23C885:5E8119E0"},{"id": "999100","OSVDB": "0","method":"GET","url":"/","msg":"Uncommon header 'x-served-by' found, with contents: cache-fra19151-FRA"},{"id": "999955","OSVDB": "0","method":"GET","url":"/","msg":"The site uses SSL and Expect-CT header is not present."},{"id": "999103","OSVDB": "0","method":"GET","url":"/","msg":"The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type"},{"id": "999962","OSVDB": "0","method":"PUT","url":"/","msg":"Server banner changed from 'GitHub.com' to 'Varnish'"},{"id": "999966","OSVDB": "0","method":"GET","url":"/","msg":"The Content-Encoding header is set to \"deflate\" this may mean that the server is vulnerable to the BREACH attack."}]}

integrations/nikto/parser/parser.js

@@ -0,0 +1,66 @@
+const INFORMATIONAL = 'INFORMATIONAL';
+const LOW = 'LOW';
+const MEDIUM = 'MEDIUM';
+const HIGH = 'HIGH';
+/**
+ * Sorts Nikto findings into Categories
+ *
+ * @param {string} category
+ */
+function categorize({ id }) {
+  if (id === 999957) {
+    return ['X-Frame-Options Header', LOW];
+  } else if (id === 'X-XSS-Protection') {
+    return ['X-XSS-Protection', LOW];
+  } else if (id === 999100) {
+    return ['Uncommon Header', INFORMATIONAL];
+  } else if (id === 999103) {
+    return ['X-Content-Type-Options Header', INFORMATIONAL];
+  } else if (id === 521000) {
+    return ['Path Traversal', HIGH];
+  } else if (id >= 600000 && id < 700000) {
+    return ['Outdated Software', MEDIUM];
+  } else if (id >= 800000 && id < 900000) {
+    return ['Identified Software', INFORMATIONAL];
+  } else if (id >= 0 && id < 100000) {
+    return ['Potential Vulnerability', HIGH];
+  } else if (id >= 500017 && id < 600000) {
+    return ['Identified Software', INFORMATIONAL];
+  } else if (id >= 300000 && id < 400000) {
+    return ['Embedded Device', INFORMATIONAL];
+  }
+
+  return ['Nikto Finding', INFORMATIONAL];
+}
+
+async function parse({ host, ip, port: portString, banner, vulnerabilities }) {
+  const port = parseInt(portString, 10);
+
+  return vulnerabilities.filter(Boolean).map(({ id, method, url, msg }) => {
+    const niktoId = parseInt(id, 10);
+
+    const [category, severity] = categorize({ id: niktoId });
+
+    // We can only guess at this point. Nikto doesn't tell use anymore :(
+    const protocol = port === 443 || port === 8443 ? 'https' : 'http';
+
+    return {
+      name: msg,
+      description: null,
+      category,
+      location: `${protocol}://${host}${url}`,
+      osi_layer: 'NETWORK',
+      severity,
+      attributes: {
+        ip_address: ip,
+        hostname: host,
+        banner,
+        method,
+        port,
+        niktoId,
+      },
+    };
+  });
+}
+
+module.exports.parse = parse;

integrations/nikto/parser/parser.test.js

@@ -0,0 +1,17 @@
+const fs = require('fs');
+const util = require('util');
+
+// eslint-disable-next-line security/detect-non-literal-fs-filename
+const readFile = util.promisify(fs.readFile);
+
+const { parse } = require('./parser');
+
+test('parses www.securecodebox.io result file into findings', async () => {
+  const fileContent = JSON.parse(
+    await readFile(__dirname + '/__testFiles__/www.securecodebox.io.json', {
+      encoding: 'utf8',
+    })
+  );
+
+  expect(await parse(fileContent)).toMatchSnapshot();
+});