1#!/bin/bash 2# Verify Nikto logs 3# Copyright 2014, Andrew Horton 4VERSION=0.1b 5 6if [ -z "$1" ]; then 7echo "Usage: $0 <nikto-log>" 8echo "Version: $VERSION" 9echo "Verifies Nikto logs using WhatWeb to separate false positives / true positives" 10exit 1 11fi 12fname="$1" 13 14if [ ! -f "$fname" ]; then 15echo "Cannot read $fname" 16exit 1 17fi 18 19tfile=`tempfile --prefix=verify-nikto-` 20tlog=`tempfile --prefix=whatweb-log-` 21grep -A 999999 "Start Time:" "$fname" | egrep -o "^+.*(/[^:]+)" | cut -d/ -f 2-|cut -d: -f 1| sed 's/^/\//g' > "$tfile" 22hostname=`egrep "+ Target (Host|Hostname): " "$fname" | cut -d : -f2 | tr -d ' '` 23port=`grep "+ Target Port: " "$fname"| cut -d : -f2 | tr -d ' '` 24 25if grep -q 'SSL Info' "$fname"; then 26prefix='https://' 27else 28prefix='http://' 29fi 30 31echo "------------------------------------------------------------------------------------------------" 32echo "Checking Nikto Log: $fname" 33echo "Running whatweb on $prefix$hostname:$port with `wc -l $tfile` url paths" 34whatweb --log-brief "$tlog" -p+ -i $tfile --url-prefix "$prefix$hostname:$port" > /dev/null 2>/dev/null 35echo 36echo "Different HTML Tag Hashes" 37echo "------------------------------" 38egrep -o "Tag-Hash[^ ]+" $tlog|sort -u 39 40echo "Plugin analysis" 41echo -e "Count\tPlugin" 42echo "------------------------------" 43egrep -o "[^ ]+\[" "$tlog" |sort|uniq -c | sort -rn 44 45echo -e "WhatWeb log: $tlog\nURL path list: $tfile\n" 46