From 432aa875a7ad780d3fb7e407a00675304bc1ea3b Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 30 Sep 2024 06:52:52 +0200 Subject: [PATCH 1/2] Migrate nikto test and example to use the -url which seems to be working correctly right now Signed-off-by: Jannik Hollenbach --- scanners/nikto/examples/demo-bodgeit/scan.yaml | 5 ++--- .../nikto/examples/demo-docs.securecodebox.io/scan.yaml | 2 +- scanners/nikto/examples/demo-juice-shop/scan.yaml | 5 ++--- scanners/nikto/integration-tests/nikto.test.js | 6 ++---- 4 files changed, 7 insertions(+), 11 deletions(-) diff --git a/scanners/nikto/examples/demo-bodgeit/scan.yaml b/scanners/nikto/examples/demo-bodgeit/scan.yaml index 82d2132b32..e897263560 100644 --- a/scanners/nikto/examples/demo-bodgeit/scan.yaml +++ b/scanners/nikto/examples/demo-bodgeit/scan.yaml @@ -11,9 +11,8 @@ metadata: spec: scanType: "nikto" parameters: - - "-h" - - "bodgeit" - - "-port 8080" + - "-url" + - "http://bodgeit:8080" - "-Tuning" # Only enable fast (ish) Scan Options, remove attack option like SQLi and RCE. We will leave those to ZAP - "1,2,3,5,7,b" diff --git a/scanners/nikto/examples/demo-docs.securecodebox.io/scan.yaml b/scanners/nikto/examples/demo-docs.securecodebox.io/scan.yaml index 5d13fa5bc4..93d17bc564 100644 --- a/scanners/nikto/examples/demo-docs.securecodebox.io/scan.yaml +++ b/scanners/nikto/examples/demo-docs.securecodebox.io/scan.yaml @@ -11,7 +11,7 @@ metadata: spec: scanType: "nikto" parameters: - - "-h" + - "-url" - "https://www.securecodebox.io/" - "-Tuning" # Only enable fast (ish) Scan Options, remove attack option like SQLi and RCE. We will leave those to ZAP diff --git a/scanners/nikto/examples/demo-juice-shop/scan.yaml b/scanners/nikto/examples/demo-juice-shop/scan.yaml index f45c3c4133..bbd7ccee7f 100644 --- a/scanners/nikto/examples/demo-juice-shop/scan.yaml +++ b/scanners/nikto/examples/demo-juice-shop/scan.yaml @@ -11,9 +11,8 @@ metadata: spec: scanType: "nikto" parameters: - - "-h" - - "juice-shop" - - "-port 3000" + - "-url" + - "http://juice-shop:3000" - "-Tuning" # Only enable fast (ish) Scan Options, remove attack option like SQLi and RCE. We will leave those to ZAP - "1,2,3,5,7,b" diff --git a/scanners/nikto/integration-tests/nikto.test.js b/scanners/nikto/integration-tests/nikto.test.js index 065fd38f14..8e589a924b 100644 --- a/scanners/nikto/integration-tests/nikto.test.js +++ b/scanners/nikto/integration-tests/nikto.test.js @@ -13,10 +13,8 @@ test( "nikto-bodgeit", "nikto", [ - "-h", - "bodgeit.demo-targets.svc", - "-port", - "8080", + "-url", + "http://bodgeit.demo-targets.svc:8080", "-Tuning", "1,2,3,5,7,b", ], // See nikto bodgeit example From 762198b83da1467d0ee71d087ff8ddd22121c7a2 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Mon, 30 Sep 2024 06:53:23 +0200 Subject: [PATCH 2/2] Remove vague assertion If the count is off the next assertions are way more helpful to find out why. Signed-off-by: Jannik Hollenbach --- scanners/nikto/integration-tests/nikto.test.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scanners/nikto/integration-tests/nikto.test.js b/scanners/nikto/integration-tests/nikto.test.js index 8e589a924b..1f2870c4a9 100644 --- a/scanners/nikto/integration-tests/nikto.test.js +++ b/scanners/nikto/integration-tests/nikto.test.js @@ -9,7 +9,7 @@ jest.retryTimes(3); test( "nikto scan against bodgeit demo-target", async () => { - const {categories, severities, count} = await scan( + const {categories, severities} = await scan( "nikto-bodgeit", "nikto", [ @@ -21,7 +21,6 @@ test( 90 ); - expect(count).toBe(12); expect(categories).toMatchInlineSnapshot(` { "Identified Software": 1,