Making Nikto module
From OWASP Live CD 2008
Contents |
Get the source for Nikto
Nikto is hosted here and included direct links to the most recent source downloads. Grab the latest tar.bz2 from here and you're good to go. Go ahead and extract that in the temp directory under working:
$ cd temp $ tar -xjvf nikto-2.03.tar.bz2
Create the necessary files in the fakeroot directory
Perl is an interpreted language so no compiling needed. Hurray for interpreted languages. Lets start building what we need in fakeroot:
$ mkdir fakeroot $ mkdir -p fakeroot/opt/owasp $ mv temp/nikto fakeroot/opt/owasp/
Nikto source comes with a bunch of .svn directories we really don't need. Lets check for them, nuke those we find and check they are gone:
$ find ./fakeroot -type d -name ".svn" $ find ./fakeroot -type d -name ".svn" | xargs rm -rf $ find ./fakeroot -type d -name ".svn"
Because nikto is a command line tool, we're going to create two startup scripts to be used by the menu item:
$ mkdir -p fakeroot/usr/bin $ vi fakeroot/usr/bin/startup-nikto [create script] $ cat fakeroot/usr/bin/startup-nikto #/bin/sh echo " _ _ _ _ _ ____ _____ ___ " echo " | \ | (_) | _| |_ ___ |___ \ |___ / / _ \ " echo " | \| | | |/ / __/ _ \ __) | |_ \| | | |" echo " | |\ | | <| || (_) | / __/ _ ___) | |_| |" echo ' |_| \_|_|_|\_\\__\___/ |_____(_)____/ \___/ ' echo " " echo " " echo " Nikto - The web server scanner" echo " (part of the OWASP Live CD)" echo " " echo " Type 'nikto' for brief help or 'nikto -Help for extended help" echo " Basic usage:" echo " nikto -host [IP or host name]" echo " "
We'll also have to make a simple script to put nikto into our path:
$ vi fakeroot/usr/bin/nikto
[create script]
$ cat fakeroot/usr/bin/nikro
#!/bin/bash
cd /opt/owasp/nikto
./nikto.pl "$@"
Now a menu item:
$ mkdir fakeroot/usr/share/applications $ vi fakeroot/usr/share/applications/nikto.desktop [create the file] $ cat fakeroot/usr/share/applications/nikto.desktop [Desktop Entry] Categories=Application;Network; Comment= Encoding=UTF-8 Exec[$e]=startup-nikto; bash GenericName=Nikto Icon=/usr/share/pixmaps/nikto-icon.png MimeType=text/html Name=Web Server Scanner Path[$e]= StartupNotify=false Terminal=1 TerminalOptions=-T "Nikto 2.03 - Web Server Scanner" Type=Application X-KDE-StartupNotify=true X-KDE-SubstituteUID=false X-KDE-Username=
For the icon, I wasn't quite sure what to do. I grabbed the alien head off the Nikto site and used a little Gimp-foo to come up with the icon. Then, I moved that into fakeroot.
mkdir fakeroot/usr/share/pixmaps $ cp temp/nikto-icon.png fakeroot/usr/share/pixmaps/
We should now have everything we need in fakeroot. Give it a final sanity check, then create a new module based on what's in fakeroot:
# find fakeroot/ | less # dir2lzm fakeroot/ nikto-2.30.lzm
Test the new modules
SLAX will allow you to add modules to a running system. Before going on, you should install the module and make sure it works like expected. Check out the page Add modules to a running system to see how to do this. Since I had to do a make install before I created the module, I used a freshly booted Live CD to test the module. Verify that nikto works as expected.
# nikto -host [IP address you can safely scan]
If everything goes as expected, you'll need to add this module to the ISO image. Since we've created the module in the Live CD, you'll need to move it off to a "real" computer. You can use a USB drive, scp or whatever to get the files off the Live CD.
Add the modules to the ISO build directory
Also cake
$ cp -i nikto-2.30.lzm ../contents/slax/base/ $ chmod 775 ../contents/slax/base/nikto-2.30.lzm
This assumes your nikto module was moved into your working directory. See How I created the live CD#Create_a_Working_Directory
Clean up and archive
Once you've got a working module, lets clean up a bit.
$ $ mkdir ./completed_modules/nikto $ mv nikto-2.30.lzm ./completed_modules/nikto/ $ mv temp/ nikto-2.03.tar.bz2 ./completed_modules/nikto/ $ rm -rf ./temp/*
