Skip to content

Commit

Permalink
Adding sample results and input JSONs
Browse files Browse the repository at this point in the history 
Signed-off-by: Rony Xavier <rxavier@mitre.org>
  • Loading branch information
Rony Xavier committed Aug 11, 2020
1 parent 0b3daa3 commit 75243f1
Show file tree
Hide file tree
Showing 2 changed files with 107 additions and 0 deletions.
106 changes: 106 additions & 0 deletions sample_jsons/nikto_mapper/sample_input_jsons/zero.webappsecurity.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
{
"banner": "Apache/2.2.6 (Win32) mod_ssl/2.2.6 OpenSSL/0.9.8e mod_jk/1.2.40",
"host": "zero.webappsecurity.com",
"ip": "54.82.22.214",
"port": "443",
"vulnerabilities": [
{
"OSVDB": "0",
"id": "999986",
"method": "GET",
"msg": "Retrieved access-control-allow-origin header: *",
"url": "/"
},
{
"OSVDB": "0",
"id": "999984",
"method": "GET",
"msg": "Server may leak inodes via ETags, header found with file /, inode: 150562, size: 44, mtime: Fri Jul 7 04:07:28 2006",
"url": "/"
},
{
"OSVDB": "0",
"id": "999957",
"method": "GET",
"msg": "The anti-clickjacking X-Frame-Options header is not present.",
"url": "/"
},
{
"OSVDB": "0",
"id": "999102",
"method": "GET",
"msg": "The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS",
"url": "/"
},
{
"OSVDB": "0",
"id": "999970",
"method": "GET",
"msg": "The site uses SSL and the Strict-Transport-Security HTTP header is not defined.",
"url": "/"
},
{
"OSVDB": "0",
"id": "999955",
"method": "GET",
"msg": "The site uses SSL and Expect-CT header is not present.",
"url": "/"
},
{
"OSVDB": "0",
"id": "999103",
"method": "GET",
"msg": "The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.",
"url": "/"
},
{
"OSVDB": "0",
"id": "600463",
"method": "HEAD",
"msg": "mod_jk/1.2.40 appears to be outdated (current is at least 1.2.46)",
"url": "/"
},
{
"OSVDB": "0",
"id": "600511",
"method": "HEAD",
"msg": "mod_ssl/2.2.6 appears to be outdated (current is at least 2.8.31) (may depend on server version)",
"url": "/"
},
{
"OSVDB": "0",
"id": "600050",
"method": "HEAD",
"msg": "Apache/2.2.6 appears to be outdated (current is at least Apache/2.4.41). Apache 2.2.34 is the EOL for the 2.x branch.",
"url": "/"
},
{
"OSVDB": "0",
"id": "600595",
"method": "HEAD",
"msg": "OpenSSL/0.9.8e appears to be outdated (current is at least 1.1.1d). OpenSSL 1.0.0o and 0.9.8zc are also current.",
"url": "/"
},
{
"OSVDB": "0",
"id": "800132",
"method": "GET",
"msg": "mod_ssl/2.2.6 OpenSSL/0.9.8e mod_jk/1.2.40 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. CVE-2002-0082, OSVDB-756.",
"url": "/"
},
{
"OSVDB": "0",
"id": "999990",
"method": "OPTIONS",
"msg": "Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE ",
"url": "/"
},
{
"OSVDB": "877",
"id": "999971",
"method": "TRACE",
"msg": "HTTP TRACE method is active, suggesting the host is vulnerable to XST",
"url": "/"
}
]
}
1 change: 1 addition & 0 deletions sample_jsons/nikto_mapper/zero.webappsecurity.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"platform":{"name":"Heimdall Tools","release":"1.3.32.5.g0b3daa3.1.dirty.20200811.181340","target_id":"Host: zero.webappsecurity.com Port: 443"},"version":"1.3.32.5.g0b3daa3.1.dirty.20200811.181340","statistics":{"duration":null},"profiles":[{"name":"Nikto Website Scanner","version":"","title":"Nikto Target: Host: zero.webappsecurity.com Port: 443","maintainer":null,"summary":"Banner: Banner: Apache/2.2.6 (Win32) mod_ssl/2.2.6 OpenSSL/0.9.8e mod_jk/1.2.40","license":null,"copyright":null,"copyright_email":null,"supports":[],"attributes":[],"depends":[],"groups":[],"status":"loaded","controls":[{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"Retrieved access-control-allow-origin header: *","id":"999986","desc":"Retrieved access-control-allow-origin header: *","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"Server may leak inodes via ETags, header found with file /, inode: 150562, size: 44, mtime: Fri Jul 7 04:07:28 2006","id":"999984","desc":"Server may leak inodes via ETags, header found with file /, inode: 150562, size: 44, mtime: Fri Jul 7 04:07:28 2006","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"The anti-clickjacking X-Frame-Options header is not present.","id":"999957","desc":"The anti-clickjacking X-Frame-Options header is not present.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS","id":"999102","desc":"The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"The site uses SSL and the Strict-Transport-Security HTTP header is not defined.","id":"999970","desc":"The site uses SSL and the Strict-Transport-Security HTTP header is not defined.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"The site uses SSL and Expect-CT header is not present.","id":"999955","desc":"The site uses SSL and Expect-CT header is not present.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.","id":"999103","desc":"The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":[" SI-2"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"mod_jk/1.2.40 appears to be outdated (current is at least 1.2.46)","id":"600463","desc":"mod_jk/1.2.40 appears to be outdated (current is at least 1.2.46)","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: HEAD","run_time":0.0,"start_time":""}]},{"tags":{"nist":[" SI-2"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"mod_ssl/2.2.6 appears to be outdated (current is at least 2.8.31) (may depend on server version)","id":"600511","desc":"mod_ssl/2.2.6 appears to be outdated (current is at least 2.8.31) (may depend on server version)","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: HEAD","run_time":0.0,"start_time":""}]},{"tags":{"nist":[" SI-2"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"Apache/2.2.6 appears to be outdated (current is at least Apache/2.4.41). Apache 2.2.34 is the EOL for the 2.x branch.","id":"600050","desc":"Apache/2.2.6 appears to be outdated (current is at least Apache/2.4.41). Apache 2.2.34 is the EOL for the 2.x branch.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: HEAD","run_time":0.0,"start_time":""}]},{"tags":{"nist":[" SI-2"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"OpenSSL/0.9.8e appears to be outdated (current is at least 1.1.1d). OpenSSL 1.0.0o and 0.9.8zc are also current.","id":"600595","desc":"OpenSSL/0.9.8e appears to be outdated (current is at least 1.1.1d). OpenSSL 1.0.0o and 0.9.8zc are also current.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: HEAD","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SI-10"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"mod_ssl/2.2.6 OpenSSL/0.9.8e mod_jk/1.2.40 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. CVE-2002-0082, OSVDB-756.","id":"800132","desc":"mod_ssl/2.2.6 OpenSSL/0.9.8e mod_jk/1.2.40 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. CVE-2002-0082, OSVDB-756.","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: GET","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"0"},"descriptions":[],"refs":[],"source_location":{},"title":"Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE ","id":"999990","desc":"Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE ","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: OPTIONS","run_time":0.0,"start_time":""}]},{"tags":{"nist":["SA-11","RA-5"],"ösvdb":"877"},"descriptions":[],"refs":[],"source_location":{},"title":"HTTP TRACE method is active, suggesting the host is vulnerable to XST","id":"999971","desc":"HTTP TRACE method is active, suggesting the host is vulnerable to XST","impact":0.5,"code":"","results":[{"status":"failed","code_desc":"URL : / Method: TRACE","run_time":0.0,"start_time":""}]}],"sha256":"6b075348aa0f19affd85749f374e21f6750f6d90853b9721f99d7f85264c54cd"}]}

0 comments on commit 75243f1

Please sign in to comment.