mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
0d93f8e9c9
(* Security fix *) Signed-off-by: David Spencer <baildon.research@googlemail.com>
125 lines
4.1 KiB
Bash
125 lines
4.1 KiB
Bash
#!/bin/sh
|
|
|
|
# Slackware build script for Nikto Web Scanner
|
|
|
|
# Copyright 2010-2011 Marco Bonetti <sid77@slackware.it>
|
|
# Copyright 2015-2017 Brenton Earl <brent@exitstatusone.com>
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
PRGNAM=nikto
|
|
VERSION=${VERSION:-2.1.6}
|
|
BUILD=${BUILD:-2}
|
|
TAG=${TAG:-_SBo}
|
|
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) ARCH=i586 ;;
|
|
arm*) ARCH=arm ;;
|
|
*) ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
CWD=$(pwd)
|
|
TMP=${TMP:-/tmp/SBo}
|
|
PKG=$TMP/package-$PRGNAM
|
|
OUTPUT=${OUTPUT:-/tmp}
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i686" ]; then
|
|
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
set -e
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG $OUTPUT
|
|
cd $TMP
|
|
rm -rf $PRGNAM
|
|
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
|
cd $PRGNAM-$VERSION
|
|
chown -R root:root .
|
|
find -L . \
|
|
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
|
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
|
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
|
|
|
# Force SBo shipped LW2 module
|
|
patch -p1 --verbose < $CWD/patches/nikto.pl.diff
|
|
patch -p1 --verbose < $CWD/patches/replay.pl.diff
|
|
patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff
|
|
|
|
# Fix path for Slackware
|
|
patch -p1 --verbose < $CWD/patches/man_page.diff
|
|
|
|
# Fix CVE-2018-11652: https://nvd.nist.gov/vuln/detail/CVE-2018-11652
|
|
# Allows remote attackers to inject arbitrary OS commands via the
|
|
# server field in an HTTP response header, which is directly
|
|
# injected into a CSV report
|
|
# PoC: https://www.exploit-db.com/exploits/44899/
|
|
patch -p1 --verbose < $CWD/patches/CVE-2018-11652-CSV-injection.patch
|
|
|
|
# Install executable
|
|
if [ "$ARCH" = "x86_64" ]; then
|
|
install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto
|
|
else
|
|
install -Dm 755 $CWD/nikto.sh $PKG/usr/bin/nikto
|
|
fi
|
|
|
|
# Install the rest
|
|
install -d $PKG/usr/lib${LIBDIRSUFFIX}/nikto
|
|
cp -a program/* $PKG/usr/lib${LIBDIRSUFFIX}/nikto
|
|
install -Dm 644 program/nikto.conf $PKG/etc/nikto.conf.new
|
|
install -Dm 644 documentation/nikto.1 $PKG/usr/man/man1/nikto.1
|
|
install -Dm 755 program/replay.pl $PKG/usr/bin/replay.pl
|
|
|
|
# Remove the upstream shipped libwhisker2
|
|
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/plugins/LW2.pm
|
|
|
|
# Clean up duplicate config
|
|
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/nikto.conf
|
|
|
|
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
|
|
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
|
|
|
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
|
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
|
|
|
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
|
cp -a program/docs/nikto_manual.html program/docs/*.txt README.md \
|
|
$PKG/usr/doc/$PRGNAM-$VERSION/
|
|
rm -r $PKG/usr/lib${LIBDIRSUFFIX}/nikto/docs
|
|
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|