Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nikto - No webserver found on x.x.x.x - using vhost and https #585

Open
Towky opened this issue Jan 11, 2019 · 13 comments
Open

Nikto - No webserver found on x.x.x.x - using vhost and https #585

Towky opened this issue Jan 11, 2019 · 13 comments

Comments

@Towky
Copy link

Towky commented Jan 11, 2019

As mentioned in #250 (comment) i got the Message "No web server found on x.x.x.x"

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de
- Nikto v2.1.6
---------------------------------------------------------------------------
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
+ 0 host(s) tested

Webserver configuration:
Microsoft Internet Information Service 8.5
1 binding: https on vhost "host.domain.de" port 443 on any ip-adress on the server (here: 10.0.0.90)
the certificate is issued by an internal pki (root certificate not trusted by the kali-linux mashine)

Verbose Output:

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de -D v
- Nikto v2.1.6
---------------------------------------------------------------------------
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_multiple_index
V:Fri Jan 11 04:23:31 2019 - Loaded "Multiple Index" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_shellshock
V:Fri Jan 11 04:23:31 2019 - Loaded "shellshock" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_core
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_siebel
V:Fri Jan 11 04:23:31 2019 - Loaded "Siebel Checks" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_fileops
V:Fri Jan 11 04:23:31 2019 - Loaded "File Operations" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_subdomain
V:Fri Jan 11 04:23:31 2019 - Loaded "Sub-domain forcer" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_tests
V:Fri Jan 11 04:23:31 2019 - Loaded "Nikto Tests" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_apacheusers
V:Fri Jan 11 04:23:31 2019 - Loaded "Apache Users" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_httpoptions
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Options" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_robots
V:Fri Jan 11 04:23:31 2019 - Loaded "Robots" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_msgs
V:Fri Jan 11 04:23:31 2019 - Loaded "Server Messages" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_content_search
V:Fri Jan 11 04:23:31 2019 - Loaded "Content Search" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_text
V:Fri Jan 11 04:23:31 2019 - Loaded "Text reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_csv
V:Fri Jan 11 04:23:31 2019 - Loaded "CSV reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_xml
V:Fri Jan 11 04:23:31 2019 - Loaded "Report as XML" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_paths
V:Fri Jan 11 04:23:31 2019 - Loaded "Path Search" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_embedded
V:Fri Jan 11 04:23:31 2019 - Loaded "Embedded Detection" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_cgi
V:Fri Jan 11 04:23:31 2019 - Loaded "CGI" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_cookies
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Cookie Internal IP" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_sitefiles
V:Fri Jan 11 04:23:31 2019 - Loaded "Site Files" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_ms10_070
V:Fri Jan 11 04:23:31 2019 - Loaded "ms10-070 Check" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_sqlg
V:Fri Jan 11 04:23:31 2019 - Loaded "Generic SQL reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_headers
V:Fri Jan 11 04:23:31 2019 - Loaded "HTTP Headers" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_parked
V:Fri Jan 11 04:23:31 2019 - Loaded "Parked Detection" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_negotiate
V:Fri Jan 11 04:23:31 2019 - Loaded "Negotiate" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_dictionary_attack
V:Fri Jan 11 04:23:31 2019 - Loaded "Dictionary attack" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_auth
V:Fri Jan 11 04:23:31 2019 - Loaded "Guess authentication" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_put_del_test
V:Fri Jan 11 04:23:31 2019 - Loaded "Put/Delete test" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_clientaccesspolicy
V:Fri Jan 11 04:23:31 2019 - Loaded "clientaccesspolicy.xml" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_ssl
V:Fri Jan 11 04:23:31 2019 - Loaded "SSL and cert checks" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_apache_expect_xss
V:Fri Jan 11 04:23:31 2019 - Loaded "Apache Expect XSS" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_drupal
V:Fri Jan 11 04:23:31 2019 - Loaded "Drupal Specific Tests" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_html
V:Fri Jan 11 04:23:31 2019 - Loaded "Report as HTML" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_outdated
V:Fri Jan 11 04:23:31 2019 - Loaded "Outdated" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_report_nbe
V:Fri Jan 11 04:23:31 2019 - Loaded "NBE reports" plugin.
V:Fri Jan 11 04:23:31 2019 - Initialising plugin nikto_favicon
V:Fri Jan 11 04:23:31 2019 - Loaded "Favicon" plugin.
V:Fri Jan 11 04:23:31 2019 - Getting targets
V:Fri Jan 11 04:23:31 2019 - Added -root value of '/9999' from URI
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:	
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
V:Fri Jan 11 04:23:31 2019 - Opening reports (none, )
V:Fri Jan 11 04:23:31 2019 - 6934 server checks loaded
V:Fri Jan 11 04:23:31 2019 - Running start for "Embedded Detection" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "HTTP Headers" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Drupal Specific Tests" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Favicon" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Content Search" plugin
V:Fri Jan 11 04:23:31 2019 - Running start for "Guess authentication" plugin
+ 0 host(s) tested
V:Fri Jan 11 04:23:31 2019 + 8 requests made in 0 seconds

My first idea was, that the server isn't responding to the IP-Adress, because there is no explicit binding on the ip, just on the vhost.

But checking with curl, the server is responding with "HTTP 404".

Maybe it has something todo with https and the untrusted certificate?

Testing the connection with curl:

root@kali:~# curl -I https://10.0.0.90/9999/ --insecure
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 11 Jan 2019 09:47:09 GMT
Connection: close

root@kali:~# curl -I https://10.0.0.90/9999/ --insecure --header 'Host: host.domain.de'
HTTP/1.1 200 OK
Content-Length: 680
Content-Type: text/html
Last-Modified: Wed, 29 Oct 2003 12:51:16 GMT
Accept-Ranges: bytes
ETag: "cea996571b9ec31:0"
Server: Microsoft-IIS/8.5
X-Frame-Options: SAMEORIGIN
Date: Fri, 11 Jan 2019 09:48:44 GMT

**IP-Adresses and DNS/vhost name changed
@tautology0
Copy link
Collaborator

So the problem here is that the website isn't returning a sensible HTTP(s) result:

V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using HEAD
V:Fri Jan 11 04:23:31 2019 -  for HEAD:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTPS on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:	
V:Fri Jan 11 04:23:31 2019 - Checking for HTTP on port 10.0.0.90:443, using GET
V:Fri Jan 11 04:23:31 2019 -  for GET:

This could be for a few reasons; SNI may be required, the server may be detecting depending on User-Agent, or it could be a bug.

So the first thing I'd try is changing the user-agent, by using:
nikto.pl -Option USERAGENT=Mozilla -url https://10.0.0.90/9999/

If that doesn't work, could you try and add -D D to the command line which will dump the request and response hash; this may reveal the real error message.

@ghost
Copy link

ghost commented Mar 24, 2019

I second this. I found that Nikto had a similar error and despite changing the user agent the issue still persists.

@bigj75024
Copy link

I am having this same issue. Using Nikto 2.1.6. The tool works fine on one server, but this issue on a different server. Same versions of Nikto.

@Towky
Copy link
Author

Towky commented Oct 10, 2019

If i remember correctly the webapplication i was testing in my post above had no default virtualhost listening on all incoming hostnames.

root@kali:~# nikto -host https://10.0.0.90/9999/ -vhost host.domain.de
- Nikto v2.1.6
---------------------------------------------------------------------------
+ No web server found on 10.0.0.90:443
---------------------------------------------------------------------------
+ 0 host(s) tested

We also got trouble in this configuration to get our loadbalancer running, so we had to change it. So i can't test it at the moment.

@bigj75024 Are you using the "-vhost" Flag?

@Towky
Copy link
Author

Towky commented Oct 10, 2019
edited
Loading

Okay, i tested the issue in my test enviroment and I can confirm the error occurs if i run nikto with the -vhost option against an https webservice running on IIS 8.5 if there is no default https listener.

If i create a default listener for https on port 443 everything works fine.

Edit: unencryptet http (port 80) works fine even without default listener. Maybe it has something todo with the different reply from the webserver if there are no default listener

root@kali:~# curl -I http://10.0.100.166/
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 10 Oct 2019 08:24:52 GMT
Connection: close

root@kali:~# curl -I https://10.0.100.166/ --insecure
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.0.100.166:443

Edit2: After a few tests it seems it could also have something todo with SNI (server name indication) if i remove the SNI option, even with no default vhost it works.

It seems the (IIS) Webserver at least has to have one https listener without SNI.

root@kali:~curl -I https://10.0.100.166/ --insecure
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 10 Oct 2019 10:06:41 GMT
Connection: close

root@kali:~# curl -I http://10.0.100.166/
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 10 Oct 2019 10:08:26 GMT
Connection: close

@bigj75024
Copy link

bigj75024 commented Oct 10, 2019 via email

@Green-m
Copy link

Green-m commented Dec 19, 2019

@bigj75024
Apprecaite your reply, save my life. For others, it may help https://stackoverflow.com/questions/53058362/openssl-v1-1-1-ssl-choose-client-version-unsupported-protocol

@bigj75024
Copy link

Glad I could help.

@sullo
Copy link
Owner

sullo commented Dec 23, 2019 via email

@badcat1215
Copy link

vhost have to before host
try

root@kali:~# nikto -vhost host.domain.de -host https://10.0.0.90/9999/

@SectionB
Copy link

SectionB commented Nov 8, 2020

I'm a windows user and when I run with administrator it worked fine,

@ivym1ke
Copy link

ivym1ke commented May 1, 2021

I was getting the No web server found on 10.11.1.237:443 message as well, however curl also did not work.

curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

I resolved this by editing the following in /etc/ssl/openssl.cnf

[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=1

Hopefully this helps someone else who stumbles across this post.

Disclaimer I am working in a lab environment with VMs. Not a suggested fix for your normal OS.

@nasiriyima
Copy link

In my own case (on Kalinux) I had to install ssl support for perl as follows:

aptitude install libio-socket-ssl-perl
aptitude install libcrypt-ssleay-perl

source

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@sullo @tautology0 @nasiriyima @Green-m @bigj75024 @badcat1215 @Towky @SectionB @ivym1ke