Bug: STDOUT Now showing large numbers of Var: debug-like lines

[zombietango]

Expected behavior

Normally, Nikto would only display findings or additional information requested via the -Display flags.

Actual behavior

Very recently (probably as of the last commit release), I am now receiving a large number of STDOUT entries that appear to be debug messages, regardless of any -Display flags. Examples:

Var: @CGIDIRS val: /cgi-bin-sdb/ Var: @CGIDIRS val: /cgi-mod/ Var: @CGIDIRS val: /cgi.cgi/ Var: @CGIDIRS val: /webcgi/ Var: @CGIDIRS val: /cgi-914/ Var: @CGIDIRS val: /cgi-915/ Var: @CGIDIRS val: /bin/ Var: @CGIDIRS val: /cgi/ Var: @CGIDIRS val: /mpcgi/ Var: @CGIDIRS val: /cgi-bin/ Var: @CGIDIRS val: /ows-bin/ Var: @CGIDIRS val: /cgi-sys/ Var: @CGIDIRS val: /cgi-local/ Var: @CGIDIRS val: /htbin/ Var: @CGIDIRS val: /cgibin/ Var: @CGIDIRS val: /cgis/ Var: @CGIDIRS val: /scripts/ Var: @CGIDIRS val: /cgi-win/ Var: @CGIDIRS val: /fcgi-bin/ Var: @CGIDIRS val: /cgi-exe/ Var: @CGIDIRS val: /cgi-home/ Var: @CGIDIRS val: /cgi-perl/ Var: @CGIDIRS val: /scgi-bin/ Var: @CGIDIRS val: /cgi-bin-sdb/ Var: @CGIDIRS val: /cgi-mod/

Var: @RFIURL val: http://cirt.net/rfiinc.txt? Var: @RFIURL val: http://cirt.net/rfiinc.txt? Var: @RFIURL val: http://cirt.net/rfiinc.txt? Var: @RFIURL val: http://cirt.net/rfiinc.txt?

Var: @NUKE val: / Var: @NUKE val: /postnuke/ Var: @NUKE val: /postnuke/html/ Var: @NUKE val: /modules/ Var: @NUKE val: /phpBB/ Var: @NUKE val: /forum/

Var: @PHPMYADMIN val: /3rdparty/phpMyAdmin/ Var: @PHPMYADMIN val: /phpMyAdmin/ Var: @PHPMYADMIN val: /3rdparty/phpmyadmin/ Var: @PHPMYADMIN val: /phpmyadmin/ Var: @PHPMYADMIN val: /pma/ Var: @PHPMYADMIN val: /.tools/phpMyAdmin/current/

Steps to reproduce

1. Run Nikto
2. Watch STDOUT
3. See additional display lines

There was no specific requirements for me to see this issue.

Nikto version

`---------------------------------------------------------------------------
Nikto Versions

File Version Last Mod

---

Nikto main 2.1.6
LibWhisker 2.5
db_404_strings 2.003
db_content_search 2.000
db_dictionary 1.0
db_dir_traversal 2.1.6
db_domino 2.1.6
db_drupal 1.00
db_embedded 2.004
db_favicon 2.010
db_headers 2.008
db_httpoptions 2.002
db_multiple_index 2.005
db_outdated 2.017
db_parked_strings 2.001
db_realms 2.002
db_server_msgs 2.006
db_tests 2.021
db_variables 2.004
nikto_apache_expect_xss.plugin 2.04
nikto_apacheusers.plugin 2.06
nikto_auth.plugin 2.04
nikto_cgi.plugin 2.06
nikto_clientaccesspolicy.plugin 1.00
nikto_content_search.plugin 2.05
nikto_cookies.plugin 2.05
nikto_core.plugin 2.1.5
nikto_dictionary_attack.plugin 2.04
nikto_dir_traversal.plugin 2.1.6
nikto_dishwasher.plugin 2.20
nikto_docker_registry.plugin 2.20
nikto_domino.plugin 2.1.6
nikto_drupal.plugin 1.00
nikto_embedded.plugin 2.07
nikto_favicon.plugin 2.09
nikto_fileops.plugin 1.00
nikto_headers.plugin 2.11
nikto_httpoptions.plugin 2.10
nikto_ms10_070.plugin 1.00
nikto_msgs.plugin 2.07
nikto_multiple_index.plugin 2.03
nikto_negotiate.plugin 2.00
nikto_origin_reflection.plugin 2.01
nikto_outdated.plugin 2.09
nikto_parked.plugin 2.00
nikto_paths.plugin 2.00
nikto_put_del_test.plugin 2.04
nikto_report_csv.plugin 2.07
nikto_report_html.plugin 2.06
nikto_report_json.plugin 2.00
nikto_report_nbe.plugin 2.02
nikto_report_sqlg.plugin 2.00
nikto_report_text.plugin 2.05
nikto_report_xml.plugin 2.06
nikto_robots.plugin 2.06
nikto_shellshock.plugin 2.01
nikto_siebel.plugin 1.00
nikto_sitefiles.plugin 2.00
nikto_ssl.plugin 2.01
nikto_strutshock.plugin 2.01
nikto_tests.plugin 2.04
---------------------------------------------------------------------------`

Further technical info

macOS 10.15.3
perl:

Platform: osname=darwin, osvers=19.0, archname=darwin-thread-multi-2level uname='darwin osx374.sd.apple.com 19.0 darwin kernel version 18.0.0: tue jul 9 11:12:08 pdt 2019; root:xnu-4903.201.2.100.7~1release_x86_64 x86_64 ' config_args='-ds -e -Dprefix=/usr -Dccflags=-g -pipe -Dldflags= -Dman3ext=3pm -Duseithreads -Duseshrplib -Dinc_version_list=none -Dcc=cc' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef

[tautology0]

Looks like this was added in version 2289670#diff-0dfffae278774b7d83fb0f8df0815860e21f079cf9f16c2c565cf317612b47b6

[sullo]

I commented the lines. debugging another issue and i accidentally committed. thanks!

[tautology0]

Damnit, you pushed at the same time I did :-P

[digininja]

I nearly reported this but it seemed like such an obvious thing that I assumed it was "new normal" and so didn't bother.

…

On Wed, 11 Nov 2020 at 15:45, D L ***@***.***> wrote: Damnit, you pushed at the same time I did :-P — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#706 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA4SWIYPMRRXV2DAU3IIALSPKWRNANCNFSM4TSCYEAQ> .

[zombietango]

Thanks guys! Working as expected now.