Hello list, I have a question regarding the Nikto wrapper (nikto_wrapper.nes). When using this plugin on a local network, everything appears to work fine. However, when we try to scan remote hosts through a 2 MBIT DSL connection, the plugin doesn't return any results. In some cases, the plugin doesn't start and in some case it does, however it is still running when Nessus has finshed scanning. We used the following scipt (as a replacement for nikto.pl), as suggested by Michel Arboi, to determine whether the plugin starts or not:
------------------------------ #!/bin/bash begindate=$(/bin/date) echo "Starting Nikto on: $begindate" >> /usr/local/nikto-1.32/my_nikto.log echo $0 $@ >> /usr/local/nikto-1.32/my_nikto.log /usr/local/nikto-1.32/my_nikto.pl $@ enddate=$(/bin/date) echo "Nikto scan ended on: $enddate" >> /usr/local/nikto-1.32/my_nikto.log ------------------------------ We have tested with this script on one host on the local network and two remote hosts using a 2 MBIT DSL connection. All the hosts had a webserver up and running and we only enabled nmap, the nikto plugin and it's dependecies. The host on the local network gave me nikto results without a problem, but on the remote hosts I had mixed results. On one host nikto wasn't started at all, allthough the webserver on port 80 and 443 were correctly detected. There was no nessus_popen() message in the nessusd.dump file for this host. On the second host nikto was started for every port the webserver was listening on (80, 443, 8080), but Nessus already displayed the results from the Nessus scan before the nikto wrapper script was finished. Needles to say the nikto results weren't included. It looks like Nessus only waits for a certain amount of time for the nikto results. We've checked the nikto_wrapper.c source file for any timeouts and the only one we could find was the plugin set timeout (desc, -1); function call. But since this is set to -1 I assume this means infinitly? Has anybody experienced this problem or does anybody know how to resolve this issue? Thanks in advance. Regards, Yorick -- Ing. Yorick Koster <mailto:[EMAIL PROTECTED]> Security Engineer ------------------------------------------------------------------- ITsec Security Services B.V., Postbus 5120, 2000 GC HAARLEM Tel.+31-(0)235420578, Fax.+31-(0)235345477 http://www.itsec-ss.nl ------------------------------------------------------------------- Exploit & Vulnerability Alerting Service http://www.evas.nl ITsec Security Services B.V. may not be held liable for the effects or damages caused by the direct or indirect use of the information or functionality provided by this posting, nor the content contained within. Use them at your own risk. ITsec Security Services B.V. bears no responsibility for misuse of this posting or any derivatives thereof. _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
