Only different result is that sometime I obtain nikto result sometimes not.
I send yo to nessj network logs which show all configuration details. I use same input in my own C# cilent, I am also obtain nikto result sometimes sometimes not. can the reason nessus exit nikto.nasl immediately? In this logs, only nikto plugin is choosen (which is 14260) , but I try so many combinations such as -nikto and no404 -allCGI and webserver plugins -all plugins etc In addition in my client, in order to sent all plugins I use "-1" in NTP .( according to ntp documents.) But My problem is nikto results stability is not solved. Also in Nessus Client (Boss products) , I give more timeout values for nikto plugin. I try so many things but I could not solve.Maybe the solution is to stop exit immediately from nikto plugin.. here is the sample ntp message which is sent to nessus server from nessj network log. Client, CLIENT <|> PREFERENCES <|> Client, ntp_client_accepts_notes <|> yes Client, ntp_escape_crlf <|> yes Client, ntp_keep_communication_alive <|> yes Client, ntp_opt_show_end <|> yes Client, ntp_short_status <|> yes Client, plugin_set <|> 14260; Client, auto_enable_dependencies <|> yes Client, cgi_path <|> /cgi-bin:/scripts Client, continuous_scan <|> no Client, delay_between_scan_loops <|> 0 Client, detached_scan <|> no Client, detached_scan_email_address <|> [EMAIL PROTECTED] Client, host_expansion <|> none Client, max_checks <|> 5 Client, max_hosts <|> 40 Client, optimize_test <|> yes Client, ping_hosts <|> no Client, port_range <|> default Client, reverse_lookup <|> no Client, safe_checks <|> yes Client, save_empty_session <|> no Client, save_session <|> yes Client, silent_dependencies <|> yes Client, unscanned_closed <|> no Client, use_mac_addr <|> no Client, ssl_version <|> none Client, slice_network_addresses <|> no Client, plugin_upload_suffixes <|> .nasl, .nasl3, .inc, .inc3, .nbin, .audit Client, plugin_upload <|> yes Client, kb_max_age <|> 864000 Client, kb_dont_replay_denials <|> no Client, kb_dont_replay_attacks <|> no Client, kb_dont_replay_info_gathering <|> no Client, kb_dont_replay_scanners <|> no Client, only_test_hosts_whose_kb_we_have <|> no Client, only_test_hosts_whose_kb_we_dont_have <|> no Client, kb_restore <|> no Client, save_knowledge_base <|> no Client, plugins_timeout <|> 2000 Client, non_simult_ports <|> 139, 445 Client, checks_read_timeout <|> 5 Client, language <|> english Client, log_whole_attack <|> yes Client, throttle_scan <|> yes Client, purge_plugin_db <|> no Client, auto_update_delay <|> 24 Client, auto_update <|> yes Client, Windows File Contents Compliance Checks[file]:Policy file #1 : <|> Client, Windows File Contents Compliance Checks[file]:Policy file #2 : <|> Client, Windows File Contents Compliance Checks[file]:Policy file #3 : <|> Client, Windows File Contents Compliance Checks[file]:Policy file #4 : <|> Client, Windows File Contents Compliance Checks[file]:Policy file #5 : <|> Client, SNMP settings[entry]:Community name : <|> public Client, SNMP settings[entry]:UDP port : <|> 161 Client, Nikto (NASL wrapper)[checkbox]:Force full (generic) scan <|> yes Client, Nikto (NASL wrapper)[checkbox]:Enable Nikto <|> yes Client, Services[entry]:Number of connections done in parallel : <|> 6 Client, Services[entry]:Network connection timeout : <|> 5 Client, Services[entry]:Network read/write timeout : <|> 5 Client, Services[entry]:Wrapped service read timeout : <|> 2 Client, Services[file]:SSL certificate : <|> Client, Services[file]:SSL private key : <|> Client, Services[password]:PEM password : <|> Client, Services[file]:CA file : <|> Client, Services[radio]:Test SSL based services <|> Known SSL ports Client, Nmap (NASL wrapper)[radio]:TCP scanning technique : <|> connect() Client, Nmap (NASL wrapper)[checkbox]:UDP port scan <|> no Client, Nmap (NASL wrapper)[checkbox]:Service scan <|> no Client, Nmap (NASL wrapper)[checkbox]:RPC port scan <|> no Client, Nmap (NASL wrapper)[checkbox]:Identify the remote OS <|> no Client, Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote OS <|> no Client, Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) <|> no Client, Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which ports are scanned <|> no Client, Nmap (NASL wrapper)[entry]:Source port : <|> Client, Nmap (NASL wrapper)[radio]:Timing policy : <|> Auto (nessus specific!) Client, Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : <|> Client, Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : <|> Client, Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : <|> Client, Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) <|> Client, Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) <|> Client, Nmap (NASL wrapper)[entry]:Host Timeout (ms) : <|> Client, Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) <|> Client, Nmap (NASL wrapper)[file]:File containing grepable results : <|> Client, Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file <|> no Client, Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe checks are set <|> no Client, SMB use domain SID to enumerate users[entry]:Start UID : <|> 1000 Client, SMB use domain SID to enumerate users[entry]:End UID : <|> 1200 Client, Misc information on News server[entry]:From address : <|> Nessus < [EMAIL PROTECTED]> Client, Misc information on News server[entry]:Test group name regex : <|> f[a-z]\.tests? Client, Misc information on News server[entry]:Max crosspost : <|> 7 Client, Misc information on News server[checkbox]:Local distribution <|> yes Client, Misc information on News server[checkbox]:No archive <|> no Client, Global variable settings[checkbox]:Enable CGI scanning <|> yes Client, Global variable settings[radio]:Network type <|> Mixed (use RFC 1918) Client, Global variable settings[checkbox]:Enable experimental scripts <|> no Client, Global variable settings[checkbox]:Thorough tests (slow) <|> no Client, Global variable settings[radio]:Report verbosity <|> Normal Client, Global variable settings[radio]:Report paranoia <|> Normal Client, Global variable settings[radio]:Log verbosity <|> Normal Client, Global variable settings[entry]:Debug level <|> 0 Client, Global variable settings[entry]:HTTP User-Agent <|> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Client, Ping the remote host[entry]:TCP ping destination port(s) : <|> built-in Client, Ping the remote host[checkbox]:Do an ARP ping <|> yes Client, Ping the remote host[checkbox]:Do a TCP ping <|> yes Client, Ping the remote host[checkbox]:Do an ICMP ping <|> no Client, Ping the remote host[entry]:Number of retries (ICMP) : <|> 6 Client, Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) <|> no Client, Ping the remote host[checkbox]:Make the dead hosts appear in the report <|> no Client, Ping the remote host[checkbox]:Log live hosts in the report <|> no Client, Ping the remote host[checkbox]:Test the local Nessus host <|> yes Client, SMB Scope[checkbox]:Request information about the domain <|> yes Client, SMB use host SID to enumerate local users[entry]:Start UID : <|> 1000 Client, SMB use host SID to enumerate local users[entry]:End UID : <|> 1200 Client, SMTP settings[entry]:Third party domain : <|> example.com Client, SMTP settings[entry]:From address : <|> [EMAIL PROTECTED] Client, SMTP settings[entry]:To address : <|> [EMAIL PROTECTED] Client, Unknown CGIs arguments torture[checkbox]:Send POST requests <|> no Client, Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : <|> Client, Kerberos configuration[entry]:Kerberos KDC Port : <|> 88 Client, Kerberos configuration[radio]:Kerberos KDC Transport : <|> udp Client, Kerberos configuration[entry]:Kerberos Realm (SSH only) : <|> Client, Login configurations[entry]:HTTP account : <|> Client, Login configurations[password]:HTTP password (sent in clear) : <|> Client, Login configurations[entry]:NNTP account : <|> Client, Login configurations[password]:NNTP password (sent in clear) : <|> Client, Login configurations[entry]:FTP account : <|> anonymous Client, Login configurations[password]:FTP password (sent in clear) : <|> [EMAIL PROTECTED] Client, Login configurations[entry]:FTP writeable directory : <|> /incoming Client, Login configurations[entry]:POP2 account : <|> Client, Login configurations[password]:POP2 password (sent in clear) : <|> Client, Login configurations[entry]:POP3 account : <|> Client, Login configurations[password]:POP3 password (sent in clear) : <|> Client, Login configurations[entry]:IMAP account : <|> Client, Login configurations[password]:IMAP password (sent in clear) : <|> Client, Login configurations[entry]:SMB account : <|> Client, Login configurations[password]:SMB password : <|> Client, Login configurations[entry]:SMB domain (optional) : <|> Client, Login configurations[radio]:SMB password type : <|> Password Client, Login configurations[entry]:Additional SMB account (1) : <|> Client, Login configurations[password]:Additional SMB password (1) : <|> Client, Login configurations[entry]:Additional SMB domain (optional) (1) : <|> Client, Login configurations[entry]:Additional SMB account (2) : <|> Client, Login configurations[password]:Additional SMB password (2) : <|> Client, Login configurations[entry]:Additional SMB domain (optional) (2) : <|> Client, Login configurations[entry]:Additional SMB account (3) : <|> Client, Login configurations[password]:Additional SMB password (3) : <|> Client, Login configurations[entry]:Additional SMB domain (optional) (3) : <|> Client, Login configurations[checkbox]:Never send SMB credentials in clear text <|> yes Client, Login configurations[checkbox]:Only use NTLMv2 <|> no Client, Oracle settings[entry]:Oracle SID : <|> Client, Oracle settings[checkbox]:Test default accounts (slow) <|> no Client, SSH settings[entry]:SSH user name : <|> root Client, SSH settings[password]:SSH password (unsafe!) : <|> Client, SSH settings[file]:SSH public key to use : <|> Client, SSH settings[file]:SSH private key to use : <|> Client, SSH settings[password]:Passphrase for SSH key : <|> Client, Do not scan fragile devices[checkbox]:Scan Network Printers <|> no Client, Do not scan fragile devices[checkbox]:Scan Novell Netware hosts <|> no Client, Cleartext protocols settings[entry]:User name : <|> Client, Cleartext protocols settings[password]:Password (unsafe!) : <|> Client, Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet <|> no Client, Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh <|> no Client, Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec <|> no Client, Web mirroring[entry]:Number of pages to mirror : <|> 200 Client, Web mirroring[entry]:Start page : <|> / Client, HTTP login page[entry]:Login page : <|> / Client, HTTP login page[entry]:Login form : <|> Client, HTTP login page[entry]:Login form fields : <|> user=%USER%&pass=%PASS% Client, Nessus TCP scanner[checkbox]:Scan ports in random order <|> yes Client, Nessus TCP scanner[checkbox]:Detect RST rate limitation <|> yes Client, Nessus TCP scanner[checkbox]:Detect firewall <|> yes Client, Nessus TCP scanner[checkbox]:Network congestion detection <|> yes Client, ntp_save_sessions <|> yes Client, ntp_detached_sessions <|> yes Client, server_info_nessusd_version <|> 3.0.5 Client, server_info_libnasl_version <|> 3.0.5 Client, server_info_libnessus_version <|> 3.0.5 Client, server_info_thread_manager <|> fork Client, server_info_os <|> Linux Client, server_info_os_version <|> 2.4.27-2-386 Client, <|> CLIENT Client, CLIENT <|> RULES <|> Client, <|> CLIENT Client, CLIENT <|> LONG_ATTACK <|> Client, 11 Client, 172.16.7.63 Server, SERVER <|> PREFERENCES_ERRORS <|> Server, <|> SERVER On 7/31/07, George A. Theall <[EMAIL PROTECTED]> wrote: > > On 07/31/07 03:18, kemal ayten wrote: > > > I use the words unstabilities since I can obtain nikto results from > > other clients such as NessWX and NessusClients(Boss) but this is not > > stable.In other words I sometimes obtain results sometimes not although > > conditions are same. This is also true for NessJ clients when I choose > > nikto and also other plugins. > > Do you obtain different results using the same client, the same > target(s), and the same configuration? If yes, which client (name, > version number, and operating platform) and exactly how is it configured? > > George > -- > [EMAIL PROTECTED] > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus >
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
