I still want to find out if Nikto worked at all. How should I confirm it since the report doesn't show Nikto's ID at all? Thanks.
YanYan >>> "George A. Theall" <[EMAIL PROTECTED]> 3/13/2008 9:27 PM >>> On Mar 13, 2008, at 4:34 PM, Yanyan Wang wrote: > 1. Disable Nikto from plugins, result shows there are 2 high vul. 0 > medium vul... > 2. Enable Nikto from plugins, the report is identical in 1. > 3. Enable Nikto from plugins and plugins preference, result shows 2 > high vul. and 3 medium risks. By "plugins preference", you mean the "Enable Nikto" preference, right? YES > 4. Disable Nikto from plugins, the result is identical as in 3. > 5. Disable Nikto from plugins and preferences, the result is still > the same as in 3. > > kb_restore is disabled. I did not find 14260 or Nikto in any of the > report. Can someone please explain a few questions I have? > > 1. Why step 1 to step 2 didn't differ, but step 2 to 3 did? Step 1 and 2 would be the same because you need to not only enable the Nikto plugin but also check the "Enable Nikto" plugin preference. Step 2 and 3... I'm not sure. Which plugins reported problems in #3 versus #2 or #1? 11213, 10916, 10915 > 2. Why step 3, 4, 5 are identical? The Nikto plugin issues a security note, indicating a low-risk vulnerability. If you're truly ignoring low-risk ones as you appear to be, that could explain why 3, 4, and 5 give you the same results. > 3. Is Nikto indeed working? If it does, shouldn't I see the ID no. > from the report? Yes, you should see the plugin id in the report as long as the plugin produced some output. Note that this will not happen if Nikto exits with an error of some type. Have you looked in the Nessus server's logs to see what if anything it says about Nikto? You may need to edit your policy to enable "Log details of the scan on the server" (under "Options"). Nikto lauched, here is the out put. launching nikto.nasl against "host ip" [583] nikto.nasl (process 583) finished its job in 0.000 seconds I start thinking that it wasn't Nikto that made difference on the report from step 2 to 3. I scanned a different host today, but the reports are exactly the same with or without nikto wrapper or with the "Enable Nikto" preference. Nikto.nasl lauched even without "Enable Nikto" preference. I searched the entire reports for both hosts, but 14260 does not appear any where. Thanks a lot. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
