On Fri, 26 Sep 2008 13:47:23 +0200 Micha Borrmann <[EMAIL PROTECTED]> wrote:
> - Is nikto installed inside the VMware image? Calling external programs from Nessus is a simple way to extend it (*), but it creates many problems if these programs do not behave as expected. 1. It can be slow If Nikto takes a long time to perform its task, your Nessus scan will be stuck. script_timeout may not be an option if killing the external program is undesirable (e.g. if it manages a database which would become inconsistent) 2. It can be dangerous Worse, I nearly froze a machine when the Medusa FTP module started looping (a multithreaded program eating all CPU is really dangerous). Now you know why the Medusa wrappers will never be in the official feed. 3. It is not efficient We already wrote many times here why calling Nmap from Nessus is resource greedy, as the architectures of the tools are different and do not fit together. http://www.nessus.org/documentation/index.php?doc=nmap-usage (*) Concerning Nikto, I'd like to know if you found some flaws that are reported by Nikto and not by some Nessus script. I wrote the Nikto wrapper a long time ago, it now appears redundant with Nessus "CGI abuses","CGI abuses: XSS" and "Web servers" families. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
