Hello, I've just committed an updated version of plugin for Nikto (http://cirt.net/nikto2) integration. It now works (even better) with the new Nikto 2.0. Please take a look at the new plugin and let me know what you think.
I've changed the plugin to be more verbose in case it was unable to start Nikto; the previous version would just silently fail if nikto.pl wasn't in the path or the target did not return 404 on non-existent pages. Older Nikto versions tended to report quite an amount of false positives if the target did not return 404s; the 2.0 version seems to report far less false positives in this case. I think it should be up to the user to perform a scan in this case and have added an option to force the scan under theses circumstances. Forcing this scan will now generate a warning in the report. The new plugin is geared towards Nikto 2.0 (although it will work with older versions), so I've removed the configuration options no longer supported in Nikto 2.0 from nikto.nasl. Since I haven't used Nikto in great detail, I'm not sure which options should be controllable from within OpenVAS. You can find a list of all available options at http://cirt.net/nikto2-docs/ch04.html ; any suggestions are appreciated. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabrück http://www.intevation.de/ Amtsgericht Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
