[Nikto-discuss] Nikto2 + Net::SSLeay memory leak?

mike falter+nikto at gmail.com
Wed Apr 23 14:01:40 UTC 2008

> On Wed, Apr 23, 2008 at 7:48 AM, Sullo <sullo at cirt.net> wrote:
> I forwarded the initial report to rfp and we both suspect SSLeay as
> the culprit, but haven't had a chance to dig into it yet. The thing to
> do would be to write a test program which uses LWP+SSLeay and see if
> it suffers from a similar memory drain... at least then it would
> confirm the bug is not in Nikto/LW.

My gut tells me that it has something to do with either libwhisker's
cleanup of the Net::SSLeay objects, or cleanup internal to
Net::SSLeay. Nikto is a bit unique in that he initiates thousands of
connections over a short period of time. So, a small leak is a far
greater deal to Nikto than it is to most devs using Net:SSLeay.

When I did a timing comparison between Net:SSLeay and Net:SSL, I
couldn't see that significant of a difference. It'd be nice if
libwhisker had the option to use one over the other. Given this leak,
I get nervous having to rely on the lack of Net:SSLeay for libwhisker
to move onto Net::SSL.. Perhaps if you guys have rfp's ear, you could
drop that one in there :)


More information about the Nikto-discuss mailing list