[Nikto-discuss] nikto using 1.5Gb memory

Tim Waters tim.waters at lbvd.nl
Tue Dec 15 14:59:00 UTC 2009 

Hi list,

Today my Nikto hung up on by using 1.5 Gb of memory. I had a tweet about 
it and Chris asked me to put it on the list.
So here it is :)

This is what I did.
1. I had not used nikto in a while, so decided to update it first with 
nikto --update like this:

./nikto.pl -update
+ Retrieving 'db_outdated'
+ www.cirt.net message: Please submit your bugs!!

2. I ran a scan with a few options like this:
./nikto.pl -Cgidirs all -host <IP> -mutate 
../../../../Desktop/scan/03.nikto-<ip-address>.txt
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP:          <IP>
+ Target Hostname:    <HOST>
+ Target Port:        80
+ Using Mutation:     Test all files with all root directories
+ Using Mutation:     Guess for password file names
+ Using Mutation:     Enumerate user names via Apache (/~user type requests)
+ Using Mutation:     Enumerate user names via cgiwrap 
(/cgi-bin/cgiwrap/~user type requests)
+ Start Time:         2009-12-16 10:03:17
---------------------------------------------------------------------------
+ Server: Apache
^Cbash: [8182: 1] tcsetattr: Interrupted system call

In the last line you can see I had to interrupt it because it slowed my 
system down to much.

Other scans with less options ( setting -Cgidirs to none, setting 
-mutate to 2 or 3, or lossing -mutate at all ) did not end up with nikto 
using as much memory.

More info:

Nikto Versions
---------------------------------------------------------------------------
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.03
LibWhisker                         2.4
db_404_strings                     2.000       
db_favicon                         2.003       
db_outdated                        2.008       
db_realms                          2.000       
db_server_msgs                     2.002       
db_tests                           2.004        #LASTMOD:Mon Jan 26 
11:34:05 2009
db_variables                       2.000       
nikto_apache_expect_xss.plugin     2.00        
nikto_apacheusers.plugin           2.02        
nikto_cgi.plugin                   2.02        
nikto_core.plugin                  2.04        
nikto_favicon.plugin               2.04        
nikto_headers.plugin               2.03        
nikto_httpoptions.plugin           2.03        
nikto_msgs.plugin                  2.02        
nikto_mutate.plugin                2.03        
nikto_outdated.plugin              2.04        
nikto_passfiles.plugin             2.00        
nikto_plugin_order.txt             2.00        
nikto_put_del_test.plugin          2.01        
nikto_reports.plugin               2.02        
nikto_robots.plugin                2.01        
nikto_single.plugin                2.00        
nikto_user_enum_apache.plugin      2.01        
nikto_user_enum_cgiwrap.plugin     2.02    

Regards,

Tim

More information about the Nikto-discuss mailing list