[Nikto-discuss] nikto using 1.5Gb memory

Sullo csullo at gmail.com
Tue Dec 15 20:26:18 UTC 2009

On Tue, Dec 15, 2009 at 12:31 PM, david lodge <resident.deity at gmail.com> wrote:
> This has been complained about a few times - mutate option 1 is the
> evil one. Without significantly changing the way this works, the only
> real mitigation I could do was to put a note in the docs about it
> (http://cirt.net/nikto2-docs/usage.html#id2788815).

I'm sure we can do better! :-)

> In terms of databases, we have the current Nikto format, which is
> basically CSV files that are read into memory when used. This has
> coped well for many years, but is creaking a bit at the sides
> (especially around double quotes and reg exp characters). I did raise
> the question about dblite a year or so ago and it was decided against
> it as it would require DBD and sqlite.

I have a lot of heartburn about this, but maybe it's unavoidable? Just
poking around I found these two things I didn't know about, neither of
which helps this problem but are interesting nonetheless:

The first is just odd/interesting--I had no idea. The latter may help
solve some of the error checking issues we have if we stick with flat
files. but I didn't find a magic bullet that would let us use csv as
relational databases in a pure perl solution. oh well. I'd consider
XML but the filesize gets huge rather quickly.

> We may be able to rewrite the mutate 1 option so that it dynamically
> makes new tests as it goes, but this will require some thinking.

That's what I was thinking as well...would solve this problem w/o
resorting to relying on installed software.

> It's
> definately something to think about for the next version. Though with
> the plugin in interface it looks like we may deprecate the mutations
> in flavour of known plugins (once I work out a sensible way to do it).

Interesting idea!


http://www.cirt.net     |      http://www.osvdb.org/

More information about the Nikto-discuss mailing list