[Nikto-discuss] Fwd: change @CGIDIRS

John Smith deaf.c0t at gmail.com
Thu Mar 18 18:08:05 UTC 2010 

I'll continue ask my questions, if you don't contradict :)

2010/3/13 David Lodge <dave at cirt.net>:

> What you can do though is to create a file called plugins/udb_variables and
> put your enhanced @CGIDIRS in there. This is a user database and will
> override any variables in db_variables.
>
> It looks like I'll need to update the docs on this.

Yes, it works. But my @CGIDIRS doesn't override default values. My
value is added!
So, I have to write in udb_variables :
@CGIDIRS=<SPACE>/mycgi/ ..

I had to use SPACE or I got something like that:
... /cgi-perl//mycgi-bin/


Do another variables(@USERS etc) work as above?

And the most important thing. My local apache has /cgi-bin/ directory,
but Nikto didn't report me about it. I added this line:
@HTTPFOUND=200 301 302 401 403  500
to udb_variables. And run:
perl nikto.pl -Display 124V -Cgidirs all -mutate 1 -Tuning 0123b
-Format htm -o webapp- webapp-localhost localhost.htm -host localhost

but when I use browser I get:
Access forbidden!
 You don't have permission to access the requested directory. There is
either no index document or the directory is read-protected.
 If you think this is a server error, please contact the webmaster.
Error 403

Does Nikto inform me about it?
>
> We could need some help with documentation - neither Sullo or I have had a
> chance to do a proper review of it for readability purposes, so if you do
> notice anything that sounds strange or is plain wrong then please highlight
> it.
>
Okay, I'll try.

Another question. When I started scan local web server with options:
perl nikto.pl -Display 12  -host localhost -Cgidirs all -mutate 123

Nikto ate all RAM.
Some system information:
Suse Linux x64, 2GB RAM, AMD Athlon(tm) 64 X2 Dual Core

> free
                   total       used       free     shared    buffers     cached
Mem:       1923368    1908528      14840          0       3276     670412
-/+ buffers/cache:    1234840     688528
Swap:      8393912    2674392    5719520

> perl -v
This is perl, v5.10.0 built for x86_64-linux-thread-multi
Copyright 1987-2007, Larry Wall

top showed ~70% using system's memory.

Thanks!

More information about the Nikto-discuss mailing list