[Nikto-discuss] Bug: Nikto eating input from non-tty stdin

dave at cirt.net dave at cirt.net
Fri Apr 15 09:16:37 CDT 2011

Quoting Serge van den Boom <svdb at madison-gurkha.com>:
> Nikto eats characters from stdin, which is undesirable when this is not
> a tty. For instance, the following Bourne shell script fragment will not
> work:
>     generateTargets | while read -r TARGET; do
>         nikto.pl -Display V -Format txt -host "$TARGET" -output  
> nikto-"$TARGET".txt
>     done
> After the first host, one or more characters from the beginning of "$TARGET"
> may be cut for the following target.

This is strange - Nikto does read from the tty; but this is directly  
from the tty, not from stdin.

The above is also how I run Nikto (except I do the simpler way:)
for i in $(generateTargets); do nikto -D V -host $i -output nikto-$i.txt;done

If you're running nikto-2.1.3 or later you don't need the -format if  
you've got a standard extension (e.g. .html .txt or .xml).

> Suggested solution:
> Check whether stdin is a tty, and do not read from it if it is not.
> (Alternatively, reopen stdin from /dev/tty.)
> Workaround:
> Redirect stdin from /dev/null in the invocation of nikto.pl.

This would probably fail on Windows; but I'm interested in the  
contents of your generateTargets script to see what's happening.

More information about the Nikto-discuss mailing list