[Nikto-discuss] Bug: Nikto eating input from non-tty stdin

Serge van den Boom svdb at madison-gurkha.com
Fri Apr 15 09:53:38 CDT 2011


On Fri, 15 Apr 2011, Sullo wrote:
> On Fri, Apr 15, 2011 at 9:45 AM, Serge van den Boom
> <svdb at madison-gurkha.com> wrote:
>
>> Nikto eats characters from stdin, which is undesirable when this is not
>> a tty. For instance, the following Bourne shell script fragment will not
>> work:
>>    generateTargets | while read -r TARGET; do
>>        nikto.pl -Display V -Format txt -host "$TARGET" -output
>> nikto-"$TARGET".txt
>>    done
>>
>> After the first host, one or more characters from the beginning of "$TARGET"
>> may be cut for the following target.
>
> This should work just fine. If characters are being dropped from
> $TARGET than it seems like they are getting chopped out from
> generateTargets and not inside nikto. If you preface your nikto.pl
> line with an 'echo' to see what it's calling, is $TARGET intact or is
> it mangled already?
>
> I just tested out your script, replacing generateTargets with a simple
> file cat, and it seems to work fine.

There is no generateTargets script; I just used that as a placeholder
for any command which produces the targets. I can reproduce the issue
using the following oneliner:
     printf '127.0.0.1\n127.0.0.1\n127.0.0.1\n' | while read -r TARGET; do echo TARGET: "$TARGET"; nikto.pl -host "$TARGET" -output nikto-"$TARGET".txt; done

It will first initiate a scan of "127.0.0.1" (as it should), but then
"27.0.0.1". Note the missing "1".

The first "read" will read "127.0.0.1", the second one "27.0.0.1".
With 'set -x' in Bash, the following commands are shown to be executed:
     read -r TARGET
     printf '127.0.0.1\n127.0.0.1\n127.0.0.1'
     echo 127.0.0.1
     nikto.pl -host 127.0.0.1 -output nikto-127.0.0.1.txt
     read -r TARGET
     echo 27.0.0.1
     nikto.pl -host 27.0.0.1 -output nikto-27.0.0.1.txt
     read -r TARGET
     echo 27.0.0.1
     nikto.pl -host 27.0.0.1 -output nikto-27.0.0.1.txt
     read -r TARGET

I should add that this is using Nikto 2.1.4, and that I have seen this on
different operating systems, using different shells.

There does appear to be some timing involved; sometimes the same lines
do seem to work; if you can't reproduce it at first, just try again.

I suspect that the problem lies in the (use of the) readkey function in
plugins/nikto_core.plugin.


On Fri, 15 Apr 2011, dave at cirt.net wrote:
> The above is also how I run Nikto (except I do the simpler way:)
> for i in $(generateTargets); do nikto -D V -host $i -output nikto-$i.txt;done

I try to avoid such constructs in principle, because this does not
handle white space in lines read well. Though for host names or IP
addresses that should not be a problem.

> If you're running nikto-2.1.3 or later you don't need the -format if you've 
> got a standard extension (e.g. .html .txt or .xml).

Noted. Thanks.

> This would probably fail on Windows; but I'm interested in the contents of 
> your generateTargets script to see what's happening.

See above.


Regards,

Serge


More information about the Nikto-discuss mailing list