[Nikto-discuss] Nikto plugin for Nessus

Subscriptions subs at qcontinuum.plus.com
Fri May 4 06:27:54 CDT 2012

Having spent considerable time on this, I'm wondering whether the fact 
that it worked at all in the first place was a fluke!

It seems to come down to some kind of problem with how the pread 
function determines 'the directory where the command was found' when the 
the cd parameter is set to true or 1. Since find_in_path does not 
directly return a value, I'm not sure how pread can determine that path. 
If the return value is being stored somewhere then it appears to be 
getting changed before we reach the call to pread. Whatever the case, 
end result was always the same; the cmd variable was getting set to 
'nikto' but the plugin was still returning 'Nikto was not found in $PATH'.

Since I also wanted to be able to run Nikto on Windows (for no other 
reason than the fact that the organization I work for is insisting on 
it) I decided to investigate the workings of nikto.nasl and modify it to 
allow an override of this 'auto detect' feature.

It seems this was a worthwhile effort as I now have an version of the 
plugin that allows the admin to override the result of the 
'find_in_path' function and specify an absolute path to Nikto. In 
addition, I provided a second field to specify optional additional 
parameters. On a Windows system this allows the admin to specify 'perl' 
as the command and the path to the Nikto script as the first  command 
line option. If the new fields are left blank, then the plugin behaves 
as it always has done. The only restriction is that for it to work on 
Windows, you have to be running Nessus 5.x. As I understand it, Nessus 
4.x does not support the pread function on Windows.

Until I can figure out how to sign the plugin, I've had to set 
nasl_no_signature_check = yes.

If the code is of interest to anyone, I will be happy to supply it.

On 01/05/2012 19:18, security curmudgeon wrote:
> On Tue, 1 May 2012, Subscriptions wrote:
> : I'm not sure who is responsible for the nikto.nasl Nessus plugin, but
> : since I haven't got a response from Tenable yet, I decided to raise the
> : issue here as well.
> 5.0.1 I assume (Apr 16)?
> : I recently discovered the Nikto plugin for Nessus and installed it on
> : our server running Nessus 5.1. Having followed the configuration steps
> : on Tenable's website I got everything working nicely. About a week ago
> : it suddenly stopped working.
> That plugin has not been changed since 2011/03/21, so it shouldn't be
> related to it. The upgrade to 5.0.1, or if you upgraded Nikto recently,
> may be an issue.
> : I see a 'perl nikto.pl' process starting while the scan is in progress.
> : Although the plugins have been updated via our Professional Feed, the
> : nikto.nasl plugin appears to have the same date and appears 
> unchanged. I
> : think this may be a Nessus rather than a Nikto issue so apologies if I
> : shouldn't have posted here, but I'm running out of ideas and was hoping
> : that someone might have thought of something I haven't.
> First, can you confirm the exact dates of when it last worked, as
> compared to when you upgraded to 5.0.1?

More information about the Nikto-discuss mailing list