[Nikto-discuss] Nikto plugin for Nessus
subs at qcontinuum.plus.com
Fri May 4 06:27:54 CDT 2012
Having spent considerable time on this, I'm wondering whether the fact
that it worked at all in the first place was a fluke!
It seems to come down to some kind of problem with how the pread
function determines 'the directory where the command was found' when the
the cd parameter is set to true or 1. Since find_in_path does not
directly return a value, I'm not sure how pread can determine that path.
If the return value is being stored somewhere then it appears to be
getting changed before we reach the call to pread. Whatever the case,
end result was always the same; the cmd variable was getting set to
'nikto' but the plugin was still returning 'Nikto was not found in $PATH'.
Since I also wanted to be able to run Nikto on Windows (for no other
reason than the fact that the organization I work for is insisting on
it) I decided to investigate the workings of nikto.nasl and modify it to
allow an override of this 'auto detect' feature.
It seems this was a worthwhile effort as I now have an version of the
plugin that allows the admin to override the result of the
'find_in_path' function and specify an absolute path to Nikto. In
addition, I provided a second field to specify optional additional
parameters. On a Windows system this allows the admin to specify 'perl'
as the command and the path to the Nikto script as the first command
line option. If the new fields are left blank, then the plugin behaves
as it always has done. The only restriction is that for it to work on
Windows, you have to be running Nessus 5.x. As I understand it, Nessus
4.x does not support the pread function on Windows.
Until I can figure out how to sign the plugin, I've had to set
nasl_no_signature_check = yes.
If the code is of interest to anyone, I will be happy to supply it.
On 01/05/2012 19:18, security curmudgeon wrote:
> On Tue, 1 May 2012, Subscriptions wrote:
> : I'm not sure who is responsible for the nikto.nasl Nessus plugin, but
> : since I haven't got a response from Tenable yet, I decided to raise the
> : issue here as well.
> 5.0.1 I assume (Apr 16)?
> : I recently discovered the Nikto plugin for Nessus and installed it on
> : our server running Nessus 5.1. Having followed the configuration steps
> : on Tenable's website I got everything working nicely. About a week ago
> : it suddenly stopped working.
> That plugin has not been changed since 2011/03/21, so it shouldn't be
> related to it. The upgrade to 5.0.1, or if you upgraded Nikto recently,
> may be an issue.
> : I see a 'perl nikto.pl' process starting while the scan is in progress.
> : Although the plugins have been updated via our Professional Feed, the
> : nikto.nasl plugin appears to have the same date and appears
> unchanged. I
> : think this may be a Nessus rather than a Nikto issue so apologies if I
> : shouldn't have posted here, but I'm running out of ideas and was hoping
> : that someone might have thought of something I haven't.
> First, can you confirm the exact dates of when it last worked, as
> compared to when you upgraded to 5.0.1?
More information about the Nikto-discuss