From david.wray at sec-tec.co.uk Wed Mar 13 15:55:04 2013 From: david.wray at sec-tec.co.uk (Dave Wray) Date: Wed, 13 Mar 2013 20:55:04 -0000 Subject: [Nikto-discuss] Non integer pause times not working as expected Message-ID: <002501ce202d$096bf410$1c43dc30$@wray@sec-tec.co.uk> All, I'm having trouble setting non-integer pauses times such as 0.5 seconds. Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero. Thanks in advance. D ________________________________________________________________________ Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sullo at cirt.net Sun Mar 17 08:02:14 2013 From: sullo at cirt.net (Sullo) Date: Sun, 17 Mar 2013 09:02:14 -0400 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: <-5697622048266559973@unknownmsgid> References: <-5697622048266559973@unknownmsgid> Message-ID: Do you have the TIme::HiRes module installed? If you do, any valid number > 0 should work. For example: sullo$ ./nikto.pl -h localhost -Pause .5 -***** Pausing .5 second(s) per request ***** If you don't have Time::HiRes you can still use Pause but you can only use whole seconds. This may be what is tripping you up? Regards, Sullo On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray wrote: > All,**** > > ** ** > > I?m having trouble setting non-integer pauses times such as 0.5 seconds. * > *** > > Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero.**** > > ** ** > > Thanks in advance.**** > > ** ** > > D**** > > ** ** > > ________________________________________________________________________ > Sec-Tec Ltd, leading specialists in information security professional > services. Visit http://www.sec-tec.co.uk for more information on our > services. This e-mail has been scanned for possible virus contamination. > However, we recommend that all recipients also scan this message. > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From robin at digininja.org Sun Mar 17 08:30:11 2013 From: robin at digininja.org (Robin Wood) Date: Sun, 17 Mar 2013 13:30:11 +0000 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: References: <-5697622048266559973@unknownmsgid> Message-ID: On Mar 17, 2013 1:02 PM, "Sullo" wrote: > > Do you have the TIme::HiRes module installed? If you do, any valid number > 0 should work. For example: > > sullo$ ./nikto.pl -h localhost -Pause .5 > -***** Pausing .5 second(s) per request ***** > > If you don't have Time::HiRes you can still use Pause but you can only use whole seconds. This may be what is tripping you up? > > Regards, > Sullo Are there any other optional dependencies like this that are worth installing? Robin > > On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray wrote: >> >> All, >> >> >> >> I?m having trouble setting non-integer pauses times such as 0.5 seconds. >> >> Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero. >> >> >> >> Thanks in advance. >> >> >> >> D >> >> >> >> >> ________________________________________________________________________ >> Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. >> >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss >> > > > > -- > > http://cirt.net | http://richsec.com/ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sullo at cirt.net Sun Mar 17 08:46:14 2013 From: sullo at cirt.net (Sullo) Date: Sun, 17 Mar 2013 09:46:14 -0400 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: References: <-5697622048266559973@unknownmsgid> Message-ID: Good question which should be documented. Adding to comments in nikto.plfor now and will get it in the official docs later... # Optional modules loaded elsehwere: POSIX -- reading in passwords w/o echoing characters Time::HiRes -- pause/sleep functionality # MSF report plugin RPC::XML RPC::XML::Client # JSON-PP.pm -- for -Savedir functionality Math::BigInt Math::BigFloat Encode Scalar::Util # LW2 -- these may be faster than built-in LW code but will not fail w/o MIME::Base64 MD5 On Sun, Mar 17, 2013 at 9:30 AM, Robin Wood wrote: > > On Mar 17, 2013 1:02 PM, "Sullo" wrote: > > > > Do you have the TIme::HiRes module installed? If you do, any valid > number > 0 should work. For example: > > > > sullo$ ./nikto.pl -h localhost -Pause .5 > > -***** Pausing .5 second(s) per request ***** > > > > If you don't have Time::HiRes you can still use Pause but you can only > use whole seconds. This may be what is tripping you up? > > > > Regards, > > Sullo > > Are there any other optional dependencies like this that are worth > installing? > > Robin > > > > > On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray > wrote: > >> > >> All, > >> > >> > >> > >> I?m having trouble setting non-integer pauses times such as 0.5 seconds. > >> > >> Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero. > >> > >> > >> > >> Thanks in advance. > >> > >> > >> > >> D > >> > >> > >> > >> > >> ________________________________________________________________________ > >> Sec-Tec Ltd, leading specialists in information security professional > services. Visit http://www.sec-tec.co.uk for more information on our > services. This e-mail has been scanned for possible virus contamination. > However, we recommend that all recipients also scan this message. > >> > >> _______________________________________________ > >> Nikto-discuss mailing list > >> Nikto-discuss at attrition.org > >> https://attrition.org/mailman/listinfo/nikto-discuss > >> > > > > > > > > -- > > > > http://cirt.net | http://richsec.com/ > > > > _______________________________________________ > > Nikto-discuss mailing list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From robin at digininja.org Sun Mar 17 09:06:13 2013 From: robin at digininja.org (Robin Wood) Date: Sun, 17 Mar 2013 14:06:13 +0000 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: References: <-5697622048266559973@unknownmsgid> Message-ID: On Mar 17, 2013 1:46 PM, "Sullo" wrote: > > Good question which should be documented. Adding to comments in nikto.plfor now and will get it in the official docs later... > > # Optional modules loaded elsehwere: > POSIX -- reading in passwords w/o echoing characters > Time::HiRes -- pause/sleep functionality > > # MSF report plugin > RPC::XML > RPC::XML::Client > > # JSON-PP.pm -- for -Savedir functionality > Math::BigInt > Math::BigFloat > Encode > Scalar::Util > > # LW2 -- these may be faster than built-in LW code but will not fail w/o > MIME::Base64 > MD5 > Thanks, I'll make sure I have them installed. Robin > On Sun, Mar 17, 2013 at 9:30 AM, Robin Wood wrote: >> >> >> On Mar 17, 2013 1:02 PM, "Sullo" wrote: >> > >> > Do you have the TIme::HiRes module installed? If you do, any valid number > 0 should work. For example: >> > >> > sullo$ ./nikto.pl -h localhost -Pause .5 >> > -***** Pausing .5 second(s) per request ***** >> > >> > If you don't have Time::HiRes you can still use Pause but you can only use whole seconds. This may be what is tripping you up? >> > >> > Regards, >> > Sullo >> >> Are there any other optional dependencies like this that are worth installing? >> >> Robin >> >> > >> > On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray wrote: >> >> >> >> All, >> >> >> >> >> >> >> >> I?m having trouble setting non-integer pauses times such as 0.5 seconds. >> >> >> >> Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero. >> >> >> >> >> >> >> >> Thanks in advance. >> >> >> >> >> >> >> >> D >> >> >> >> >> >> >> >> >> >> ________________________________________________________________________ >> >> Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. >> >> >> >> _______________________________________________ >> >> Nikto-discuss mailing list >> >> Nikto-discuss at attrition.org >> >> https://attrition.org/mailman/listinfo/nikto-discuss >> >> >> > >> > >> > >> > -- >> > >> > http://cirt.net | http://richsec.com/ >> > >> > _______________________________________________ >> > Nikto-discuss mailing list >> > Nikto-discuss at attrition.org >> > https://attrition.org/mailman/listinfo/nikto-discuss >> > >> >> >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss >> > > > > -- > > http://cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.wray at sec-tec.co.uk Mon Mar 18 12:51:08 2013 From: david.wray at sec-tec.co.uk (Dave Wray) Date: Mon, 18 Mar 2013 17:51:08 -0000 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: References: <-5697622048266559973@unknownmsgid> Message-ID: <006501ce2401$2ba34290$82e9c7b0$@wray@sec-tec.co.uk> Hi, I installed Time::HiRes (v1.9725), the module's path is in my @INC path, but I still cannot get this to work. Nikto reports that it is pausing .5 seconds, but the web server log shows a much faster rate. Is anyone else able to confirm if they have this working as expected? Not just reporting 0.5 seconds pause but actually pausing between requests for that time. Anything I can try? Many thanks D From: csullo at gmail.com [mailto:csullo at gmail.com] On Behalf Of Sullo Sent: 17 March 2013 13:02 To: Dave Wray Cc: Nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Non integer pause times not working as expected Do you have the TIme::HiRes module installed? If you do, any valid number > 0 should work. For example: sullo$ ./nikto.pl -h localhost -Pause .5 -***** Pausing .5 second(s) per request ***** If you don't have Time::HiRes you can still use Pause but you can only use whole seconds. This may be what is tripping you up? Regards, Sullo On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray wrote: All, I'm having trouble setting non-integer pauses times such as 0.5 seconds. Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero. Thanks in advance. D ________________________________________________________________________ Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss -- http://cirt.net | http://richsec.com/ ________________________________________________________________________ Sec-Tec Ltd, leading specialists in information security professional services. Visit http://www.sec-tec.co.uk for more information on our services. This e-mail has been scanned for possible virus contamination. However, we recommend that all recipients also scan this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sullo at cirt.net Mon Mar 18 18:30:25 2013 From: sullo at cirt.net (Sullo) Date: Mon, 18 Mar 2013 19:30:25 -0400 Subject: [Nikto-discuss] Non integer pause times not working as expected In-Reply-To: <5147543f.07e6ec0a.6064.6327SMTPIN_ADDED_BROKEN@mx.google.com> References: <-5697622048266559973@unknownmsgid> <5147543f.07e6ec0a.6064.6327SMTPIN_ADDED_BROKEN@mx.google.com> Message-ID: Well I learned something new--If you 'use' a module and include keywords (like 'sleep', which we did here) the keywords are only local to that scope. So essentially a sleep() call inside the eval would have used the Time::HiRes, but nothing outside. It's been changed to a require which seems to fix the issue as that is global. My testing shows the requests quite a bit slower than normal--Dave, can you confirm (running out of the git repo). Thanks, Sullo On Mon, Mar 18, 2013 at 1:51 PM, Dave Wray wrote: > Hi,**** > > ** ** > > I installed Time::HiRes (v1.9725), the module?s path is in my @INC path, > but I still cannot get this to work.**** > > ** ** > > Nikto reports that it is pausing .5 seconds, but the web server log shows > a much faster rate. Is anyone else able to confirm if they have this > working as expected? Not just reporting 0.5 seconds pause but actually > pausing between requests for that time.**** > > ** ** > > Anything I can try?**** > > ** ** > > Many thanks**** > > ** ** > > D**** > > ** ** > > ** ** > > *From:* csullo at gmail.com [mailto:csullo at gmail.com] *On Behalf Of *Sullo > *Sent:* 17 March 2013 13:02 > *To:* Dave Wray > *Cc:* Nikto-discuss at attrition.org > *Subject:* Re: [Nikto-discuss] Non integer pause times not working as > expected**** > > ** ** > > Do you have the TIme::HiRes module installed? If you do, any valid number > > 0 should work. For example:**** > > ** ** > > sullo$ ./nikto.pl -h localhost -Pause .5**** > > -***** Pausing .5 second(s) per request ********* > > ** ** > > If you don't have Time::HiRes you can still use Pause but you can only use > whole seconds. This may be what is tripping you up? **** > > ** ** > > Regards,**** > > Sullo**** > > ** ** > > ** ** > > On Wed, Mar 13, 2013 at 4:55 PM, Dave Wray > wrote:**** > > All,**** > > **** > > I?m having trouble setting non-integer pauses times such as 0.5 seconds. * > *** > > Nikto 2.1.5 (fully updated) seems to treat values less than 1 as zero.**** > > **** > > Thanks in advance.**** > > **** > > D**** > > **** > > > ________________________________________________________________________ > Sec-Tec Ltd, leading specialists in information security professional > services. Visit http://www.sec-tec.co.uk for more information on our > services. This e-mail has been scanned for possible virus contamination. > However, we recommend that all recipients also scan this message.**** > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss**** > > > > **** > > ** ** > > -- > > http://cirt.net | http://richsec.com/ **** > > ________________________________________________________________________ > Sec-Tec Ltd, leading specialists in information security professional > services. Visit http://www.sec-tec.co.uk for more information on our > services. This e-mail has been scanned for possible virus contamination. > However, we recommend that all recipients also scan this message. > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: