Hi guys,<br><br>I know that libwhisker is the fella that bundles up all the SSL connectivity code, but Nikto2 is the only place where I use it, so it made sense to post here, first. <br><br>I've observed that when running a nikto2 scan on an https connection, the memory utilization of perl steadily increases over time, until the end of the scan. When I run a nikto scan against a non-ssl service, watching the process in top, perl never goes beyond 20 megabytes of memory usage throughout the scan. With an ssl service, we go through the scan and memory eventually climbs up to ~90 meg before the scan ends normally. I run multiple nikto scans in paralell, so every bit of memory counts :)<br>
<br>In my environment, I've got the following:<br>-nikto 2.02<br>-Net::SSLeay 1.30 (I've seen it also on 1.25 in other environments)<br>-Perl 5.8.5<br>-OpenSSL 0.9.7a (lots of backported fixes... this is on an essentially RHEL4 base, which we've customized a bit)<br>
-Net::SSL 2.84 / Crypt::SSLeay 0.57<br><br>I'm not doing anything special when launching nikto:<br>./nikto.pl -host IP -nolookup -port PORT -ssl -vhost HOSTNAME -Format xml -output out.xml<br><br>Libwhisker will first look for Net::SSLeay, and failing that goes to Net::SSL. What I've found is that when we use Net::SSLeay, the amount of memory used by perl keeps increasing. When I removed Net::SSLeay and dropped in Net::SSL, memory usage never went about 20 megabytes, much like that of the non-ssl scans we've done. <br>
<br>Like I said, this will probably have to get bounced over to the guys w/ libwhisker, but I'm wondering if anyone else running nikto2 has seen anything like this?<br><br>Thanks,<br><br>~Mike<br><br><br>