From yanwang at mail.ucf.edu Wed Mar 12 03:24:47 2008 From: yanwang at mail.ucf.edu (Yanyan Wang) Date: Tue, 11 Mar 2008 23:24:47 -0400 Subject: [Nikto-discuss] Nikto in Nessus Message-ID: <47D714BF.8E40.001B.0@mail.ucf.edu> Hello there, I am trying to use Nikto in Nessus. So far Nessus has not been able to detect Nikto. I am using OpenSuse 10.3, Nessus 3.0.6, Nikto 2.02. Both Nessus and Nikto run as root and Nikto is added to the root path environment. I don't see Nikto in the plugins after I restarted the server. Any help is greatly appreciated. YanYan From FBreedijk at schubergphilis.com Wed Mar 12 09:43:12 2008 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 12 Mar 2008 10:43:12 +0100 Subject: [Nikto-discuss] Nikto in Nessus In-Reply-To: <47D714BF.8E40.001B.0@mail.ucf.edu> References: <47D714BF.8E40.001B.0@mail.ucf.edu> Message-ID: YanYan, I noticed the same thing and it appears to be an issue in the nikto plugin (14260) at least on nessus 2.2.10. This is the message I set to nessus bug-report. -----Original Message----- From: Frank Breedijk Sent: 27 February 2008 12:29 To: 'bug-reports at nessus.org' Subject: Nikto.nasl not loaded in 2.2.10 This is the error message I am getting: Loading the plugins... 19890 (out of 20581)nessus-libraries/libnessus/store.c: /usr/lib64/nessus/plugins/nikto.nasl has a too long preference-name (69) nikto.nasl failed to load All plugins loaded Killed I use nessus 2.2.10 on gentoo. ------------------------------------------------------------------------------ Frank Breedijk, CISSP - Security Engineer fbreedijk at schubergphilis.com - www.schubergphilis.com -----Original Message----- From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Yanyan Wang Sent: 12 March 2008 04:25 To: nikto-discuss at attrition.org Subject: [Nikto-discuss] Nikto in Nessus Hello there, I am trying to use Nikto in Nessus. So far Nessus has not been able to detect Nikto. I am using OpenSuse 10.3, Nessus 3.0.6, Nikto 2.02. Both Nessus and Nikto run as root and Nikto is added to the root path environment. I don't see Nikto in the plugins after I restarted the server. Any help is greatly appreciated. YanYan _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From imageek72 at gmail.com Wed Mar 12 12:29:04 2008 From: imageek72 at gmail.com (Tony) Date: Wed, 12 Mar 2008 07:29:04 -0500 Subject: [Nikto-discuss] Nikto in Nessus In-Reply-To: References: <47D714BF.8E40.001B.0@mail.ucf.edu> Message-ID: <14ee10cd0803120529g4dcc6b96m4184e11e9ff6cf42@mail.gmail.com> On Wed, Mar 12, 2008 at 4:43 AM, Frank Breedijk wrote: > YanYan, > > I noticed the same thing and it appears to be an issue in the nikto plugin (14260) at least on nessus 2.2.10. > > This is the message I set to nessus bug-report. > > -----Original Message----- > From: Frank Breedijk > Sent: 27 February 2008 12:29 > To: 'bug-reports at nessus.org' > Subject: Nikto.nasl not loaded in 2.2.10 > > This is the error message I am getting: > > Loading the plugins... 19890 (out of 20581)nessus-libraries/libnessus/store.c: /usr/lib64/nessus/plugins/nikto.nasl has a too long preference-name (69) > nikto.nasl failed to load > All plugins loaded > Killed > > I use nessus 2.2.10 on gentoo. > > On gentoo you need to use the latest version of nessus-bin. I had to copy the ebuild from portage to a PORTDIR_OVERLAY (/usr/local/portage/net-analyzer/nessus-bin/) and rename it to the current version available from tenables website. You have to prefetch the suse Nessus-3.0.6-suse10.0.i586.rpm and put it in the /usr/portage/distfiles. Then it should build fine and be able to use the latest version of nikto. From FBreedijk at schubergphilis.com Wed Mar 12 13:26:18 2008 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 12 Mar 2008 14:26:18 +0100 Subject: [Nikto-discuss] Nikto in Nessus In-Reply-To: <14ee10cd0803120529g4dcc6b96m4184e11e9ff6cf42@mail.gmail.com> References: <47D714BF.8E40.001B.0@mail.ucf.edu> <14ee10cd0803120529g4dcc6b96m4184e11e9ff6cf42@mail.gmail.com> Message-ID: Tony, That would work if I was running on i386 unfortunately I am running on amd64 for which nessus-bin is not available. But, I have also tested using nessus3 on CentOS (RedHat EL recompile) and I did not have an active nikto plugin there either even though the nikto.nasl wrapper was available. Frank ------------------------------------------------------------------------------ Frank Breedijk, CISSP - Security Engineer fbreedijk at schubergphilis.com - www.schubergphilis.com -----Original Message----- From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Tony Sent: 12 March 2008 13:29 To: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto in Nessus On Wed, Mar 12, 2008 at 4:43 AM, Frank Breedijk wrote: > YanYan, > > I noticed the same thing and it appears to be an issue in the nikto plugin (14260) at least on nessus 2.2.10. > > This is the message I set to nessus bug-report. > > -----Original Message----- > From: Frank Breedijk > Sent: 27 February 2008 12:29 > To: 'bug-reports at nessus.org' > Subject: Nikto.nasl not loaded in 2.2.10 > > This is the error message I am getting: > > Loading the plugins... 19890 (out of 20581)nessus-libraries/libnessus/store.c: /usr/lib64/nessus/plugins/nikto.nasl has a too long preference-name (69) > nikto.nasl failed to load > All plugins loaded > Killed > > I use nessus 2.2.10 on gentoo. > > On gentoo you need to use the latest version of nessus-bin. I had to copy the ebuild from portage to a PORTDIR_OVERLAY (/usr/local/portage/net-analyzer/nessus-bin/) and rename it to the current version available from tenables website. You have to prefetch the suse Nessus-3.0.6-suse10.0.i586.rpm and put it in the /usr/portage/distfiles. Then it should build fine and be able to use the latest version of nikto. _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From yanwang at mail.ucf.edu Wed Mar 12 23:05:42 2008 From: yanwang at mail.ucf.edu (Yanyan Wang) Date: Wed, 12 Mar 2008 19:05:42 -0400 Subject: [Nikto-discuss] Nikto in Nessus In-Reply-To: References: <47D714BF.8E40.001B.0@mail.ucf.edu> Message-ID: <47D82986.8E40.001B.0@mail.ucf.edu> I upgrade my Nessus to 3.2 and it finds Nikto now, but I'm still now convinced that Nikto runs because I can't find anything indicating Nikto in the reports. Let me know how it goes with you. Thanks. YanYan >>> Frank Breedijk 3/12/2008 5:43 AM >>> YanYan, I noticed the same thing and it appears to be an issue in the nikto plugin (14260) at least on nessus 2.2.10. This is the message I set to nessus bug-report. -----Original Message----- From: Frank Breedijk Sent: 27 February 2008 12:29 To: 'bug-reports at nessus.org' Subject: Nikto.nasl not loaded in 2.2.10 This is the error message I am getting: Loading the plugins... 19890 (out of 20581)nessus-libraries/libnessus/store.c: /usr/lib64/nessus/plugins/nikto.nasl has a too long preference-name (69) nikto.nasl failed to load All plugins loaded Killed I use nessus 2.2.10 on gentoo. ------------------------------------------------------------------------------ Frank Breedijk, CISSP - Security Engineer fbreedijk at schubergphilis.com - www.schubergphilis.com -----Original Message----- From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Yanyan Wang Sent: 12 March 2008 04:25 To: nikto-discuss at attrition.org Subject: [Nikto-discuss] Nikto in Nessus Hello there, I am trying to use Nikto in Nessus. So far Nessus has not been able to detect Nikto. I am using OpenSuse 10.3, Nessus 3.0.6, Nikto 2.02. Both Nessus and Nikto run as root and Nikto is added to the root path environment. I don't see Nikto in the plugins after I restarted the server. Any help is greatly appreciated. YanYan _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From sullo at cirt.net Thu Mar 20 03:05:57 2008 From: sullo at cirt.net (Sullo) Date: Wed, 19 Mar 2008 23:05:57 -0400 Subject: [Nikto-discuss] Confine to web directory In-Reply-To: <844301.81577.qm@web52107.mail.re2.yahoo.com> References: <844301.81577.qm@web52107.mail.re2.yahoo.com> Message-ID: <47E1D495.2030102@cirt.net> Joe Brown wrote: > I'm trying to scan just a few directories on a web server with several > hundred directories. Can I configure Nikto and confine it to just > scan http://127.0.0.1/site1 and http://127.0.0.1/site2 only, rather > than point Nikto to http://127.0.0.1 ? Joe-- You can use the -root option to confine it to a certain directory. Essentially, each test has the value added as a prefix to it--so a test for /cgi-bin/echo would become /root/cgi-bin/echo. -Sullo From sullo at cirt.net Thu Mar 20 14:10:36 2008 From: sullo at cirt.net (Sullo) Date: Thu, 20 Mar 2008 10:10:36 -0400 Subject: [Nikto-discuss] [Fwd: Fwd: [Full-disclosure] Release of webshag 1.00!] Message-ID: <47E2705C.3040309@cirt.net> Forwarding this along as Webshag uses the Nikto scan database for one of its features. I haven't had a chance to try it just yet, but welcome comments on the list if anyone has. -Sullo ---------- Forwarded message ---------- From: > Date: Thu, Mar 20, 2008 at 5:17 AM Subject: [Full-disclosure] Release of webshag 1.00! To: full-disclosure at lists.grok.org.uk Webshag is a free, multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using *dynamically* generated filenames (in addition to common list-based fuzzing). Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with "soft 404" server responses. Webshag provides a full featured and intuitive graphical user interface as well as a text-based command line interface. It is freely downloadable (GPL license) for Linux and Windows platforms from http://www.scrt.ch/pages_en/outils.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.cirt.net | http://www.osvdb.org/ From sullo at cirt.net Sun Mar 23 04:01:03 2008 From: sullo at cirt.net (Sullo) Date: Sun, 23 Mar 2008 00:01:03 -0400 Subject: [Nikto-discuss] New cirt.net web site online Message-ID: <47E5D5FF.20304@cirt.net> Just a quick note to let everyone know that I've got the new cirt.net website online... in addition to finally having a feed, it's also consolidated all the dev/project information in a cleaner and more succinct way. I appreciate comments and, more importantly, bugs. Enjoy! http://cirt.net/ From jeremy at smartpoint.co.nz Wed Mar 26 02:24:46 2008 From: jeremy at smartpoint.co.nz (Jeremy Bowen) Date: Wed, 26 Mar 2008 15:24:46 +1300 Subject: [Nikto-discuss] Unable to update Nikto In-Reply-To: Message-ID: Hi I have just downloaded the latest tarball however I am unable to update Nikto. It fails with the following error message. # perl ./nikto.pl -update + ERROR (301): Unable to get www.cirt.net/nikto/UPDATES/2.02/versions.txt I have verified that I can retrieve the versions.txt file with wget Running nikto itself seems to work OK for what it's worth. Any hints as to what the problem could be ? Cheers Jeremy From sullo at cirt.net Wed Mar 26 02:35:46 2008 From: sullo at cirt.net (Sullo) Date: Tue, 25 Mar 2008 22:35:46 -0400 Subject: [Nikto-discuss] Unable to update Nikto In-Reply-To: References: Message-ID: <47E9B682.9080207@cirt.net> Whoops... this was a problem on my side. When I rolled out the new site I took a page from Jericho's book and had mod_rewrite exterminate www on the URLs. Not so good for the updater, which doesn't handle redirects at all. Fixed now, thanks for letting me know. -Sullo Jeremy Bowen wrote: > Hi > > I have just downloaded the latest tarball however I am unable to update > Nikto. It fails with the following error message. > > # perl ./nikto.pl -update > + ERROR (301): Unable to get www.cirt.net/nikto/UPDATES/2.02/versions.txt > > I have verified that I can retrieve the versions.txt file with wget > > Running nikto itself seems to work OK for what it's worth. > > Any hints as to what the problem could be ? > > Cheers > Jeremy > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > From jeremy at smartpoint.co.nz Wed Mar 26 03:10:17 2008 From: jeremy at smartpoint.co.nz (Jeremy Bowen) Date: Wed, 26 Mar 2008 16:10:17 +1300 Subject: [Nikto-discuss] Unable to update Nikto In-Reply-To: <47E9B682.9080207@cirt.net> Message-ID: Thanks Sullo Yes, it's all working as expected now. On 3/26/2008, "Sullo" wrote: >Whoops... this was a problem on my side. When I rolled out the new site >I took a page from Jericho's book and had mod_rewrite exterminate www on >the URLs. Not so good for the updater, which doesn't handle redirects >at all. > >Fixed now, thanks for letting me know. > >-Sullo Smartpoint! IT Solutions and Support Ph: 021 042 8337 jeremy at smartpoint.co.nz From kkeiser at kodidog.com Sun Mar 30 17:47:35 2008 From: kkeiser at kodidog.com (Kurt Keiser) Date: Sun, 30 Mar 2008 13:47:35 -0400 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Message-ID: <000901c8928e$23a77ed0$6af67c70$@com> I'm currently running Fedora Core 7 with the latest version of OpenSSL and have the NET::SSLEAY perl module installed. I cannot get Nikto 2.02 to scan https sites. I had the same issue with 1.36. Luckily the FC7 rpm for it worked. For some reason the source files will not work. Does anyone have any advice? I get the error on sites that have ssl. "No HTTP(s) ports found on x.x.x.x" when running the following command. Nikto -h x.x.x.x -port 443 -ssl Thanks. -Kurt -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080330/4363d4e8/attachment.html From sullo at cirt.net Sun Mar 30 18:24:42 2008 From: sullo at cirt.net (Sullo) Date: Sun, 30 Mar 2008 14:24:42 -0400 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work In-Reply-To: <000901c8928e$23a77ed0$6af67c70$@com> References: <000901c8928e$23a77ed0$6af67c70$@com> Message-ID: <47EFDAEA.8010907@cirt.net> Based on the error, Nikto is correctly seeing/using the SSL package, connecting to the port, but not identifying a web server as connected to it. Can you capture the output of: nikto.pl -h -p 443 -s -D D and send along (search/replace IPs as required)? Kurt Keiser wrote: > > I?m currently running Fedora Core 7 with the latest version of OpenSSL > and have the NET::SSLEAY perl module installed. I cannot get Nikto > 2.02 to scan https sites. > > I had the same issue with 1.36. Luckily the FC7 rpm for it worked. > For some reason the source files will not work. Does anyone have any > advice? > > > > I get the error on sites that have ssl. ?No HTTP(s) ports found on > x.x.x.x? when running the following command. Nikto ?h x.x.x.x ?port > 443 ?ssl > > > > Thanks. > > > > -Kurt > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > From kkeiser at kodidog.com Sun Mar 30 19:40:50 2008 From: kkeiser at kodidog.com (Kurt Keiser) Date: Sun, 30 Mar 2008 15:40:50 -0400 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work In-Reply-To: <47EFDAEA.8010907@cirt.net> References: <000901c8928e$23a77ed0$6af67c70$@com> <47EFDAEA.8010907@cirt.net> Message-ID: <000001c8929d$f54e2880$dfea7980$@com> Sullo, Thanks for your prompt response. Here is the extract. ./nikto.pl -h x.x.x.x -port 443 -D -D --------------------------------------------------------------------------- - Nikto 2.02/2.03 - cirt.net D:Sun Mar 30 15:26:56 2008 - Target id:1:ident:x.x.x.x:ports_in:443:vhost:=: D:Sun Mar 30 15:26:56 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 0, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'x.x.x.x', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )' }; D:Sun Mar 30 15:27:06 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Operation now in progress', 'uri' => '/', 'MAGIC' => 31340 } }; D:Sun Mar 30 15:27:06 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 1, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'adsl-65-43-31-123.dsl.wotnoh.ameritech.net', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )', 'Host' => 'x.x.x.x:443' }; D:Sun Mar 30 15:27:16 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Interrupted system call', 'uri' => '/', 'MAGIC' => 31340 } }; + No HTTP(s) ports found on x.x.x.x + 1 host(s) tested D:Sun Mar 30 15:27:16 2008 T:Sun Mar 30 15:27:16 2008: Ending Regards, Kurt -----Original Message----- From: Sullo [mailto:sullo at cirt.net] Sent: March 30, 2008 2:25 PM To: Kurt Keiser Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Based on the error, Nikto is correctly seeing/using the SSL package, connecting to the port, but not identifying a web server as connected to it. Can you capture the output of: nikto.pl -h -p 443 -s -D D and send along (search/replace IPs as required)? Kurt Keiser wrote: > > I?m currently running Fedora Core 7 with the latest version of OpenSSL > and have the NET::SSLEAY perl module installed. I cannot get Nikto > 2.02 to scan https sites. > > I had the same issue with 1.36. Luckily the FC7 rpm for it worked. > For some reason the source files will not work. Does anyone have any > advice? > > > > I get the error on sites that have ssl. ?No HTTP(s) ports found on > x.x.x.x? when running the following command. Nikto ?h x.x.x.x ?port > 443 ?ssl > > > > Thanks. > > > > -Kurt > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > From FBreedijk at schubergphilis.com Mon Mar 31 04:46:07 2008 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Mon, 31 Mar 2008 06:46:07 +0200 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work In-Reply-To: <000001c8929d$f54e2880$dfea7980$@com> References: <000901c8928e$23a77ed0$6af67c70$@com> <47EFDAEA.8010907@cirt.net> <000001c8929d$f54e2880$dfea7980$@com> Message-ID: Sullo, Don't know if you spotted this, but in the first whisker call you are using the IP address (x.x.x.x) and in the second call you are using the hostname 'adsl-x-x-x-x.dsl.wotnoh.ameritech.net'. It would not be the first time that the reverse hostname does not resolve back to the right IP address? Is seems to happen in line 117 of nikto.pl $request{'whisker'}->{'host'} = $TARGETS{$CURRENT_HOST_ID}{hostname} || $TARGETS{$CURRENT_HOST_ID}{ip}; Frank ------------------------------------------------------------------------------ Frank Breedijk, CISSP - Security Engineer fbreedijk at schubergphilis.com - www.schubergphilis.com -----Original Message----- From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Kurt Keiser Sent: 30 March 2008 21:41 To: 'Sullo' Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Sullo, Thanks for your prompt response. Here is the extract. ./nikto.pl -h x.x.x.x -port 443 -D -D --------------------------------------------------------------------------- - Nikto 2.02/2.03 - cirt.net D:Sun Mar 30 15:26:56 2008 - Target id:1:ident:x.x.x.x:ports_in:443:vhost:=: D:Sun Mar 30 15:26:56 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 0, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'x.x.x.x', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )' }; D:Sun Mar 30 15:27:06 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Operation now in progress', 'uri' => '/', 'MAGIC' => 31340 } }; D:Sun Mar 30 15:27:06 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 1, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'adsl-x-x-x-x.dsl.wotnoh.ameritech.net', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )', 'Host' => 'x.x.x.x:443' }; D:Sun Mar 30 15:27:16 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Interrupted system call', 'uri' => '/', 'MAGIC' => 31340 } }; + No HTTP(s) ports found on x.x.x.x + 1 host(s) tested D:Sun Mar 30 15:27:16 2008 T:Sun Mar 30 15:27:16 2008: Ending Regards, Kurt -----Original Message----- From: Sullo [mailto:sullo at cirt.net] Sent: March 30, 2008 2:25 PM To: Kurt Keiser Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Based on the error, Nikto is correctly seeing/using the SSL package, connecting to the port, but not identifying a web server as connected to it. Can you capture the output of: nikto.pl -h -p 443 -s -D D and send along (search/replace IPs as required)? Kurt Keiser wrote: > > I'm currently running Fedora Core 7 with the latest version of OpenSSL > and have the NET::SSLEAY perl module installed. I cannot get Nikto > 2.02 to scan https sites. > > I had the same issue with 1.36. Luckily the FC7 rpm for it worked. > For some reason the source files will not work. Does anyone have any > advice? > > > > I get the error on sites that have ssl. "No HTTP(s) ports found on > x.x.x.x" when running the following command. Nikto -h x.x.x.x -port > 443 -ssl > > > > Thanks. > > > > -Kurt > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From kkeiser at kodidog.com Mon Mar 31 11:06:53 2008 From: kkeiser at kodidog.com (Kurt Keiser) Date: Mon, 31 Mar 2008 07:06:53 -0400 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work In-Reply-To: References: <000901c8928e$23a77ed0$6af67c70$@com> <47EFDAEA.8010907@cirt.net> <000001c8929d$f54e2880$dfea7980$@com> Message-ID: <000001c8931f$57cb0010$07610030$@com> That's another issue. Lol... I was tired and didn't sanitize my results completely. Just treat the IP addresses as x.x.x.x. It's my test box at home. The issue is that it is not detecting the HTTPS ports on my server as well as other servers running https. -Kurt -----Original Message----- From: Frank Breedijk [mailto:FBreedijk at schubergphilis.com] Sent: March 31, 2008 12:46 AM To: 'Kurt Keiser'; 'Sullo' Cc: nikto-discuss at attrition.org Subject: RE: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Sullo, Don't know if you spotted this, but in the first whisker call you are using the IP address (x.x.x.x) and in the second call you are using the hostname 'adsl-x-x-x-x.dsl.wotnoh.ameritech.net'. It would not be the first time that the reverse hostname does not resolve back to the right IP address? Is seems to happen in line 117 of nikto.pl $request{'whisker'}->{'host'} = $TARGETS{$CURRENT_HOST_ID}{hostname} || $TARGETS{$CURRENT_HOST_ID}{ip}; Frank ---------------------------------------------------------------------------- -- Frank Breedijk, CISSP - Security Engineer fbreedijk at schubergphilis.com - www.schubergphilis.com -----Original Message----- From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-bounces at attrition.org] On Behalf Of Kurt Keiser Sent: 30 March 2008 21:41 To: 'Sullo' Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Sullo, Thanks for your prompt response. Here is the extract. ./nikto.pl -h x.x.x.x -port 443 -D -D --------------------------------------------------------------------------- - Nikto 2.02/2.03 - cirt.net D:Sun Mar 30 15:26:56 2008 - Target id:1:ident:x.x.x.x:ports_in:443:vhost:=: D:Sun Mar 30 15:26:56 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 0, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'x.x.x.x', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )' }; D:Sun Mar 30 15:27:06 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Operation now in progress', 'uri' => '/', 'MAGIC' => 31340 } }; D:Sun Mar 30 15:27:06 2008 'Request Hash' = { 'Connection' => 'Keep-Alive', 'whisker' => { 'protocol' => 'HTTP', 'require_newline_after_headers' => 0, 'lowercase_incoming_headers' => 1, 'uri_prefix' => '', 'ssl_save_info' => 1, 'http_space2' => ' ', 'uri_param_sep' => '?', 'timeout' => 10, 'http_space1' => ' ', 'method' => 'HEAD', 'force_open' => 0, 'include_host_in_uri' => 0, 'ignore_duplicate_headers' => 1, 'uri_postfix' => '', 'ssl' => 1, 'version' => '1.1', 'port' => 443, 'uri' => '/', 'host' => 'adsl-x-x-x-x.dsl.wotnoh.ameritech.net', 'retry' => 0, 'normalize_incoming_headers' => 1, 'invalid_protocol_return_value' => 1, 'force_bodysnatch' => 0, 'MAGIC' => 31339, 'max_size' => 0, 'trailing_slurp' => 0, 'force_close' => 0, 'http_eol' => "\r\n" }, 'User-Agent' => 'Mozilla/4.75 (Nikto/2.02 )', 'Host' => 'x.x.x.x:443' }; D:Sun Mar 30 15:27:16 2008 'Result Hash' = { 'whisker' => { 'error' => 'opening stream: can\'t connect (timeout): Interrupted system call', 'uri' => '/', 'MAGIC' => 31340 } }; + No HTTP(s) ports found on x.x.x.x + 1 host(s) tested D:Sun Mar 30 15:27:16 2008 T:Sun Mar 30 15:27:16 2008: Ending Regards, Kurt -----Original Message----- From: Sullo [mailto:sullo at cirt.net] Sent: March 30, 2008 2:25 PM To: Kurt Keiser Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Nikto 2.02 SSL Scan won't work Based on the error, Nikto is correctly seeing/using the SSL package, connecting to the port, but not identifying a web server as connected to it. Can you capture the output of: nikto.pl -h -p 443 -s -D D and send along (search/replace IPs as required)? Kurt Keiser wrote: > > I'm currently running Fedora Core 7 with the latest version of OpenSSL > and have the NET::SSLEAY perl module installed. I cannot get Nikto > 2.02 to scan https sites. > > I had the same issue with 1.36. Luckily the FC7 rpm for it worked. > For some reason the source files will not work. Does anyone have any > advice? > > > > I get the error on sites that have ssl. "No HTTP(s) ports found on > x.x.x.x" when running the following command. Nikto -h x.x.x.x -port > 443 -ssl > > > > Thanks. > > > > -Kurt > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From jhart at spoofed.org Mon Mar 31 23:44:07 2008 From: jhart at spoofed.org (Jon Hart) Date: Mon, 31 Mar 2008 16:44:07 -0700 Subject: [Nikto-discuss] Nikto 2.02 SSL Scan won't work In-Reply-To: <000901c8928e$23a77ed0$6af67c70$@com> References: <000901c8928e$23a77ed0$6af67c70$@com> Message-ID: <20080331234407.GD3238@spoofed.org> On Sun, Mar 30, 2008 at 01:47:35PM -0400, Kurt Keiser wrote: > I'm currently running Fedora Core 7 with the latest version of OpenSSL and > have the NET::SSLEAY perl module installed. I cannot get Nikto 2.02 to scan > https sites. > > I had the same issue with 1.36. Luckily the FC7 rpm for it worked. For > some reason the source files will not work. Does anyone have any advice? > > I get the error on sites that have ssl. "No HTTP(s) ports found on x.x.x.x" > when running the following command. Nikto -h x.x.x.x -port 443 -ssl I have definitely seen this problem before. Prior to 2.x I had a hacked-up local copy that was able to work around the issue, but I don't recall the specifics. I can replicate this behavior with 1.35, but not with 2.02. -jon