[Nikto-discuss] Recent changes in trunk

David Klein davidkl at ivision.com.au
Sun Aug 2 22:30:17 UTC 2009 

Hi David,

I agree, if a system has Nikto installed it will most likely have access
to NMAP as well. 

Personally I have never used Nikto to target more than one specific port
at a time, I guess it's a paranoia thing..


Regards,

David Klein
-----Original Message-----
From: nikto-discuss-bounces at attrition.org
[mailto:nikto-discuss-bounces at attrition.org] On Behalf Of David Lodge
Sent: Saturday, August 01, 2009 9:38 PM
To: nikto-discuss at attrition.org
Subject: [Nikto-discuss] Recent changes in trunk

To fix the reporting bug I created earlier that was found by Jabra, I've

made some massive changes to the way Nikto handles targets and
reporting,  
a quick synopsis is below:
* Nikto will now work out and assign "marks" (the variable target had  
already been used :-) before it starts scanning
* Nikto will call reporter plugins for each item found
* Nikto will no longer use nmap to portscan ports

How you will see this when running nikto is that, the inputs to -host
and  
-port have been changed. You used to be able to supply:
nikto.pl -host <file>
nikto.pl -host <url>
nikto.pl -host "hostname1 hostname2" -port 80-81

This now looks like:
nikto.pl -host hostname1,file,url -port port1,port2

Where the host list can be any number of hosts, urls or files containing

hosts or urls. If ports are supplied they are applied to all hosts/urls

which don't already have ports.

For example if we have the files host1.txt containing:
http://fred/
jim:8081

And host2.txt containing:
http://shelia:89/

Then we can do:
nikto.pl -host host1.txt,host2.txt,arabella -port 80,443

This will set the marks as:
http://fred:80
https://fred:443
http://jim:8081
http://shelia:89
http://arabella:80
https://arabella:443

I ended up removing nmap from the code, as this was only use in certain

cases to do a prelude to a test that Nikto would do anyway. This removes

some functionality that would allow Nikto to do a portscan. In my
opinion,  
Nikto shouldn't be doing portscans, nmap (or your favourite portscanner)

can do a much better job than Nikto can do and I'd rather take a feed
from  
nmap, rather than have Nikto spawn nmap, so instead of doing:
nikto.pl -host 192.168.0.0/24 -port 80,443,8000-9000

We should do:
nmap -p80,443,8000-9000 192.168.0.0/24 -oG - | nikto.pl -host -

Nikto can already do the second. Should Nikto do the first? I certainly

don't use it like this, but is this how other people use it?

Finally reporting is now done on the fly, so items are written to the  
report as they're found. This means that you can now CTRL+C in the
middle  
of a scan and not lose your results (this is a big positive for me).  
Though, it will not write host and file closing statements on HTML or
XML  
types.

Comments/opinions?

dave
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org
https://attrition.org/mailman/listinfo/nikto-discuss

More information about the Nikto-discuss mailing list