[Nikto-discuss] nikto using 1.5Gb memory
Sullo
csullo at gmail.com
Tue Dec 15 15:19:25 UTC 2009
Thanks for posting Tim, appreciate it.
It's the hated/loved -mutate options. Ok, so this is both bug and not
bug. Tests are indeed queued in memory when the scan is set up, since
we don't have a real database to use for temporary storage. During a
"normal" scan, this isn't much of a problem because the memory
utilization is fairly low.
However, when you start using the mutation techniques, the number of
queued requests gets seriously large--hence the memory problems.
I can think of a few ways to once and for all solve this mutate memory issue:
- get rid of mutate
- use temporary storage
- use a 'real' database (I know Dave talked about this a while back)
- make multiple iterations through the scan database (store smaller
portions in memory)
That's all I can think of, from least to most "interesting" ways to
solve it. The multiple iterations thing probably would require some
hacks to the core which doesn't sound too good, though...
Anyone?
-Sullo
On Tue, Dec 15, 2009 at 9:59 AM, Tim Waters <tim.waters at lbvd.nl> wrote:
> Hi list,
>
> Today my Nikto hung up on by using 1.5 Gb of memory. I had a tweet about
> it and Chris asked me to put it on the list.
> So here it is :)
>
> This is what I did.
> 1. I had not used nikto in a while, so decided to update it first with
> nikto --update like this:
>
> ./nikto.pl -update
> + Retrieving 'db_outdated'
> + www.cirt.net message: Please submit your bugs!!
>
> 2. I ran a scan with a few options like this:
> ./nikto.pl -Cgidirs all -host <IP> -mutate
> ../../../../Desktop/scan/03.nikto-<ip-address>.txt
> - Nikto v2.03/2.04
> ---------------------------------------------------------------------------
> + Target IP: <IP>
> + Target Hostname: <HOST>
> + Target Port: 80
> + Using Mutation: Test all files with all root directories
> + Using Mutation: Guess for password file names
> + Using Mutation: Enumerate user names via Apache (/~user type requests)
> + Using Mutation: Enumerate user names via cgiwrap
> (/cgi-bin/cgiwrap/~user type requests)
> + Start Time: 2009-12-16 10:03:17
> ---------------------------------------------------------------------------
> + Server: Apache
> ^Cbash: [8182: 1] tcsetattr: Interrupted system call
>
> In the last line you can see I had to interrupt it because it slowed my
> system down to much.
>
> Other scans with less options ( setting -Cgidirs to none, setting
> -mutate to 2 or 3, or lossing -mutate at all ) did not end up with nikto
> using as much memory.
>
> More info:
>
> Nikto Versions
> ---------------------------------------------------------------------------
> File Version Last Mod
> ----------------------------- -------- ----------
> Nikto main 2.03
> LibWhisker 2.4
> db_404_strings 2.000
> db_favicon 2.003
> db_outdated 2.008
> db_realms 2.000
> db_server_msgs 2.002
> db_tests 2.004 #LASTMOD:Mon Jan 26
> 11:34:05 2009
> db_variables 2.000
> nikto_apache_expect_xss.plugin 2.00
> nikto_apacheusers.plugin 2.02
> nikto_cgi.plugin 2.02
> nikto_core.plugin 2.04
> nikto_favicon.plugin 2.04
> nikto_headers.plugin 2.03
> nikto_httpoptions.plugin 2.03
> nikto_msgs.plugin 2.02
> nikto_mutate.plugin 2.03
> nikto_outdated.plugin 2.04
> nikto_passfiles.plugin 2.00
> nikto_plugin_order.txt 2.00
> nikto_put_del_test.plugin 2.01
> nikto_reports.plugin 2.02
> nikto_robots.plugin 2.01
> nikto_single.plugin 2.00
> nikto_user_enum_apache.plugin 2.01
> nikto_user_enum_cgiwrap.plugin 2.02
>
> Regards,
>
> Tim
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
--
http://www.cirt.net | http://www.osvdb.org/
More information about the Nikto-discuss
mailing list