[Nikto-discuss] Disabling interactive question
Sullo
csullo at gmail.com
Tue Sep 7 09:57:09 CDT 2010
There is no direct relationship between the prompting (which is the
'send updates' bit) and the interactivity. To try and keep any
slowdown due to listening for keystrokes, it will only poll for input
every 10 requests. I suppose a CLI/config to disable it entirely would
be worthwhile for anyone running fully automated or in the
background...
If you want to do any speed tests, just hack nikto_core.plugin line
~1965 to not check for input...
if (($NIKTO{'totalrequests'} % 10) == 0) {
check_input();
}
I'll open a ticket to create a way to manually disable it.
On Tue, Sep 7, 2010 at 10:53 AM, Frank Breedijk
<FBreedijk at schubergphilis.com> wrote:
> Indeed, I'm just a little afraid of the performance impact since the latest nikto is listening to keystrokes during scanning.
>
> Frank Breedijk
> ..-. .-. .- -. -.-
> T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com
>
>
> -----Original Message-----
> From: Jabra [mailto:jabra at spl0it.org]
> Sent: 07 September 2010 16:45
> To: Frank Breedijk
> Cc: Jabra; nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Disabling interactive question
>
> Using: echo "yes" will only pass one instance of "yes" to nikto if it asks for user input.
>
> Using: yes | nikto would pass as many "yes" inputs until nikto completes.
>
> Regards,
> Jabra
>
> On 07.Sep.2010 04:40PM +0200, Frank Breedijk wrote:
>> I can see it is still morning there and end of workday here ;)
>> Yes|nikto ... will work. Nikto does take y for an answer.
>>
>> Frank Breedijk
>> ..-. .-. .- -. -.-
>> T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W:
>> www.schubergphilis.com
>>
>>
>> -----Original Message-----
>> From: Jabra [mailto:jabra at spl0it.org]
>> Sent: 07 September 2010 16:38
>> To: Frank Breedijk
>> Cc: Jabra; nikto-discuss at attrition.org
>> Subject: Re: [Nikto-discuss] Disabling interactive question
>>
>> I'm not seeing such an option...
>>
>>
>> Not to be too picky shouldn't it be 'yes yes |nikto' ?
>>
>>
>> Regards,
>> Jabra
>>
>>
>>
>> On 07.Sep.2010 04:30PM +0200, Frank Breedijk wrote:
>> > I know, however, it is a bit impractical to have to check if this is present, especially as I don't know where the configuration file will be in the system. Is there a command line option to disable it?
>> >
>> > The following will do the trick, but feels like cheating:
>> > echo y | nikto .....
>> >
>> > Frank Breedijk
>> > ..-. .-. .- -. -.-
>> > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W:
>> > www.schubergphilis.com
>> >
>> > -----Original Message-----
>> > From: Jabra [mailto:jabra at spl0it.org]
>> > Sent: 07 September 2010 16:29
>> > To: Frank Breedijk
>> > Cc: nikto-discuss at attrition.org
>> > Subject: Re: [Nikto-discuss] Disabling interactive question
>> >
>> > There is an option in the nikto.conf to not ask the user if they
>> > want to send updates to cirt.net
>> >
>> > Regards,
>> > Josh
>> >
>> > On 07.Sep.2010 04:24PM +0200, Frank Breedijk wrote:
>> > > When there is a mismatch between the server signature and the signature on file, Nikto asks you to submit it. Is there a way to disable this prompt ? Since I run nikto from Seccubus I need to make sure it finishes and not spends forever waiting for user input.
>> > >
>> > >
>> > > ******************************************************************
>> > > **
>> > > *
>> > > Portions of the server's ident string (Apache/2.2.9) are not
>> > > in
>> > > the Nikto database or is newer than the known string. Would
>> > > you like
>> > > to submit this information (*no server specific data*) to
>> > > CIRT.net
>> > > for a Nikto update (or you may email to sullo at cirt.net) (y/n)?
>> > >
>> > > Kind regards,
>> > > Frank Breedijk
>> > >
>> > >
>> > > Schuberg Philis
>> > > Boeing Avenue 271
>> > > 1119 PD Schiphol-Rijk
>> > > schubergphilis.com
>> > >
>> > > +31 20 750 65 38
>> > > +31 6 4382 2637
>> > > _______________________________________________
>> > > Nikto-discuss mailing list
>> > > Nikto-discuss at attrition.org
>> > > https://attrition.org/mailman/listinfo/nikto-discuss
>> >
>> > --
>> > Jabra < jabra at spl0it.org >
>> > http://www.spl0it.org
>>
>> --
>> Jabra < jabra at spl0it.org >
>> http://www.spl0it.org
>
> --
> Jabra < jabra at spl0it.org >
> http://www.spl0it.org
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
--
http://www.cirt.net | http://www.osvdb.org/
More information about the Nikto-discuss
mailing list