From subs at qcontinuum.plus.com  Thu Apr 26 06:41:46 2012
From: subs at qcontinuum.plus.com (Subscriptions)
Date: Thu, 26 Apr 2012 12:41:46 +0100
Subject: [Nikto-discuss] What is an error
Message-ID: <4F99347A.1050201@qcontinuum.plus.com>

Hi,

I'm new to the list. In fact I thought these types of lists were now 
obsolete as most organizations now use web based internet forums, yet 
here we are! This takes me back a few years.

First let me say thank you for making the Nikto scanner available.

I have downloaded it an have it working successfully. I have even 
managed to get it working from Nessus. However, I do have a couple of 
issues that I would like to ask for assistance with:

1. Although the Nikto output tells you that is has found x number of 
errors and x items were listed, it seems impossible to identify what 
qualifies as an error and what does not. I've also looked at other 
formats such as csv and html and am still confused. I would like to be 
able to parse the output and highlight the errors to differentiate them 
from the rest of the informational stuff.

2. Is it possible to output csv or html or even xlm to stdout? In order 
to automate things a bit, I'm calling Nikto from a script and I require 
to be able to take the return output from stdout in the appropriate 
format and do something with it. Saving to a file is a problem and 
rather messy when multiple scans against different hosts are scheduled.

Thanks.


From csullo at gmail.com  Thu Apr 26 12:44:07 2012
From: csullo at gmail.com (Sullo)
Date: Thu, 26 Apr 2012 13:44:07 -0400
Subject: [Nikto-discuss] What is an error
In-Reply-To: <4F99347A.1050201@qcontinuum.plus.com>
References: <4F99347A.1050201@qcontinuum.plus.com>
Message-ID: <CA+KRv63rn1xDXPDM1kO9nK2wrR=-299dydSgxNyUEn-fORA__A@mail.gmail.com>

On Thu, Apr 26, 2012 at 7:41 AM, Subscriptions <subs at qcontinuum.plus.com>wrote:

> Hi,
>
> I'm new to the list. In fact I thought these types of lists were now
> obsolete as most organizations now use web based internet forums, yet here
> we are! This takes me back a few years.
>
> First let me say thank you for making the Nikto scanner available.
>

You're welcome.


> 1. Although the Nikto output tells you that is has found x number of
> errors and x items were listed, it seems impossible to identify what
> qualifies as an error and what does not. I've also looked at other formats
> such as csv and html and am still confused. I would like to be able to
> parse the output and highlight the errors to differentiate them from the
> rest of the informational stuff.
>

The errors are actually going to be transport type errors--timeouts, etc.
You can use the "-D E" option to show errors which happen during a scan.


>
> 2. Is it possible to output csv or html or even xlm to stdout? In order to
> automate things a bit, I'm calling Nikto from a script and I require to be
> able to take the return output from stdout in the appropriate format and do
> something with it. Saving to a file is a problem and rather messy when
> multiple scans against different hosts are scheduled.
>


Yes, just use something like this: "-F cs -o -"  The dash specifies it
should go to STDOUT. You need to use -F to specify the format since it
can't be derived from the file name.


>
Regards,
Sullo


-- 

http://www.rvasec.com/
RVAsec - Security Conference & Training
June 15-16, Richmond, VA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20120426/16c08323/attachment.html>