[Nikto-discuss] Nikto plugin for Nessus
Subscriptions
subs at qcontinuum.plus.com
Wed May 9 05:21:39 CDT 2012
Agree with that. There are some issues on Debian based systems (e.g.
Ubuntu) for example due to the way sudo works on these Linux variants. I
am however 100% certain on my system this is not a 'pathing issue'.
On 04/05/2012 19:39, security curmudgeon wrote:
> On Thu, 3 May 2012, Subscriptions wrote:
>
> : Having spent considerable time on this, I'm wondering whether the fact
> : that it worked at all in the first place was a fluke!
>
> Once the pathing issues are fixed (accounts for 95% of the problems), it
> has worked fine historically. I have not tested it with Nessus 5 or 5.0.1
> though.
I appreciate the response, a couple of days after I posted here, I
found out that this is not quite so. While only Tenable can sign
official plugins with their official key, it is also possible to create
a single 'local' key using OpenSSL and sign plugins with that key.
https://discussions.nessus.org/thread/1710
There appear to be problems with this under Windows apparently:
https://discussions.nessus.org/message/15580#15580
I tried it and it does work and gets rid of the errors relating to
unsigned plugins means that I do not have to set Nessus to accept
untrusted plugins. Just thought I'd share that.
A little more development and I will be happy to share that plugin code
with Tenable. I'm working with Nikto 2.1.4 and am also in the process of
updating the nikto.nasl plugin to use the Nikto -Plugin option rather
than -mutate as per documentation. I'm also adding the missing mutate
options as mutate 5 (-Plugin subdomain) might be useful to us.
When is the deprecated -mutate option scheduled to be completely withdrawn?
> Only Tenable can sign plugins for security reasons.
>
> : If the code is of interest to anyone, I will be happy to supply it.
>
> You should definitely share the code with Tenable. If the changes are
> solid, they can likely integrate them and release an updated nikto.pl
> script for everyone.
>
> If you want, mail bmartin at tenable.com and it will get passed to R&D.
More information about the Nikto-discuss
mailing list