Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nikto Result Problem When Nikto is Integrated in Nessus

from [kemal ayten] Network Security [Permanent Link]
Subject: Re: Nikto Result Problem When Nikto is Integrated in Nessus
Date: Wed, 1 Aug 2007 11:58:23 +0300 
Only different result is that sometime I obtain nikto result sometimes not.

I send yo to nessj network logs which show all configuration details.

I use same input in my own C# cilent, I am also obtain nikto result
sometimes sometimes not.

can the reason nessus exit nikto.nasl immediately?

In this logs, only nikto plugin is choosen (which is 14260) , but I try so
many combinations such as

-nikto and no404
-allCGI and webserver plugins
-all plugins etc

In addition in my client, in order to sent all plugins I use "-1" in NTP .(
according to ntp documents.)

But My problem is nikto results stability is not solved.

Also in Nessus Client (Boss products) , I give more timeout values for nikto
plugin.

I try so many things but I could not solve.Maybe the solution is to stop
exit immediately from nikto plugin..


here is the  sample ntp message which is sent to nessus server from nessj
network log.




Client, CLIENT <|> PREFERENCES <|>
Client, ntp_client_accepts_notes <|> yes
Client, ntp_escape_crlf <|> yes
Client, ntp_keep_communication_alive <|> yes
Client, ntp_opt_show_end <|> yes
Client, ntp_short_status <|> yes
Client, plugin_set <|> 14260;
Client, auto_enable_dependencies <|> yes
Client, cgi_path <|> /cgi-bin:/scripts
Client, continuous_scan <|> no
Client, delay_between_scan_loops <|> 0
Client, detached_scan <|> no
Client, detached_scan_email_address <|> root@localhost
Client, host_expansion <|> none
Client, max_checks <|> 5
Client, max_hosts <|> 40
Client, optimize_test <|> yes
Client, ping_hosts <|> no
Client, port_range <|> default
Client, reverse_lookup <|> no
Client, safe_checks <|> yes
Client, save_empty_session <|> no
Client, save_session <|> yes
Client, silent_dependencies <|> yes
Client, unscanned_closed <|> no
Client, use_mac_addr <|> no
Client, ssl_version <|> none
Client, slice_network_addresses <|> no
Client, plugin_upload_suffixes <|> .nasl, .nasl3, .inc, .inc3, .nbin, .audit
Client, plugin_upload <|> yes
Client, kb_max_age <|> 864000
Client, kb_dont_replay_denials <|> no
Client, kb_dont_replay_attacks <|> no
Client, kb_dont_replay_info_gathering <|> no
Client, kb_dont_replay_scanners <|> no
Client, only_test_hosts_whose_kb_we_have <|> no
Client, only_test_hosts_whose_kb_we_dont_have <|> no
Client, kb_restore <|> no
Client, save_knowledge_base <|> no
Client, plugins_timeout <|> 2000
Client, non_simult_ports <|> 139, 445
Client, checks_read_timeout <|> 5
Client, language <|> english
Client, log_whole_attack <|> yes
Client, throttle_scan <|> yes
Client, purge_plugin_db <|> no
Client, auto_update_delay <|> 24
Client, auto_update <|> yes
Client, Windows File Contents Compliance Checks[file]:Policy file #1 : <|>
Client, Windows File Contents Compliance Checks[file]:Policy file #2 : <|>
Client, Windows File Contents Compliance Checks[file]:Policy file #3 : <|>
Client, Windows File Contents Compliance Checks[file]:Policy file #4 : <|>
Client, Windows File Contents Compliance Checks[file]:Policy file #5 : <|>
Client, SNMP settings[entry]:Community name : <|> public
Client, SNMP settings[entry]:UDP port : <|> 161
Client, Nikto (NASL wrapper)[checkbox]:Force full (generic) scan <|> yes
Client, Nikto (NASL wrapper)[checkbox]:Enable Nikto <|> yes
Client, Services[entry]:Number of connections done in parallel : <|> 6
Client, Services[entry]:Network connection timeout : <|> 5
Client, Services[entry]:Network read/write timeout : <|> 5
Client, Services[entry]:Wrapped service read timeout : <|> 2
Client, Services[file]:SSL certificate : <|>
Client, Services[file]:SSL private key : <|>
Client, Services[password]:PEM password : <|>
Client, Services[file]:CA file : <|>
Client, Services[radio]:Test SSL based services <|> Known SSL ports
Client, Nmap (NASL wrapper)[radio]:TCP scanning technique : <|> connect()
Client, Nmap (NASL wrapper)[checkbox]:UDP port scan <|> no
Client, Nmap (NASL wrapper)[checkbox]:Service scan <|> no
Client, Nmap (NASL wrapper)[checkbox]:RPC port scan <|> no
Client, Nmap (NASL wrapper)[checkbox]:Identify the remote OS <|> no
Client, Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the
remote OS <|> no
Client, Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses
firewalls) <|> no
Client, Nmap (NASL wrapper)[checkbox]:Do not randomize the  order  in  which
ports are scanned <|> no
Client, Nmap (NASL wrapper)[entry]:Source port : <|>
Client, Nmap (NASL wrapper)[radio]:Timing policy : <|> Auto (nessus
specific!)
Client, Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : <|>
Client, Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : <|>
Client, Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : <|>
Client, Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) <|>
Client, Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) <|>
Client, Nmap (NASL wrapper)[entry]:Host Timeout (ms) : <|>
Client, Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) <|>
Client, Nmap (NASL wrapper)[file]:File containing grepable results : <|>
Client, Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file
<|> no
Client, Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe
checks are set <|> no
Client, SMB use domain SID to enumerate users[entry]:Start UID : <|> 1000
Client, SMB use domain SID to enumerate users[entry]:End UID : <|> 1200
Client, Misc information on News server[entry]:From address : <|> Nessus <
listme@listme.dsbl.org>
Client, Misc information on News server[entry]:Test group name regex : <|>
f[a-z]\.tests?
Client, Misc information on News server[entry]:Max crosspost : <|> 7
Client, Misc information on News server[checkbox]:Local distribution <|> yes
Client, Misc information on News server[checkbox]:No archive <|> no
Client, Global variable settings[checkbox]:Enable CGI scanning <|> yes
Client, Global variable settings[radio]:Network type <|> Mixed (use RFC
1918)
Client, Global variable settings[checkbox]:Enable experimental scripts <|>
no
Client, Global variable settings[checkbox]:Thorough tests (slow) <|> no
Client, Global variable settings[radio]:Report verbosity <|> Normal
Client, Global variable settings[radio]:Report paranoia <|> Normal
Client, Global variable settings[radio]:Log verbosity <|> Normal
Client, Global variable settings[entry]:Debug level <|> 0
Client, Global variable settings[entry]:HTTP User-Agent <|> Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)
Client, Ping the remote host[entry]:TCP ping destination port(s) : <|>
built-in
Client, Ping the remote host[checkbox]:Do an ARP ping <|> yes
Client, Ping the remote host[checkbox]:Do a TCP ping <|> yes
Client, Ping the remote host[checkbox]:Do an ICMP ping <|> no
Client, Ping the remote host[entry]:Number of retries (ICMP) : <|> 6
Client, Ping the remote host[checkbox]:Do an applicative UDP ping
(DNS,RPC...) <|> no
Client, Ping the remote host[checkbox]:Make the dead hosts appear in the
report <|> no
Client, Ping the remote host[checkbox]:Log live hosts in the report <|> no
Client, Ping the remote host[checkbox]:Test the local Nessus host <|> yes
Client, SMB Scope[checkbox]:Request information about the domain <|> yes
Client, SMB use host SID to enumerate local users[entry]:Start UID : <|>
1000
Client, SMB use host SID to enumerate local users[entry]:End UID : <|> 1200
Client, SMTP settings[entry]:Third party domain : <|> example.com
Client, SMTP settings[entry]:From address : <|> nobody@example.com
Client, SMTP settings[entry]:To address : <|> postmaster@[AUTO_REPLACED_IP]
Client, Unknown CGIs arguments torture[checkbox]:Send POST requests <|> no
Client, Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC)
: <|>
Client, Kerberos configuration[entry]:Kerberos KDC Port : <|> 88
Client, Kerberos configuration[radio]:Kerberos KDC Transport : <|> udp
Client, Kerberos configuration[entry]:Kerberos Realm (SSH only) : <|>
Client, Login configurations[entry]:HTTP account : <|>
Client, Login configurations[password]:HTTP password (sent in clear) : <|>
Client, Login configurations[entry]:NNTP account : <|>
Client, Login configurations[password]:NNTP password (sent in clear) : <|>
Client, Login configurations[entry]:FTP account : <|> anonymous
Client, Login configurations[password]:FTP password (sent in clear) : <|>
nessus@nessus.org
Client, Login configurations[entry]:FTP writeable directory : <|> /incoming
Client, Login configurations[entry]:POP2 account : <|>
Client, Login configurations[password]:POP2 password (sent in clear) : <|>
Client, Login configurations[entry]:POP3 account : <|>
Client, Login configurations[password]:POP3 password (sent in clear) : <|>
Client, Login configurations[entry]:IMAP account : <|>
Client, Login configurations[password]:IMAP password (sent in clear) : <|>
Client, Login configurations[entry]:SMB account : <|>
Client, Login configurations[password]:SMB password : <|>
Client, Login configurations[entry]:SMB domain (optional) : <|>
Client, Login configurations[radio]:SMB password type : <|> Password
Client, Login configurations[entry]:Additional SMB account (1) : <|>
Client, Login configurations[password]:Additional SMB password (1) : <|>
Client, Login configurations[entry]:Additional SMB domain (optional) (1) :
<|>
Client, Login configurations[entry]:Additional SMB account (2) : <|>
Client, Login configurations[password]:Additional SMB password (2) : <|>
Client, Login configurations[entry]:Additional SMB domain (optional) (2) :
<|>
Client, Login configurations[entry]:Additional SMB account (3) : <|>
Client, Login configurations[password]:Additional SMB password (3) : <|>
Client, Login configurations[entry]:Additional SMB domain (optional) (3) :
<|>
Client, Login configurations[checkbox]:Never send SMB credentials in clear
text <|> yes
Client, Login configurations[checkbox]:Only use NTLMv2 <|> no
Client, Oracle settings[entry]:Oracle SID : <|>
Client, Oracle settings[checkbox]:Test default accounts (slow) <|> no
Client, SSH settings[entry]:SSH user name : <|> root
Client, SSH settings[password]:SSH password (unsafe!) : <|>
Client, SSH settings[file]:SSH public key to use : <|>
Client, SSH settings[file]:SSH private key to use : <|>
Client, SSH settings[password]:Passphrase for SSH key : <|>
Client, Do not scan fragile devices[checkbox]:Scan Network Printers <|> no
Client, Do not scan fragile devices[checkbox]:Scan Novell Netware hosts <|>
no
Client, Cleartext protocols settings[entry]:User name : <|>
Client, Cleartext protocols settings[password]:Password (unsafe!) : <|>
Client, Cleartext protocols settings[checkbox]:Try to perform patch level
checks over telnet <|> no
Client, Cleartext protocols settings[checkbox]:Try to perform patch level
checks over rsh <|> no
Client, Cleartext protocols settings[checkbox]:Try to perform patch level
checks over rexec <|> no
Client, Web mirroring[entry]:Number of pages to mirror : <|> 200
Client, Web mirroring[entry]:Start page : <|> /
Client, HTTP login page[entry]:Login page : <|> /
Client, HTTP login page[entry]:Login form : <|>
Client, HTTP login page[entry]:Login form fields : <|>
user=%USER%&pass=%PASS%
Client, Nessus TCP scanner[checkbox]:Scan ports in random order <|> yes
Client, Nessus TCP scanner[checkbox]:Detect RST rate limitation <|> yes
Client, Nessus TCP scanner[checkbox]:Detect firewall <|> yes
Client, Nessus TCP scanner[checkbox]:Network congestion detection <|> yes
Client, ntp_save_sessions <|> yes
Client, ntp_detached_sessions <|> yes
Client, server_info_nessusd_version <|> 3.0.5
Client, server_info_libnasl_version <|> 3.0.5
Client, server_info_libnessus_version <|> 3.0.5
Client, server_info_thread_manager <|> fork
Client, server_info_os <|> Linux
Client, server_info_os_version <|> 2.4.27-2-386
Client, <|> CLIENT
Client, CLIENT <|> RULES <|>
Client, <|> CLIENT
Client, CLIENT <|> LONG_ATTACK <|>
Client, 11
Client, 172.16.7.63
Server, SERVER <|> PREFERENCES_ERRORS <|>
Server, <|> SERVER




On 7/31/07, George A. Theall <theall@tenablesecurity.com> wrote:


On 07/31/07 03:18, kemal ayten wrote:


I use the words unstabilities since I can obtain nikto results from
other clients such as NessWX and NessusClients(Boss) but this is not
stable.In other words I sometimes obtain results sometimes not although
conditions are same. This is also true for NessJ clients when I choose
nikto and also other plugins.


Do you obtain different results using the same client, the same
target(s), and the same configuration?  If yes, which client (name,
version number, and operating platform) and exactly how is it configured?

George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: Nikto Result Problem When Nikto is Integrated in Nessus, Michel Arboi
Next by Thread:  Re: Nikto Result Problem When Nikto is Integrated in Nessus, Michel Arboi
Indexes:  [Date] [Thread] [Top] [All Lists]