Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nikto in Nessus Report

from [Yanyan Wang] Network Security [Permanent Link]
Subject: Re: Nikto in Nessus Report
Date: Tue, 18 Mar 2008 11:48:58 -0400 
I still want to find out if Nikto worked at all. How should I confirm it since 
the report doesn't show Nikto's ID at all? Thanks.

YanYan


"George A. Theall" <theall@tenablesecurity.com> 3/13/2008 9:27 PM >>>

On Mar 13, 2008, at 4:34 PM, Yanyan Wang wrote:


1. Disable Nikto from plugins, result shows there are 2 high vul. 0  
medium vul...
2. Enable Nikto from plugins, the report is identical in 1.
3. Enable Nikto from plugins and plugins preference, result shows 2  
high vul. and 3 medium risks.


By "plugins preference", you mean the "Enable Nikto" preference, right?

YES


4. Disable Nikto from plugins, the result is identical as in 3.
5. Disable Nikto from plugins and preferences, the result is still  
the same as in 3.

kb_restore is disabled. I did not find 14260 or Nikto in any of the  
report. Can someone please explain a few questions I have?

1. Why step 1 to step 2 didn't differ, but step 2 to 3 did?


Step 1 and 2 would be the same because you need to not only enable the  
Nikto plugin but also check the "Enable Nikto" plugin preference.

Step 2 and 3... I'm not sure.  Which plugins reported problems in #3  
versus #2 or #1?

11213, 10916, 10915


2. Why step 3, 4, 5 are identical?


The Nikto plugin issues a security note, indicating a low-risk  
vulnerability. If you're truly ignoring low-risk ones as you appear to  
be, that could explain why 3, 4, and 5 give you the same results.


3. Is Nikto indeed working? If it does, shouldn't I see the ID no.  
from the report?


Yes, you should see the plugin id in the report as long as the plugin  
produced some output. Note that this will not happen if Nikto exits  
with an error of some type.

Have you looked in the Nessus server's logs to see what if anything it  
says about Nikto? You may need to edit your policy to enable "Log  
details of the scan on the server" (under "Options").

Nikto lauched, here is the out put. 

launching nikto.nasl against "host ip" [583] 
nikto.nasl (process 583) finished its job in 0.000 seconds 

I start thinking that it wasn't Nikto that made difference on the report from 
step 2 to 3. I scanned a different host today, but the reports are exactly the 
same with or without nikto wrapper or with the "Enable Nikto" preference. 
Nikto.nasl lauched even without "Enable Nikto" preference.

I searched the entire reports for both hosts, but 14260 does not appear any 
where. 

Thanks a lot.




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  client side rules, Doug Nordwall
Next by Date:  Verifying latest plugins, amy camutari
Previous by Thread:  Re: Nikto in Nessus Report, George A. Theall
Next by Thread:  Segmentation fault (core dump) after update, mm23
Indexes:  [Date] [Thread] [Top] [All Lists]