[Openvas-discuss] OpenVAS and Nikto

Angelo Compagnucci angelo.compagnucci at gmail.com
Wed Oct 28 12:52:35 CET 2009


OK,

I've tried with your suggestion, this is the output:

Here is the Nikto report:
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP:
+ Target Hostname:
+ Target Port:        80
+ Start Time:         2009-10-29 12:25:07
---------------------------------------------------------------------------
+ Server: Apache
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store
file, which contains sensitive information. Configure Apache to ignore
this file or upgrade to a newer version.
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store
file, which contains sensitive information. Configure Apache to ignore
this file or upgrade to a newer version.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3582 items checked: 5 item(s) reported on remote host
+ End Time:           2009-10-29 12:35:33 (626 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

[29498] plug_set_key:internal_send(0)['1 SentData/(null)/INFO=Here is
the Nikto report:\n- Nikto
v2.1.0/2.1.0\n---------------------------------------------------------------------------\n+
Target IP:          \n+ Target Hostname:    \n+ Target Port:
80\n+ Start Time:         2009-10-29
12:25:07\n---------------------------------------------------------------------------\n+
Server: Apache\n+ No CGI Directories found (use '-C all' to force
check all possible dirs)\n+ OSVDB-0: Allowed HTTP Methods: GET, HEAD,
POST, OPTIONS \n+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve
the .DS_Store file, which contains sensitive information. Configure
Apache to ignore this file or upgrade to a newer version.\n+
OSVDB-3268: /icons/: Directory indexing is enabled: /icons\n+
OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store
file, which contains sensitive information. Configure Apache to ignore
this file or upgrade to a newer version.\n+ OSVDB-3233: /icons/README:
Apache default file found.\n+ 3582 items checked: 5 item(s) reported
on remote host\n+ End Time:           2009-10-29 12:35:33 (626
seconds)\n---------------------------------------------------------------------------\n+
1 host(s) tested\n;
']: Socket operation on non-socket
[29498] plug_set_key:internal_send(0)['3 Success/(null)=1;
']: Socket operation on non-socket

The plugin seems to work well and the report variable is correctly populated.

The results differs from what I'm expected beacuse I cannot pass the
same parameters that OpenVAS passes to the plugin during the test
phase ( -vhost parameter).

Thanks


2009/10/28 Michael Meyer <michael.meyer at intevation.de>:
> Hello,
>
> *** Angelo Compagnucci <angelo.compagnucci at gmail.com> wrote:
>> I'm having a trouble using OpenVAS and Nikto.
>>
>> If I run nikto manually, It returns some results ( Example Joomla
>> My_eGallery installed) which are true.
>>
>> But when It runs from OpenVAS this results are not displayed in the
>> final report.
>
> please try:
>
> /bin/openvas-nasl -X -t <target> /lib/openvas/plugins/nikto.nasl
>
> Did you get any output?
>
> Micha
>
> --
> Michael Meyer                                         OpenPGP Key: 76E050B9
> http://www.intevation.de
> Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
> Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
>



More information about the Openvas-discuss mailing list