I was reading through the nikto documentation the other day and came across two interesting items.
Interesting Item 1
Nikto is very clever with how it handles error detection to eliminate false positives.
(http://cirt.net/nikto2-docs/introduction.html)
Nikto will first use the standard RFC responses (200, 404, etc) to determine if files exist or not. Many scanners would call this good, however, Nikto will also determine the "best method" of determining errors by requesting a non-existent file and watching how the server responds. Perhaps the server will respond with a 200 OK, and serve up a "Not Found" page.(Very annoying.) Nikto will attempt to match future files to the content it received on this test request. Nikto will first make an md5 of the response of this test request after stripping out date, time, and file strings. (Variable things that could change on each request) It will then compare the md5 of future requests to the md5 of the test request to determine if it is an error page. Clever huh? I am going to have to keep this in mind if I am going to try to program a dirbuster replacement.
Interesting Item 2
You can run nikto from Nessus.
To do this follow these steps:
1) Run Nessus from a Unix system. I hope you are already doing this.
2) Install nikto via apt, svn, ports (The FreeBSD kind of course), or tar.
apt-get install nikto
3) Create a symlink of nikto.pl somewhere in your path to the nikto script you just installed. (Note: Nessus is only intelligent enough to find nikto by looking for nikto.pl in your path)
ex.: ln -s /usr/bin/nikto /usr/bin/nikto.pl
4) Rerun nessusd -R to re-process the plugins
ex.: /opt/nessus/sbin/nessusd -R
5) Restart nessusd.
ex.: /etc/init.d/nessusd restart
6) Login to the Nessus web interface and add Nikto.nasl to your scan Policy. Also, under edit policy, go to Preferences->Nikto and enable Nikto and configure it to your specifications.
(See also: http://blog.tenablesecurity.com/2010/10/integrating-nikto-with-nessus-video.html)
No comments:
Post a Comment