2009-05-04

[en] Calling Nikto from Nessus

Nikto is a small and fast web scanner written by Sullo. It is based on RFP's LibWhisker.
The nikto.nasl plugin can call it from Nessus. I updated it four months ago to support Nikto2.
The latest Nikto version is 2.02 and it "works for me" with the standard distribution.

Several Nessus users have reported problems running the plugin. Here are the critical points:
  • First you need to run the Nessus daemon on Unix. nikto.nasl will not run on Nessus for Windows.
  • nikto.pl has to be found in $PATH when nessusd is run, i.e. when the plugins are compiled and when the daemon is started. Nessus does not look for any other command name (nikto, nikto.sh, etc.) that may be installed by any distro-tuned package.
    The file (under /opt/nessus/lib/nessus/plugins) is nikto.nasl, the script ID is 14260, the name is "Nikto (NASL wrapper)", you should find in the "CGI abuses" family. If you do not see it, fix your $PATH, make sure that nikto.pl is executable, rerun nessusd -R and restart the daemon.
    A good place to set up $PATH is your Nessus start-up script; try /etc/init.d/nessusd or /etc/init.d/rc
  • Some people/distros install nikto.pl into a specific directory like /opt/nikto-2.02/ and add a link /usr/local/bin/nikto.pl. This will not work as you need to go into the Nikto directory before launching the command; otherwise, Nikto will not find its data files. Nessus does not read the link and would chdir to /usr/local/bin instead of /opt/nikto-2.02.
    If the plugin is listed, it is run (according to /opt/nessus/var/nessus/nessusd.messages) but it does not produce any output, you may well be in this bad configuration.
    Either remove the link or make sure that /opt/nikto-2.02 appears before /usr/local/bin in $PATH.
  • Last but not least, nikto.nasl is disabled by default. You'll have to change its preferences (if you are running NessusClient3, edit your policy, click on the "Advanced" tab and select "Nikto (NASL wrapper)"). Change "Enable Nikto" from "no" to "yes".
This installation sequence should work:
cd /opt
tar jxvf ..../nikto-2.02.tar.bz2
# This will create a nikto-2.02 directory
# make sure that /opt/nikto-2.02/nikto.pl exists and is executable
PATH=/opt/nikto-2.02:$PATH; export PATH
nessusd -R
killall nessusd # if necessary
nessusd -D # add other options if necessary

The plugin automatically selects some options, like SSL support or virtual host name (which is supported by HTTP/1.1 only). It will not run against web server that do not send back a 404 code on non existent pages, because Nikto is prone to verbose false alerts in that case.
I did not play with all options, some of them may be broken or incompatible with Nessus. Feel free to e-mail me if you find such cases.