Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Using Nessus to call Nikto

Earlier this year, Michel Arboi wrote a blog post explaining how to use Nessus to call Nikto and incorporate the results into Nessus output. Most newcomers to Nessus have enabled the nikto.nasl wrapper only to find it produced no output. Some Nessus users have found various ways to ensure Nikto was called correctly and the output displayed. Others chose to run Nikto separately for various reasons. The following guide will explain how to easily configure Nessus to properly call Nikto. This will allow you to save considerable time, especially on scans against a large amount of systems.

Background

Nikto is a small and fast Open Source (GPL) web scanner written by Sullo, based on RFP's LibWhisker. The scanner performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers and version specific problems on over 250 servers.

Configuration

The nikto.nasl plugin can call Nikto directly from Nessus to help automate assessment work. Nessus 3 has been updated to support the release of Nikto 2.03, the current version as of September, 2008. A default installation of Nessus will not automatically call and execute Nikto. During the installation of Nessus, you must make a few configuration changes to the environment so that Nikto is run automatically:

* First, the Nessus daemon must be run on Unix. The nikto.nasl script will not run on Nessus for Windows.
* Download the current version of Nikto. Uncompress and untar the distribution, and move the entire directory to /opt (or another directory of your choice, but subsequent configuration options must be consistent in the use of this directory).
* Note: Nessus does not look for any command name other than "nikto.pl" (as distributed). If Nikto is installed by any distribution-tuned packages that renames this file or uses a wrapper, nikto.nasl will not find it.
* When nessusd is run (i.e. when the plugins are compiled and the daemon started), nikto.pl must be found in the $PATH of the shell that executes nessus (i.e. adding it to root's $PATH may be insufficient). This can be done by editing /etc/profile (or whatever system profile is invoked by shells) and adding /opt/nikto-2.03 to the path.
* The NASL script that calles Nikto is nikto.nasl (Plugin ID 14260, titled "Nikto (NASL wrapper)", in the "CGI Abuses" family) and can be found under /opt/nessus/lib/nessus/plugins.
* From a command shell, run "nikto.pl" from any directory other than /opt/nikto-2.03 to ensure it is in the $PATH and runs correctly.
* Rerun nessusd -R to re-process the plugins, and restart the nessusd daemon gracefully using the init script and "restart" option. (if this does not work, kill the nessusd process and run "nessusd -D")
* If you or your OS distribution create a symlink in a directory such as /usr/local/bin, ensure that /opt/nikto-2.03 is in the $PATH declaration before the directory with the symlink. If not, nessusd will see the first occurrence of nikto.pl and attempt to execute it. In doing so, Nikto will not find the configuration or data files required to properly run. If your Nessus scans attempt to execute Nikto but produce no output, this may be one cause. Either remove the symlink or adjust the $PATH setting.
* Finally, nikto.nasl is disabled by default in the scan policy. To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'.

Your next Nessus scan should successfully execute Nikto and provide the results in the report.

Common Problems

* If the Nikto wrapper is not seen in the plugin list, it is likely that nikto.pl was not found when the plugins were compiled. Make sure /opt/nikto-2.03 is in $PATH, run "nessusd -R" to recompile the plugins and restart nessusd.
* If the Nikto wrapper is seen, but Nikto does not run (i.e. no output is displayed in the report), it is possible that nessusd did not find nikto.pl when the plugin was launched. If nessusd is started automatically by an init shell script, this script should be edited to add /opt/nikto-2.03 to the $PATH.

Command Summary

To summarize the installation, your configuration sequence should look similar to the following. Lines beginning with # are comments.

# configuration start
cd /opt
# get the Nikto package
wget http://cirt.net/nikto/nikto-current.tar.gz
# uncompress and untar, creating the nikto-2.03 directory
tar xvz nikto-current.tar.gz
# make sure that /opt/nikto-2.03/nikto.pl exists and is executable by running it and verifying it displays usage information
/opt/nikto-2.03/nikto.pl
# ensure the $PATH knows where to find Nikto. to help ensure this works, also edit your system profile to add this path
PATH=/opt/nikto-2.03:$PATH
export PATH
# ensure nikto.nasl is present
ls -l /opt/nessus/lib/nessus/plugins/nikto.nasl
# re-process the plugins
/opt/nessus/sbin/nessusd -R
# restart nessusd gracefully. if this doesn't work, try "killall nessusd; nessusd -D"
/etc/init.d/nessusd restart

The Nikto NASL plugin automatically selects some options such as using SSL support or virtual host name (supported by HTTP/1.1 only). The plugin will not execute Nikto against web servers that do not return a 404 error code on non-existent pages to avoid Nikto output showing thousands of false positives.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training