Results 1 to 7 of 7

Thread: Nikto Help

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Nikto Help

    Hey AO. I'm at a loss here. I am having a time getting Nikto configured to scan HTTPS. I have the latest version of OpenSSL, libnet, Nikto, ... I can't seem to get it to recognize the Net::SSLeay module. I think I just don't know what I am doing. I downloaded the module and put it in my Perl directory, but it says that it can't load it. The command I execute is:

    Code:
    perl -MNet::SSLeay ./nikto.pl -h xxx.xxx.xxx.xxx -allcgi
    and I get this error:

    Code:
    Can't locate auto/Net/SSLeay/autosplit.ix in @INC (@INC contains: /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.6.0/AutoLoader.pm line 133. 
    at /usr/lib/perl5/5.6.0/Net/SSLeay.pm line 56 
    Can't locate loadable object for module Net::SSLeay in @INC (@INC contains: /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at ./nikto.pl line 0 
    Compilation failed in require. 
    BEGIN failed--compilation aborted.

    I made sure that the files were in the path mentioned. I can't seem to find anything half way decent to help explain configuration of this tool for scanning HTTPS. Any help would be appreciated gang.


    Thanks in advance.

    Opinions are like holes - everybody\'s got\'em.

    Smile

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    sorry for this pointless post ... but when a senior needs help .. it's serious ... i dont know the answer ... but somebody does .. come on people try your best to help him... this is ridiculous..... again sorry for this pointless post

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    115
    just a quick stab in the dark here, don't you have to compile the perl:SSLeay module so that you don't have to run the script in the front? i have my nikto running on my vmware and when i do testing on our company's webservers ssl connection, i didn't have to give it that parameter... or maybe i'm missing something...

    -w0rm3y

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Thanks guys. I found another link that may help me out. I am going to try it out tomorrow and let you guys know what happened with more gorey details...hehe.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Hi,

    This is how I've done on my FreeBSD laptop :
    Code:
    # perl nikto.pl  -host xxx.xxx.xxx.xxx -verbose -allcgi
    I haven't try nikto on my Linux box..how about try this (not really sure if this works):
    Code:
    # perl nikto.pl -host xxx.xxx.xxx.xxx -verbose -allcgi
    Have you noticed that I used '-host" instead of '-h" ( "-h" for my 'whisker" )

    Cheerss

    Annya
    Not an image or image does not exist!
    Not an image or image does not exist!

  6. #6
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Ok, gang. I got it working with the following:

    Nikto-1.30
    Net_SSLeay.pm-1.22
    openssl-0.9.7b
    perl 5.6.0

    These versions of Nikto and OpenSSL are said to be not tested, but I figured I would try it out anyway. I mean...why not...hehe.

    Hey Annya: I ran it with the following syntax so that I could be absolutely sure that it would work with the SSL module.

    Code:
    ./nikto.pl -g -h xxx.xxx.xxx.xxx -verbose -allcgi -port 443 -ssl
    I was originally getting an error (wish I copied it) stating something along the lines of cannot scan using SSL because it wasn't properly configured, but now, that's gone! Life is good.

    Thanks for responding to my post. By the way, how do you like using it? Would you consider it one of your "essentials" for web scanning, or do you have another preference? Just curious.

    Edit: By the way, I forgot to mention that I am currently running it on a RH 7.2 box. I think I will try it on Slackware 9 just for giggles. That's my latest distro.

    Cheers

    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Originally posted here by t2k2
    Ok, gang. I got it working with the following:

    Nikto-1.30
    Net_SSLeay.pm-1.22
    openssl-0.9.7b
    perl 5.6.0

    These versions of Nikto and OpenSSL are said to be not tested, but I figured I would try it out anyway. I mean...why not...hehe.

    Hey Annya: I ran it with the following syntax so that I could be absolutely sure that it would work with the SSL module.

    Code:
    ./nikto.pl -g -h xxx.xxx.xxx.xxx -verbose -allcgi -port 443 -ssl
    I was originally getting an error (wish I copied it) stating something along the lines of cannot scan using SSL because it wasn't properly configured, but now, that's gone! Life is good.

    Thanks for responding to my post. By the way, how do you like using it? Would you consider it one of your "essentials" for web scanning, or do you have another preference? Just curious.

    Edit: By the way, I forgot to mention that I am currently running it on a RH 7.2 box. I think I will try it on Slackware 9 just for giggles. That's my latest distro.

    Cheers

    t2k2
    Heeya t2k2 ..thanks for that, I'll try on my Linux box when I reinstall nikto (at the moment I have whisker on my linux box)

    Cheers
    Not an image or image does not exist!
    Not an image or image does not exist!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •