.

Nessus and Nikto

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Tue May 14, 2013 12:13 pm

Nessus and Nikto

I've been trying to integrate Nessus and Nikto.  I've followed all the instructions on this video:

http://www.youtube.com/watch?v=6kHyAhFv7xg

But when I run the scan nothing seems to happen.  Meaning no new vulnerabilities appear compared to a Nessus scan that doesn't have Nikto enabled.

The only information I was able to find in nessusd.messages was the following:

  Code:
launching nikto.nasl against 192.168.0.125 [1251]
nikto.nasl (process 1251) finished its job in 0.010 seconds


This seems incredibly fast compared to running Nikto from the command line, which works fine.  Does anyone have any ideas on how to get this working, or where on my system I could check to find additional information on what is happening?

I'm running CentOS 6.4 x64 and Nessus 5.2.

Thanks.
Sec+, eCPPT
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue May 14, 2013 2:11 pm

Re: Nessus and Nikto

I don't know if this will help you or not, but, I found this thread on the Nessus forum.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed May 15, 2013 2:20 am

Re: Nessus and Nikto

Looking at the audit trail, I see the following message:

Nikto was not found in $PATH

When logged in as root or a normal user Nikto is in my path.  Is there anyway to view the path nessus is using?  Or is there a system path I can change?  Thoughts?
Sec+, eCPPT
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri May 17, 2013 4:19 am

Re: Nessus and Nikto

i can't watch that movie IDK why anyway:

is network established between you and the target? can you ping it?
Can you scan the target with nmap?

Is your target on internet? if it is:
Are you behind any firewall? If you are, try this scan:
  Code:
nmap --scanflags SYNFIN <Target IP address>

This may bypass the firewall.
Always scan the server using IP address because they may implemented network load balancing so you may scan different servers each and every time.

Is your target in a virtual lab? if it is:
Make sure that you attack system and server are using a same network adapter otherwise they can't connect to each other.
check your IP addresses for both systems

i hope this info can be helpful if not tell me i will watch the vidoe.
ICS Academy Network Security Certified
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Sat May 18, 2013 2:56 am

Re: Nessus and Nikto

Cyber.spirit wrote:i can't watch that movie IDK why anyway:

is network established between you and the target? can you ping it?
Can you scan the target with nmap?

Is your target on internet? if it is:
Are you behind any firewall? If you are, try this scan:
  Code:
nmap --scanflags SYNFIN <Target IP address>

This may bypass the firewall.
Always scan the server using IP address because they may implemented network load balancing so you may scan different servers each and every time.

Is your target in a virtual lab? if it is:
Make sure that you attack system and server are using a same network adapter otherwise they can't connect to each other.
check your IP addresses for both systems

i hope this info can be helpful if not tell me i will watch the vidoe.


????
Sec+, eCPPT
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Jul 17, 2013 9:00 pm

Re: Nessus and Nikto

What user is nessus running as? Make sure the profile for that user has nikto in the path.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software