Atomicorp

Hi all

There seems to be an error in the Nikto 2.1.4 RPM package for CentOS 6.

1. The link to the nikto configuration is broken, it points to it self.
2. The nikto.dtd is not in the rpm file, henced no xml export of the result.

The first error can be fixed quit easy: The second error can be fixed by downloading the nikto source from https://cirt.net/nikto/nikto-2.1.4.tar.gz, and unpacking the nikto.dtd to ex. /etc/nikto and then change the /etc/nikto/config file to point at this nikto.dtd.

I hope this can help others with the same issues.

Cheers Tom

Awesome work, I just merged your changes into the latest update (pretty extensive!) as verson 2.1.4-4. The only change is I've got the dtd file stored in the datadir instead of sysconfig.

Hi Scott

Great work.

Cheers Tom

Hi Scott

I found a litte bug in the new Nikto package, it looks like the DOCDIR in the config file is pointing to the wrong path, it points to: /usr/share/nikto/docs

But the Nikto docs are located in /usr/share/doc/nikto-2.1.4/

I found this issue by doing an nikto -update, and it was complaning about not being able to open /usr/share/nikto/docs/CHANGES.txt for writing.

After changening the path in the config file, and removing all the db_files a nikto -update ran flawlessly.


Cheers Tom

Great followup! so it looks like its a deeper bug than the package. The plugin actually uses "DOCUMENTDIR" instead of "DOCDIR". I couldnt find anything that actually uses "DOCDIR", so Id say thats an upstream problem too.

Easy enough to fix I set it to change the config file by default to the correct config token, give 2.1.4-5.2 a shot and let me know if that gets it.

And if you want to help debug another package, theres a nagging issue with authd in ossec we havent been able to ID yet.

Hi Scott

I have updated to nikto 2.1.4-5.2, and all seems to work as intended.

Good work


I will see if i can get a test enviroment up and running for testeng ossec, but i cant promise anything.

Cheers Tom