Description of problem: When i upgrade to 2.1.5-2, scanning of https / ssl does not work anymore. It could be that nikto has it's own LW.pm module, which is not in the package. (See http://cirt.net/nikto2-docs/installation.html) Version-Release number of selected component (if applicable): nikto-2.1.5-2.fc17.noarch How reproducible: Just run this command: $ nikto -host google.com -port 443 -ssl and get the result: Undefined subroutine &LW2::init_ssl_engine called at /bin/nikto line 66. Steps to Reproduce: 1. Run in shell "nikto -host google.com -port 443 -ssl" Actual results: Undefined subroutine &LW2::init_ssl_engine called at /bin/nikto line 66. Expected results: That the scanning runs Additional info: It worked in 2.1.4
Created attachment 620751 [details] New nikto.spec file Figured out that the problem is that Nikto uses a modified version of LW2.pm. Therefore modified the spec-file. (Attached.) Should also remove the "nikto-libwhisker2.patch" file.
Hello Kjetil, this is against the pakaging guidelines to use embedded libraries. If possible we should have one libwhisker in the system. That is the reason why there was some libwhisker2 patch in the first place. Simple commenting out the line works, but is indeed somehow greedy in resources. #set SSL Engine #LW2::init_ssl_engine($CONFIGFILE{'LW_SSL_ENGINE'}); I would say it is libwhisker which should be patched or maybe even the Net:SSLey, if it is really the one who leaks. There seems to be some more thing on the other hand some more issue which needs attention. With this release all db_* files moved from /usr/share/nikto/plugins to /usr/share/nikto/database. Michal Ambroz
I just confirmed the memory leak is really there. The memory leak in Net::SSleay is best demonstrated on a ssl server, which takes long to response. Using the libwhisker from nikto2 using Net::SSL would be running ok (cca 30M of memory), but using the system libwhisker Some more info: http://attrition.org/pipermail/nikto-discuss/2008-April/000032.html
but using system libwhisker - the Net::SSLeay is preffered and it quickly eats all the memory (2Gigs in less than minute scanning single host)
nikto-2.1.5-3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/nikto-2.1.5-3.fc17
Package nikto-2.1.5-3.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nikto-2.1.5-3.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15415/nikto-2.1.5-3.fc17 then log in and leave karma (feedback).
nikto-2.1.5-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.