Package: libnet-ssleay-perl Version: 1.30-1 Severity: normal I'm not sure if the issue is with ssleay or libssl0.9.8, but nikto version 1.35-1 does not work for SSL connections. It works normally for regular HTTP sessions. Here is the output from an SSL session:
$ nikto -h miller -p 443 -ssl --------------------------------------------------------------------------- - Nikto 1.35/1.36 - www.cirt.net + No HTTP(s) ports found on miller / 443 + 1 host(s) tested The debug output isn't much help: $ nikto -h miller -p 443 -ssl -debug --------------------------------------------------------------------------- - Nikto 1.35/1.36 - www.cirt.net D: - Target id:1:ident:miller:ports_in:443: D: - Request Hash: D: - Connection: Keep-Alive D: - Host: miller D: - User-Agent: Mozilla/4.75 (Nikto/1.35 ) D: - $whisker->INITIAL_MAGIC: 31337 D: - $whisker->anti_ids: D: - $whisker->force_bodysnatch: 0 D: - $whisker->force_close: 0 D: - $whisker->force_open: 0 D: - $whisker->host: miller D: - $whisker->http_req_trailer: D: - $whisker->http_ver: 1.1 D: - $whisker->ignore_duplicate_headers: 1 D: - $whisker->include_host_in_uri: 0 D: - $whisker->lowercase_incoming_headers: 1 D: - $whisker->method: HEAD D: - $whisker->method_postfix: D: - $whisker->normalize_incoming_headers: 1 D: - $whisker->port: 443 D: - $whisker->req_spacer: D: - $whisker->req_spacer2: D: - $whisker->retry: 1 D: - $whisker->save_ssl_info: 1 D: - $whisker->ssl: 1 D: - $whisker->timeout: 10 D: - $whisker->trailing_slurp: 0 D: - $whisker->uri: / D: - $whisker->uri_param_sep: ? D: - $whisker->uri_postfix: D: - $whisker->uri_prefix: D: - Result Hash: D: - $whisker->INITIAL_MAGIC 31338 D: - $whisker->error Error sending request to server: Could not send entire data queue D: - $whisker->retry_errors ARRAY(0x85eff50) D: - $whisker->ssl_cert_issuer /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/[EMAIL PROTECTED] D: - $whisker->ssl_cert_subject /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/[EMAIL PROTECTED] D: - $whisker->ssl_cipher DHE-RSA-AES256-SHA D: - $whisker->uri / + No HTTP(s) ports found on miller / 443 + 1 host(s) tested The results are the same with nikto-1.35 from cirt.org. It includes libwhisker 1.7. The Auditor Security Collection CD image (version 200605-02-ipw2100) from remote-exploit.org, which is based on Debian, works with this combination of packages: nikto 1.32 libwhisker-perl 1.7 libnet-ssleay-perl 1.25 libssl0.9.7 0.9.7e Other installed packages related to this bug: ii libwhisker-per 1.8-1 Perl module geared for HTTP testing ii nikto 1.35-1 web server security scanner -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (600, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libnet-ssleay-perl depends on: ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii libssl0.9.8 0.9.8a-8 SSL shared libraries ii perl 5.8.8-3 Larry Wall's Practical Extraction ii perl-base [perlapi-5.8.7] 5.8.8-3 The Pathologically Eclectic Rubbis libnet-ssleay-perl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
