Bug: Unable to scan servers using HTTPS

[ElephasMax]

Expected behavior

I expected nikto to successfully connect to a https webserver to conduct its scans

Actual behavior

Received the following errors:

Linux kali 5.16.0-kali6-cloud-amd64 #1 SMP PREEMPT Debian 5.16.14-1kali2 (2022-03-23) x86_64 GNU/Linux:

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.

Linux ubuntu 5.13.0-35-generic #40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /home/elephas/nikto/program/plugins/LW2.pm line 5157.

LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 42851: 1 - ERROR_SYSCALL(-1,5) :

Steps to reproduce

1. Clone nikto from repo using instructions in README
2. ./nikto.pl -h https://subdomain.domain.com/random_customer_id/#/authenticate

Nikto version

Run:

./nikto.pl -Version

---

Nikto Versions

File Version Last Mod

---

Nikto main 2.1.6
LibWhisker 2.5
db_404_strings 2.003
db_content_search 2.000
db_dictionary 1.0
db_dir_traversal 2.1.6
db_domino 2.1.6
db_drupal 1.00
db_embedded 2.004
db_favicon 2.010
db_headers 2.008
db_httpoptions 2.002
db_multiple_index 2.005
db_outdated 2.017
db_parked_strings 2.001
db_realms 2.002
db_server_msgs 2.006
db_tests 2.021
db_variables 2.004
nikto_apache_expect_xss.plugin 2.04
nikto_apacheusers.plugin 2.06
nikto_auth.plugin 2.04
nikto_cgi.plugin 2.06
nikto_clientaccesspolicy.plugin 1.00
nikto_content_search.plugin 2.05
nikto_cookies.plugin 2.05
nikto_core.plugin 2.1.5
nikto_dictionary_attack.plugin 2.04
nikto_dir_traversal.plugin 2.1.6
nikto_dishwasher.plugin 2.20
nikto_docker_registry.plugin 2.20
nikto_domino.plugin 2.1.6
nikto_drupal.plugin 1.00
nikto_embedded.plugin 2.07
nikto_favicon.plugin 2.09
nikto_fileops.plugin 1.00
nikto_headers.plugin 2.11
nikto_httpoptions.plugin 2.10
nikto_ms10_070.plugin 1.00
nikto_msgs.plugin 2.07
nikto_multiple_index.plugin 2.03
nikto_negotiate.plugin 2.00
nikto_origin_reflection.plugin 2.01
nikto_outdated.plugin 2.09
nikto_parked.plugin 2.00
nikto_paths.plugin 2.00
nikto_put_del_test.plugin 2.04
nikto_report_csv.plugin 2.07
nikto_report_html.plugin 2.06
nikto_report_json.plugin 2.00
nikto_report_nbe.plugin 2.02
nikto_report_sqlg.plugin 2.00
nikto_report_text.plugin 2.05
nikto_report_xml.plugin 2.06
nikto_robots.plugin 2.06
nikto_shellshock.plugin 2.01
nikto_siebel.plugin 1.00
nikto_sitefiles.plugin 2.00
nikto_ssl.plugin 2.01
nikto_strutshock.plugin 2.01
nikto_tests.plugin 2.04

---

and paste the output here.

Further technical info

Will comment separately

E.g. you can obtain Nikto debug output by running -D D and redirecting to a file.
You may also scrub the output of hostnames and IPs by specifying -D DS.

[digininja]

Can you hit that URL with curl?

…

On Tue, 19 Apr 2022, 21:56 Ben Roesler, ***@***.***> wrote: Expected behavior I expected nikto to successfully connect to a https webserver to conduct its scans Actual behavior Received the following errors: Linux kali 5.16.0-kali6-cloud-amd64 #1 <#1> SMP PREEMPT Debian 5.16.14-1kali2 (2022-03-23) x86_64 GNU/Linux: LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157. LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157. Linux ubuntu 5.13.0-35-generic #40 <#40>~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux LW_SSL_ENGINE=SSL: ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /home/elephas/nikto/program/plugins/LW2.pm line 5157. LW_SSL_ENGINE=SSLeay: ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 42851: 1 - ERROR_SYSCALL(-1,5) : Steps to reproduce 1. Clone nikto from repo using instructions in README 2. ./nikto.pl -h https://subdomain.domain.com/random_customer_id/#/authenticate 3. Nikto version Run: ./nikto.pl -Version ------------------------------ Nikto Versions File Version Last Mod ------------------------------ Nikto main 2.1.6 LibWhisker 2.5 db_404_strings 2.003 db_content_search 2.000 db_dictionary 1.0 db_dir_traversal 2.1.6 db_domino 2.1.6 db_drupal 1.00 db_embedded 2.004 db_favicon 2.010 db_headers 2.008 db_httpoptions 2.002 db_multiple_index 2.005 db_outdated 2.017 db_parked_strings 2.001 db_realms 2.002 db_server_msgs 2.006 db_tests 2.021 db_variables 2.004 nikto_apache_expect_xss.plugin 2.04 nikto_apacheusers.plugin 2.06 nikto_auth.plugin 2.04 nikto_cgi.plugin 2.06 nikto_clientaccesspolicy.plugin 1.00 nikto_content_search.plugin 2.05 nikto_cookies.plugin 2.05 nikto_core.plugin 2.1.5 nikto_dictionary_attack.plugin 2.04 nikto_dir_traversal.plugin 2.1.6 nikto_dishwasher.plugin 2.20 nikto_docker_registry.plugin 2.20 nikto_domino.plugin 2.1.6 nikto_drupal.plugin 1.00 nikto_embedded.plugin 2.07 nikto_favicon.plugin 2.09 nikto_fileops.plugin 1.00 nikto_headers.plugin 2.11 nikto_httpoptions.plugin 2.10 nikto_ms10_070.plugin 1.00 nikto_msgs.plugin 2.07 nikto_multiple_index.plugin 2.03 nikto_negotiate.plugin 2.00 nikto_origin_reflection.plugin 2.01 nikto_outdated.plugin 2.09 nikto_parked.plugin 2.00 nikto_paths.plugin 2.00 nikto_put_del_test.plugin 2.04 nikto_report_csv.plugin 2.07 nikto_report_html.plugin 2.06 nikto_report_json.plugin 2.00 nikto_report_nbe.plugin 2.02 nikto_report_sqlg.plugin 2.00 nikto_report_text.plugin 2.05 nikto_report_xml.plugin 2.06 nikto_robots.plugin 2.06 nikto_shellshock.plugin 2.01 nikto_siebel.plugin 1.00 nikto_sitefiles.plugin 2.00 nikto_ssl.plugin 2.01 nikto_strutshock.plugin 2.01 nikto_tests.plugin 2.04 ------------------------------ and paste the output here. Further technical info Will comment separately E.g. you can obtain Nikto debug output by running -D D and redirecting to a file. You may also scrub the output of hostnames and IPs by specifying -D DS. — Reply to this email directly, view it on GitHub <#763>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA4SWJAHJLTIWIOGCCUSIDVF4MXHANCNFSM5T2A6S7A> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[sullo]

Could you also change to the 2.5.0 branch and try again?

From the base dir of nikto, run:
git checkout nikto-2.5.0

and it should switch you.

Thanks

[ElephasMax]

@digininja Yes I can curl

@sullo I get a "SSL negotiation failed" error on both Kali and Ubuntu.. I recloned the repo, checked out nikto-2.5.0, and ran "./nikto.pl -h xxxxxx"

[sullo]

This will tell us something, I think.

Copy nikto.conf.default to nikto.conf (in the main program directory)
Edit nikto.conf and look for this section

# Choose SSL libs:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose what's available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto

Change the last line to SSLeay and test. Then change it to SSL and test.

Forcefully choosing SSL vs SSLeay might solve the problem for you, but if not it can help us determine if it's an underlying module error or in nikto/libwhisker.

[ElephasMax]

Kali:

SSLeay: No web server found on xxxxxx:443

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /var/lib/nikto/plugins/LW2.pm line 5157.
 at /var/lib/nikto/plugins/LW2.pm line 5157.
; Connection reset by peer at /var/lib/nikto/plugins/LW2.pm line 5157.
: Connection reset by peer

Ubuntu:

SSLeay:

ERROR: Error limit (20) reached for host, giving up. Last error: sending request: SSL error: ssl_write_all 5168: 1 - ERROR_SYSCALL(-1,5)

SSL:

ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed:  at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
 at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
; Connection reset by peer at /home/elephas/nikto/program/plugins/LW2.pm line 5254.
: Connection reset by peer

[sullo]

Thanks, that helps a lot... if maybe not enough.

If this is a public endpoint I could test that would help tremendously--you can deliver via email or twitter DM -- whatever works.

If I can't, I'd suggest running SSLTest and seeing if there are any weird results, or if you have a similar one that works try to spot a difference that may be impacting this.

Unfortunately debugging TLS/SSL connections in nikto/libwhisker/modules are some of the most difficult tasks, especially if I can't try it directly.

---

Note: A workaround may be to run nikto through a Burp or other proxy, which would then negotiate the connection directly to the target. See https://github.com/sullo/nikto/wiki/Annotated-Option-List if you haven't used the proxy options before.

[stappersg]

@ElephasMax in case this issue dropped from your priority list, please close it.

[ElephasMax]

@sullo I haven't heard back since I sent the email. Are you still looking into it?