Output argument not working

[chrisvel]

Whatever output I try there is no file produced. I am using 4.9.59-1-MANJARO, nikto 2.1.6 and these are the plugin versions loaded:

nikto_report_csv.plugin            2.07         
nikto_report_html.plugin           2.05         
nikto_report_nbe.plugin            2.02         
nikto_report_sqlg.plugin           2.00         
nikto_report_text.plugin           2.05         
nikto_report_xml.plugin            2.05  

Command run:

nikto -h http://192.168.1.240 -o out.txt 
- Nikto v2.1.6
---------------------------------------------------------------------------
+ ERROR: Unable to open 'out.txt' for write: 
1 at /usr/share/nikto/plugins/nikto_report_text.plugin line 40.

With sudo there is no error and no output at all.

Right now I am redirecting data to a file with > output.txt because none of the output arguments work. How can I debug this ?

[tautology0]

The error given is EPERM which normally happens if you aren't permitted to write to the file. Normally this means you don't have write permissions.

[tautology0]

Could you check whether you have write access to the directory you're running Nikto from?

[chrisvel]

Yes I do. Shouldn't it run with sudo ?

[tautology0]

Literally all it does is do: open(OUT, ">>$file") || die print STDERR "+ ERROR: Unable to open '$file' for write: $@\n"; Where $file is the filename passed on the command line; so if no path is provided it will be in the current working directory.

Have you tried providing a path (e.g. /tmp/out.txt)?

I wouldn't run Nikto with sudo as it doesn't need to do anything as root. Even as root there are ways that it could be blocking the writing of files, such as the SELinux policy, whether the volume is read-only, or whether there is already a write lock on the file.

I suspect that this may be due to the packaging in your distro, but some extra information would be useful; e.g. what directory you're running it from and a ls -ld of the directory.

[chrisvel]

I've checked permissions and everything. What finally worked is the full path. Not even -o ./output.txt. Any ideas why this might be happenning ?

[ysf]

I had the same bug. Working on manjaro with nikto 2.1.6 too. After debugging it with strace it seems that it's not opening the file from the current directory, but maybe relative to the plugin or so. Using -o /with/an/absolute/path works fine.

[tautology0]

Ah; I wonder whether this may be a downstream problem with the manjaro (or arch) package. I'd assumed that the nikto command in the original report was a renamed nikto.pl; but this could happen if they've done a wrapper script and they had a cd /usr/share/nikto rather than altered nikto.conf like they should've done.

I don't have a VM of Arch/Manjaro; any chance you could see what the "nikto" script actually is (i.e. type it to find the location and then cat it)?

[tautology0]

Aha! Found this: https://github.com/anthraxx/arch-pkgbuilds/blob/master/nikto/nikto.sh

All it does is cd /usr/share/nikto before running nikto.pl. That would explain it. If this is what it is like in a real install then it's Arch's packagers not doing it properly, so should be passed to them to resolve.

[antoniovazquezblanco]

This is also happening to me. The problem is exactly what @tautology0 has pointed out. I am running Arch.

Changing the script to the one below solves the issue.

#!/bin/sh
exec /usr/bin/perl /usr/share/nikto/nikto.pl "$@"

Thank you