tautology0
commented
4 years ago The top level tag seems to be in error - it definitely shouldn't be before the DOCTYPE.
Closed microidz closed 3 years ago
tautology0
commented
4 years ago The top level tag seems to be in error - it definitely shouldn't be before the DOCTYPE.
microidz
commented
4 years ago [edited to remove email address]
Hi, here's the Nikto command I'm using to perform the scan: nikto -h http://scanme.webscantest.com/ -o scanme_nikto -Format xml
I'm running nikto version 2.1.6
I've also joined the output file from Nikto.
tautology0
commented
4 years ago This is a wee bit more complex to fix than it should be - looks like our DTD is a tad out of date as well.
rachkor
commented
4 years ago The top level tag seems to be in error - it definitely shouldn't be before the DOCTYPE. @tautology0 I'm with the Dradis support team. Based on this response, my current plan is to not update our Nikto upload plugin and to wait for a Nikto update to remove the second set of
niktoscantags. Does that make sense with your plans?
sullo
commented
3 years ago The updated XML format is only slightly different than before. TLDR; The outermost <niktoscan> elements have been updated as <niktoscans>. This required the order of report opening to change.
The new schema is, essentially:
<niktoscans> # Wrapper for this invocation of Nikto
<niktoscan> # Scan of one host (ip+name+port+protocol); multiple allowed
<scandetails> # Details of the scan
<item></item> # Scan item (finding); mulitple allowed
</scandetails> # Closing Details of the scan
</niktoscan> # Closing Scan of one host
</niktoscans> # Closing the Wrapper for this invocation of NiktoAlso tagging #467 for closure
Hi guys,
It seems like the XML output file structure changed since earlier version which now includes a "second set" of tags:
In the past, the file structure was like this: https://github.com/dradis/dradis-nikto/blob/master/spec/fixtures/files/localhost.xml
So as this requires to manually modify the xml output before it can be ingested by Dradis, I would like to know if this "double tags format" will be the one used from now on. If that's the case, I'll put in a request to the Dradis folks so they can modify the parser.
Thanks!