Bug: Nikto v2.5.0: Progress when space pressed innacurate and update command not found?

[konn-neko]

Expected behavior

when pressing the spacebar to view how long is left, etc, it will be accurate and not end the scan at the right time, and running Perl Nikto.pl or ./nikto.pl --update should check for updates.

Actual behavior

when pressing the spacebar and the thing is at "100%" it's still performing scans for another 10+Minutes and the update command isn't found.

Steps to reproduce

1. scan a site with full config setup with high af error limit and wait for a few till the scan is "near the end" according to % it says, then once it "100% press space to see how long is left.
2. run the update command as stated in the README.md

Nikto version

Run:

I need to wait for scan to finish then i will send this

Further technical info

- STATUS: Completed 7590 requests: currently in plugin 'Nikto Tests'
- STATUS: Running average: 100 requests: 0.47814 sec, 10 requests: 0.4889 sec.

[konn-neko]

so my scan is going still, which shows how innacurate it is

[sullo]

This feature is to give you a rough idea of how quickly a scan is going, and how quickly requests are being processed.

The "Running average" is simply the requests per second of the last 10 or 100 requests. From what you posted I can see it's about half a second per request/response, so in a minute you're only going to get around 120 requests done--that's a fairly slow scan.

The estimated completion time is also fuzzy because additional tests are added on the fly so it's difficult to know the "final" number of requests ahead of time. The data shown is best-guess at the time it's displayed.

To the best of our knowledge those numbers are as accurate as can be when they are displayed by pressing the spacebar. If you have evidence to the contrary I'd love to see so we can make this more accurate.

On Mon, Feb 7, 2022 at 12:50 PM konn-neko @.***> wrote:

so my scan is going still, which shows how innacurate it is

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/757#issuecomment-1031747181, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALICRCYRIWFNZ2LZ3ZSEWDU2AA73ANCNFSM5NX5PMBA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

https://cirt.net | https://rvasec.com/

[digininja]

If you are worried about time to complete, don't use nmap, their figures are just as inaccurate and they have a big team of people working on it.

On Mon, 7 Feb 2022, 21:08 sullo, @.***> wrote:

This feature is to give you a rough idea of how quickly a scan is going, and how quickly requests are being processed.

The "Running average" is simply the requests per second of the last 10 or 100 requests. From what you posted I can see it's about half a second per request/response, so in a minute you're only going to get around 120 requests done--that's a fairly slow scan.

The estimated completion time is also fuzzy because additional tests are added on the fly so it's difficult to know the "final" number of requests ahead of time. The data shown is best-guess at the time it's displayed.

To the best of our knowledge those numbers are as accurate as can be when they are displayed by pressing the spacebar. If you have evidence to the contrary I'd love to see so we can make this more accurate.

On Mon, Feb 7, 2022 at 12:50 PM konn-neko @.***> wrote:

so my scan is going still, which shows how innacurate it is

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/757#issuecomment-1031747181, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AALICRCYRIWFNZ2LZ3ZSEWDU2AA73ANCNFSM5NX5PMBA

. You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

https://cirt.net | https://rvasec.com/

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/757#issuecomment-1031926088, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWICFOJCXMT3C7HMXTTU2AYGRANCNFSM5NX5PMBA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

[konn-neko]

This feature is to give you a rough idea of how quickly a scan is going, and how quickly requests are being processed. The "Running average" is simply the requests per second of the last 10 or 100 requests. From what you posted I can see it's about half a second per request/response, so in a minute you're only going to get around 120 requests done--that's a fairly slow scan. The estimated completion time is also fuzzy because additional tests are added on the fly so it's difficult to know the "final" number of requests ahead of time. The data shown is best-guess at the time it's displayed. To the best of our knowledge those numbers are as accurate as can be when they are displayed by pressing the spacebar. If you have evidence to the contrary I'd love to see so we can make this more accurate. … On Mon, Feb 7, 2022 at 12:50 PM konn-neko @.> wrote: so my scan is going still, which shows how innacurate it is — Reply to this email directly, view it on GitHub <#757 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALICRCYRIWFNZ2LZ3ZSEWDU2AA73ANCNFSM5NX5PMBA . You are receiving this because you are subscribed to this thread.Message ID: @.> -- https://cirt.net | https://rvasec.com/

so I do have slow wifi, which might influence my results some, and what about the update command?

[sullo]

You should run from the Github repository, and use git update. The -update feature was deprecated a while ago.

[konn-neko]

You should run from the Github repository, and use git update. The -update feature was deprecated a while ago.

ah, thank you