Nitko always exits with a non-0 exit code.

[Souf149]

Expected behavior

After succesfully running Nitko with no issues a 0 exit code should be given.

Actual behavior

After seemingly succesfully running Nitko with no issues a non-0 exit code is given.

Steps to reproduce

1. run this dockerfile with docker build ./ -t myImage && docker run myImage

   
   FROM python:3.11-slim

WORKDIR /app RUN adduser --disabled-password --gecos '' nonroot RUN apt update -y && apt-get install -y --no-install-recommends git && pip install httpx COPY ./client.py ./client.py

RUN git clone https://github.com/sullo/nikto

RUN ./nikto/program/nikto.pl -h example.com -o /tmp/output.json

ENTRYPOINT [ "/usr/local/bin/python", "-m", "client" ]

USER nonroot

2. Observe that `RUN ./nikto/program/nikto.pl -h 46.23.85.171 -o /tmp/output.json` exits the dockerfile because it has ran into an error.

### Question
Is there a reason I am not seeing why a non-0 exit code is given? I was not able to find anything about it in existing issues or the documentation

[digininja]

I just ran Nikto from the command line against my site and got a return code of 1. I never normally check but there were no errors so I assume this is the default return code.

On Tue, 30 Jul 2024 at 12:28, Soufyan Abdellati @.***> wrote:

Expected behavior

After succesfully running Nitko with no issues a 0 exit code should be given. Actual behavior

After seemingly succesfully running Nitko with no issues a non-0 exit code is given. Steps to reproduce

1. run this dockerfile with docker build ./ -t myImage && docker run myImage

FROM python:3.11-slim WORKDIR /appRUN adduser --disabled-password --gecos '' nonrootRUN apt update -y && apt-get install -y --no-install-recommends git && pip install httpxCOPY ./client.py ./client.py RUN git clone https://github.com/sullo/nikto RUN ./nikto/program/nikto.pl -h example.com -o /tmp/output.json ENTRYPOINT [ "/usr/local/bin/python", "-m", "client" ] USER nonroot

2. Observe that RUN ./nikto/program/nikto.pl -h 46.23.85.171 -o /tmp/output.json exits the dockerfile because it has ran into an error.

Question

Is there a reason I am not seeing why a non-0 exit code is given? I was not able to find anything about it in existing issues or the documentation

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/837, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMZLBW7BE62E7SBJMDZO52FXAVCNFSM6AAAAABLWFF3P6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGQZTONRQGM2TGOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Souf149]

According to geeksforgeeks the default (non-error) code should be 0. This makes it an issue when making a service with docker's RUN command.

Would it be possible to change this?

[digininja]

As a temporary fix you could add a shim which runs nikto and then returns

0. You then have Docker run your script rather than running Nikto directly.

On Tue, 30 Jul 2024 at 13:03, Soufyan Abdellati @.***> wrote:

According to geeksforgeeks https://www.geeksforgeeks.org/how-to-use-exit-code-to-read-from-terminal-from-script-and-with-logical-operators/ the default (non-error) code should be 0. This makes it an issue when making a service with docker's RUN command.

Would it be possible to change this?

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/837#issuecomment-2258184120, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWIY4WKRT5UFBLZM5PDZO56H7AVCNFSM6AAAAABLWFF3P6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGE4DIMJSGA . You are receiving this because you commented.Message ID: @.***>

[Souf149]

Indeed I could. For now I am doing RUN ./nikto/program/nikto.pl -h example.com -o /tmp/output.json & exit 0;

But I'd like a more permanent solution in case nikto actually returns an exception

[digininja]

That is up to Sullo, I just run the tool and make suggestions.

On Tue, 30 Jul 2024 at 13:20, Soufyan Abdellati @.***> wrote:

Indeed I could. For now I am doing RUN ./nikto/program/nikto.pl -h example.com -o /tmp/output.json & exit 0;

But I'd like a more permanent solution in case nikto actually returns an exception

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/837#issuecomment-2258217114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWJ433AT4EYGI5J6HW3ZO6AIHAVCNFSM6AAAAABLWFF3P6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGIYTOMJRGQ . You are receiving this because you commented.Message ID: @.***>

[Souf149]

Thank you for your inputs. 😁

Is Sullo still active?

[digininja]

Yes, I'm sure he will be in touch when he has a spare five minutes.

On Tue, 30 Jul 2024 at 13:32, Soufyan Abdellati @.***> wrote:

Thank you for your inputs. 😁

Is Sullo still active?

— Reply to this email directly, view it on GitHub https://github.com/sullo/nikto/issues/837#issuecomment-2258240341, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNWLA34P5SIP6WIGF3ZO6BW7AVCNFSM6AAAAABLWFF3P6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGI2DAMZUGE . You are receiving this because you commented.Message ID: @.***>

[sullo]

Perl's default exit code is 0 as far as I can see. In many places the code is explicitly using 0/1 exit codes (that should be cleaned up to be all locations).

I think the problem is this bit:

    if ($mark->{'total_errors'} > 0 || $mark->{'total_vulns'} > 0) {
        $is_failure = 1;
    }

and then the final exit

nprint("+ $COUNTERS{'hosts_completed'} host(s) tested");
nprint("+ $COUNTERS{'totalrequests'} requests made in $COUNTERS{'scan_elapsed'} seconds", "v");

send_updates(@MARKS);

nprint("T:" . localtime() . ": Ending", "d");

exit $is_failure;

So, if there are any errors OR findings, it will exit with an error code. Seems like the intent was to signal if the scan ran ok rather than the program. I can't think of a good reason for this now.

I'll whip up a patch; this isn't complicated.

[sullo]

@Souf149 that should be resolved with a new git pull. please let us know & close if it's resolved.

[Souf149]

Thank you for the quick fix! From testing I have learnt that the problem has been fixed. Issue resolved!