Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Scanning TightVNC Web Viewer results in invalied XML output #776

Open
SpormannDavid opened this issue Oct 12, 2022 · 0 comments
Open

Bug: Scanning TightVNC Web Viewer results in invalied XML output #776

SpormannDavid opened this issue Oct 12, 2022 · 0 comments

Comments

@SpormannDavid
Copy link

SpormannDavid commented Oct 12, 2022
edited
Loading

When scanning a TightVNC web viewer service, Nikto generates an incomplete XML report (see example below).
This issue is present in versions 2.1.5, 2.1.6, and 2.5.0.

<?xml version="1.0" ?>
<!DOCTYPE niktoscan SYSTEM "docs/nikto.dtd">
<niktoscan>
<statistics elapsed="1665489179" itemsfound="" itemstested="0" endtime="2022-10-11 11:52:59" />
</scandetails>

</niktoscan>


</niktoscan>

This XML is missing one opening scandetails and one niktoscan tag and is therefore invalid.

Command used:

./nikto.pl -Plugins "@@ALL;ssl;tests(report:500)" \
  -Display EP \
  -nointeractive \
  -ask auto \
  -C none \
  -T x01 \
  -output 192_168_84_128_5800.xml \
  -Save . \
  -p 5800 \
  -h 192.168.84.128 \
  -timeout 60 \
  -Pause 0.01 \
  -maxtime 3600s

Steps to Reproduce

  1. Set up TightVNC (tested on Windows 10) with its web viewer enabled (default configuration as of 2022-10-12)
  2. Scan the TightVNC web viewer port with nikto (default: 5800)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SpormannDavid