A new version of Nikto is available, please version bump Reproducible: Always Steps to Reproduce: 1. emerge nikto 2. nikto 2.01 is emerged Actual Results: nikto 2.01 is emerged Expected Results: nikto 2.02 should have emerged
Created attachment 142197 [details] Nikto 2.02 ebuild Updated ebuild working on amd64 and x86
nikto 2.03 is out. Thanks!
Created attachment 166727 [details] Nikto 2.03 ebuild I have vcreated a nikto-2.03 ebuild and provided it to the sectools overlay (http://gentoo.o0o.nu)
Created attachment 179479 [details] nikto-2.03.ebuild Updated ebuild. Updates sed calls in src_unpack (I think kbase is no longer needed), remove .svn cruft and simplify src_install. By the way, there are some more path mess, for example: plugins/nikto_core.plugin: open(OUT,">$NIKTO{plugindir}/../docs/CHANGES.txt") When doing nikto -update, it'll try to write to /usr/share/nikto/plugins/../docs/CHANGES.txt which doesn't exist. Although, I don't know if that's worth fixing, since leaving cruft on /usr/share/doc/${PF} aftear each ebuild bump may be worse.
I'm the current maintainer for Nikto (Sullo can't do it any more). I would like to move Nikto to a more LSB friendly type file structure anyway (as Ubuntu, Gentoo, Fedora and BSD packages move the files around a lot), so I'm happy to take suggestions as the best way to fix this upstream. My initial thought is to set up a new $NIKTO{docpath} variable to point the way to docs. Unless somebody has a better suggestion. I've raised this in the nikto bug tracker as bug #72: http://trac2.assembla.com/Nikto_2/ticket/72 Just a couple of notes for the package: * If you're using nikto 2.03, ensure that you have a nikto 2.03 config file, don't use an old one or nikto will fail to find HTTP hosts. * I plan, in the near future to release nikto 2.10; this is probably a couple of months away.
The latest SVN version of nikto has the directories moved out to the nikto.conf file (so this'll be fixed in version 2.10). All you need to alter is the config file and the location of it (by default, one of /etc/nikto.conf, ~/nikto.conf and ./nikto.conf)
Hi David, I afraid the path in a config file won't help much. Thus, for example, the current path of my installation is /usr/share/doc/nikto-2.03-r1/CHANGES.txt.bz2. Please note it's bz-ed as well. I suggest to have have two separate log files: one for the main application and one for plugins in the same directory with plugins itself. I think it would make sense if the "update" option would touch files in one directory (currently /usr/share/nikto/plugins/) only. As a main problem I see "nikto_core.plugin" file which is not really a plugin. You might want to merge it the the main nikto script and release a new version with the proper changelog file if you need to update it. Thank you. ps. I'm a bit late with the suggestion, sorry about it.
You're echoing my goals for moving nikto in a more package orientated entity. Unfortunately most of the stuff in nikto_core is quite tied in with the code, so this'll be migrated (a lot into a separate perl module), but this won't happen until I've had time to do some real development work on it, so at least 6 months away. Having a separate change log for the plugins makes sense, though placing this with the plugins breaks the old mixing code and documentation rule... I need to think about this fully. One thing though: Nikto can't be expected to cope with packages changing files (e.g. bziping them). I'll try working with the different distribution maintainers, but if each has different standards one will end up with large amounts of code checking for every possible change that package makers can make.
The current ebuild download http://www.cirt.net/source/nikto/ARCHIVE/nikto-2.03.tar.bz2 but that package still has broken SSL support (see http://trac2.assembla.com/Nikto_2/ticket/55). Either the archive needs updating or the ebuild should get http://www.cirt.net/source/nikto/nikto-2.03.tar.bz2 which is fixed.
Created attachment 185591 [details] nikto-2.03 with fixed ssl I'd say the upsteam need to be more consistent: - don't archive current version; - don't host different sources with the same name - tar ball should have name+version as a first level directory (this ebuild runs "cd nikto" every time) ps. Make sure you remove /usr/portage/distfiles/nikto* before running "ebuild nikto-203.ebuild manifest", otherwise you'll end up with an error.
Actually, my ebuild will be broken after 2.04 release, so previous ebuild with "ARCHIVE" source path + "-update" might be a better solution. We could have both paths in the ebuild but sources are different.. brr.. David: I think this is an indirect "echo" of having nikto_core.plugin ;-)
(In reply to comment #11) > Actually, my ebuild will be broken after 2.04 release, so previous ebuild with > "ARCHIVE" source path + "-update" might be a better solution. > We could have both paths in the ebuild but sources are different.. brr.. > > David: I think this is an indirect "echo" of having nikto_core.plugin ;-) > Thanks, i added 2.0.3.
