Calling nikto from a bash script & capturing the output

Bl4ckHead

I make my own recon script for HTB and OSCP. It's working well for the most part, but when I run nikto I only get the head of the ouput, like this

That's my script call, I can't give it more than 10 minutes, my whole script is designed to do as many recon things in 30min or less as possible but not saturate the box or connection so I can work on it in parallel.

timeout 600s nikto -host "$boxUrl" -port "$httpPort" -vhost "$boxUrl" | tee nikto.txt &>/dev/null &

I had the script run on many boxes, but with nikto it's always the same output

- Nikto v2.1.6
---------------------------------------------------------------------------

When I don't use tee but instead nikto -o I get no output at all.

I looked up how nmapAutomator does it, but it's working very different. nmapAutomator script makes a new script from where things are called.

When I run the same nikto with the same parameters from bash it all works as it should and is finished in less than 5min.

HomeSen

You might need to also specify the --foreground parameter, when invoking timeout via a script. Just a wild guess, derived from what the man page says:

--foreground
when not running timeout directly from a shell prompt, allow COMMAND to read from the TTY and get TTY signals; in this mode, children of COMMAND will not be timed out

timeout --foreground 600s nikto -host "$boxUrl" -port "$httpPort" -vhost "$boxUrl" | tee nikto.txt &>/dev/null &

Bl4ckHead

Ok cool, I'll check it out! Thanks a lot