Setting up PCI scan which includes Nikto

Hi, we use GSM for vulnerability scanning and also wish to run PCI scans.

  1. In the scan config - is it as simple as enabling “Launch latest PCI-DSS version” in the Network Vulnerability Test Preferences?

  2. We also have Nikto packaged as part of our Greenbone installation, and we would like Nikto to automatically run against any web servers that are detected during a vulnerabilitiy scan (no matter what port). Can this also be set up in the scan config?

Thanks in advance

Hi,

In the scan config - is it as simple as enabling “Launch latest PCI-DSS version” in the Network Vulnerability Test Preferences?

it depends on what you want to do? If you refer to section 11.2 from the PCI-DSS v3.2 (Run internal and external network vulnerability scans), then I would suggest to run an authenticated Full & Fast scan and an unauthenticated Full & Fast scan (for more information, please read chapter Payment Card Industry Data Security Standard (PCI DSS) in the user manual as well).

If you want to check for other PCI-DSS requirements, run the latest PCI-DSS version.

We also have Nikto packaged as part of our Greenbone installation, and we would like Nikto to automatically run against any web servers that are detected during a vulnerabilitiy scan (no matter what port). Can this also be set up in the scan config?

I am not sure about this, but AFAIK this is not possible. But maybe anyone tried this already and can correct me?

2 Likes

Thanks for the response emoss - after some (brief) initial testing I can see that Nikto runs against web servers on port 80, but not against port 8443 for example.

Also on the particular NVTs that should be selected in order to scan with Nikto, there seems to be two Nikto-related NVTs that I could find - if anyone has an idea whether it’s a good idea to run only one or both (or if there are others that affect Nikto) please let me know.

|Name:|Nikto (NASL wrapper)|
|Family:|Web application abuses|
|OID:|1.3.6.1.4.1.25623.1.0.14260|

and

|Name:|Starts nikto with Option -Tuning x016bc and write to KB|
|Family:|IT-Grundschutz|
|OID:|1.3.6.1.4.1.25623.1.0.96044|

I’ll repost again after further testing has completed