[Nikto-discuss] db_variables bug

David Lodge dave at cirt.net
Tue Aug 12 08:27:30 UTC 2008


On Mon, 11 Aug 2008 18:23:26 +0100, Ryan Dewhurst <ryandewhurst at gmail.com>  
wrote:
> Hello,
> Been trying to add my own variables to nikto. Ive read in the manual that
> you should put these in the config.txt file if you do not want them to be
> over written when nikto is updated. When putthing the variable in
> config.txt, nikto does not pick up on them. I added my custom variables  
> to
> db_variables, this does get picked up by nikto but it only uses the last
> variable in the list and does not try all of them.

Okay; this looks like a bug in the documentation - config.txt is really a  
config file for nikto to find the databases and plugins; not for the  
actual tests. I'll fix this as part of the updates to documentation I'm  
planning...

> This is the line of code that I am adding to the files:
> @COPPERMINE=/ /fotos/ /photos/ /gallery/ /galeria/ /galerie/ /album/
> /coppermine/ /Coppermine/
>
> Using nikto in verbose display, it shows that nikto only trys the last
> variable, in the case above this would be "/Coppermine/". It totally  
> ignores
> the other variables.

Which version of nikto did you do this one? There was a bug in nikto 2.02  
related to variables where it would only use the last element of a  
variable and ignore the rest; this is fixed in svn (and 2.03, when I can  
actually get www.cirt.net to update to the new version).

So it may be that this bug is already fixed!

dave


More information about the Nikto-discuss mailing list