[Nikto-discuss] Using DirBuster lists

Thomas Raef traef at ebasedsecurity.com
Fri Dec 19 22:15:26 UTC 2008

Next question, where would I put this list. I would probably parse it
down to reduce the number of requests, but where would I put such a

Would config.txt allow me to specify a file to check?

Thank you for your guidance.

> -----Original Message-----
> From: security curmudgeon [mailto:jericho at attrition.org]
> Sent: Friday, December 19, 2008 3:13 PM
> To: Thomas Raef
> Cc: nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Using DirBuster lists
> : I was looking at including the list of directory names to check by
> : including the lists from OWASP's DirBuster project.
> :
> : I'd like to hear reasons for and against doing such a thing.
> for: thorough lists, can find some good directories
> against: even their short list is pretty hefty, and generates a ton of
> requests. the long list? takes way too long to run against a single
> host.

More information about the Nikto-discuss mailing list