[Nikto-discuss] Using DirBuster lists

Thomas Raef traef at ebasedsecurity.com
Sat Dec 20 11:59:37 UTC 2008

What did your udb_tests file look like? How was it formatted to allow
the tests?


Was it successful? Did it slow down the scan too much?


How was it implemented?


Thank you.


From: Jason Leyrer [mailto:jleyrer at gmail.com] 
Sent: Friday, December 19, 2008 4:32 PM
To: Thomas Raef
Cc: security curmudgeon; nikto-discuss at attrition.org
Subject: Re: [Nikto-discuss] Using DirBuster lists



I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did
this so I could run multiple checks per directory, i.e. does it exist?,
is it indexable?, etc.

On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <traef at ebasedsecurity.com>

Next question, where would I put this list. I would probably parse it
down to reduce the number of requests, but where would I put such a

Would config.txt allow me to specify a file to check?

Thank you for your guidance.

> -----Original Message-----
> From: security curmudgeon [mailto:jericho at attrition.org]
> Sent: Friday, December 19, 2008 3:13 PM
> To: Thomas Raef
> Cc: nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Using DirBuster lists
> : I was looking at including the list of directory names to check by
> : including the lists from OWASP's DirBuster project.
> :
> : I'd like to hear reasons for and against doing such a thing.
> for: thorough lists, can find some good directories
> against: even their short list is pretty hefty, and generates a ton of
> requests. the long list? takes way too long to run against a single
> host.

Nikto-discuss mailing list
Nikto-discuss at attrition.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20081220/ec6b72e0/attachment.html 

More information about the Nikto-discuss mailing list