[Nikto-discuss] Using DirBuster lists
traef at ebasedsecurity.com
Sat Dec 20 11:59:37 UTC 2008
What did your udb_tests file look like? How was it formatted to allow
Was it successful? Did it slow down the scan too much?
How was it implemented?
From: Jason Leyrer [mailto:jleyrer at gmail.com]
Sent: Friday, December 19, 2008 4:32 PM
To: Thomas Raef
Cc: security curmudgeon; nikto-discuss at attrition.org
Subject: Re: [Nikto-discuss] Using DirBuster lists
I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did
this so I could run multiple checks per directory, i.e. does it exist?,
is it indexable?, etc.
On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <traef at ebasedsecurity.com>
Next question, where would I put this list. I would probably parse it
down to reduce the number of requests, but where would I put such a
Would config.txt allow me to specify a file to check?
Thank you for your guidance.
> -----Original Message-----
> From: security curmudgeon [mailto:jericho at attrition.org]
> Sent: Friday, December 19, 2008 3:13 PM
> To: Thomas Raef
> Cc: nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Using DirBuster lists
> : I was looking at including the list of directory names to check by
> : including the lists from OWASP's DirBuster project.
> : I'd like to hear reasons for and against doing such a thing.
> for: thorough lists, can find some good directories
> against: even their short list is pretty hefty, and generates a ton of
> requests. the long list? takes way too long to run against a single
Nikto-discuss mailing list
Nikto-discuss at attrition.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nikto-discuss