[Nikto-discuss] Using DirBuster lists

[Thomas Raef]

Ok. Thank you.

I did read that but wasn't sure if there was some other method that the
list might find better.

I'll give it a try.

Thanks again.

> -----Original Message-----
> From: Sullo [mailto:csullo at gmail.com]
> Sent: Friday, December 19, 2008 6:02 PM
> To: Thomas Raef
> Cc: security curmudgeon; nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Using DirBuster lists
> 
> Check out the documentation, as it will give you some information on
> how to set up a user-defined test database, and Nikto will
> automatically load and use it when it is scanning.
> 
> http://cirt.net/nikto2-docs/ch07.html
> Specifically, section 2.
> 
> -Sullo
> 
> On Fri, Dec 19, 2008 at 5:15 PM, Thomas Raef
<traef at ebasedsecurity.com>
> wrote:
> > Next question, where would I put this list. I would probably parse
it
> > down to reduce the number of requests, but where would I put such a
> > list?
> >
> > Would config.txt allow me to specify a file to check?
> >
> > Thank you for your guidance.
> >
> >> -----Original Message-----
> >> From: security curmudgeon [mailto:jericho at attrition.org]
> >> Sent: Friday, December 19, 2008 3:13 PM
> >> To: Thomas Raef
> >> Cc: nikto-discuss at attrition.org
> >> Subject: Re: [Nikto-discuss] Using DirBuster lists
> >>
> >>
> >> : I was looking at including the list of directory names to check
by
> >> : including the lists from OWASP's DirBuster project.
> >> :
> >> : I'd like to hear reasons for and against doing such a thing.
> >>
> >> for: thorough lists, can find some good directories
> >>
> >> against: even their short list is pretty hefty, and generates a ton
> of
> >> requests. the long list? takes way too long to run against a single
> >> host.
> >
> > _______________________________________________
> > Nikto-discuss mailing list
> > Nikto-discuss at attrition.org
> > https://attrition.org/mailman/listinfo/nikto-discuss
> >
> 
> 
> 
> --
> 
> http://www.cirt.net     |      http://www.osvdb.org/