From kathleen.zaharchuk at hp.com Tue Feb 5 16:15:29 2008 From: kathleen.zaharchuk at hp.com (Kathy Zaharchuk) Date: Tue, 05 Feb 2008 11:15:29 -0500 Subject: [Nikto-discuss] Which GPL license? Message-ID: <47A88BA1.6020508@hp.com> Good morning, I'd like to verify which version of the GPL (2 or 3) license is used by Nikto 2.0*. The LICENSE.txt file in the docs directory included with the kit does not include a GPL version number. Thanks, Kathy Z. From sullo at cirt.net Tue Feb 5 16:41:13 2008 From: sullo at cirt.net (Sullo) Date: Tue, 5 Feb 2008 11:41:13 -0500 Subject: [Nikto-discuss] Which GPL license? In-Reply-To: <47A88BA1.6020508@hp.com> References: <47A88BA1.6020508@hp.com> Message-ID: That's odd, but you are right. It's actually licensed for version 2 of the GPL only. If you check any of the perl files you'll see this: # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 # of the License only. Regards, Sullo On Feb 5, 2008 11:15 AM, Kathy Zaharchuk wrote: > Good morning, > > I'd like to verify which version of the GPL (2 or 3) license is used by > Nikto 2.0*. The LICENSE.txt file in the docs directory included with > the kit does not include a GPL version number. > > Thanks, > Kathy Z. > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080205/06d33dda/attachment.html From jamuse at gmail.com Wed Feb 13 14:28:02 2008 From: jamuse at gmail.com (J Amuse) Date: Wed, 13 Feb 2008 16:28:02 +0200 Subject: [Nikto-discuss] -404 option Message-ID: <8c1870620802130628h72b69c60s9c96873a28a0b871@mail.gmail.com> Wasn't there a -404 option to specify a string for custom file not found error messages once upon a time? I'm using nikto-2.0.2. How do I define custom file not found error messages to reduce the FPs? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080213/eb7f2607/attachment.html From csullo at gmail.com Wed Feb 13 14:41:07 2008 From: csullo at gmail.com (Sullo) Date: Wed, 13 Feb 2008 09:41:07 -0500 Subject: [Nikto-discuss] -404 option In-Reply-To: <8c1870620802130628h72b69c60s9c96873a28a0b871@mail.gmail.com> References: <8c1870620802130628h72b69c60s9c96873a28a0b871@mail.gmail.com> Message-ID: That was a version 1.x flag. What you can do in 2.x is create a user-defined "udb_404_strings" file in the plugins directory. If the 404 check fails to find a 404 based on headers, it will fall back on content and use these strings to identify 404 pages (and if that fails, hashing--which is tough to get right--and probably what your scan is doing now). Just enter any strings you need, one per line. This file won't be over-written when updates are done. This link explains the user databases (although for 404 strings you don't need a unique identifier). http://cirt.net/nikto2-docs/ch07s02.html -Sullo On Feb 13, 2008 9:28 AM, J Amuse wrote: > Wasn't there a -404 option to specify a string for custom file not found > error messages once upon a time? I'm using nikto-2.0.2. How do I define > custom file not found error messages to reduce the FPs? > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080213/ba00f31a/attachment.html From sullo at cirt.net Fri Feb 22 04:25:16 2008 From: sullo at cirt.net (Sullo) Date: Thu, 21 Feb 2008 23:25:16 -0500 Subject: [Nikto-discuss] Nikto Subversion & Trac now available Message-ID: <47BE4EAC.4020900@cirt.net> In order to bring some community contribution to Nikto, I've set up a project site on Assembla.com, which will let everyone commit to the source code via Subversion, and tickets via Trac. Assembla manages the software (woohoo!), and has more tools the project can use should they become necessary--such as a wiki, chat, etc. I hope this will encourage more people to help out, whether it's via code updates or tickets. Instructions for signing up for an Assembla account and joining the project are on the main page--you can't miss it. http://trac2.assembla.com/Nikto_2/wiki/WikiStart Links & announcements on cirt.net are forthcoming, but I want to shake this out a little... so please post here or let me know if you experience any difficulties with Assembla, Trac or SVN. -Sullo From jabra at spl0it.org Fri Feb 22 04:44:18 2008 From: jabra at spl0it.org (Jabra) Date: Thu, 21 Feb 2008 23:44:18 -0500 Subject: [Nikto-discuss] Nikto Subversion & Trac now available In-Reply-To: <47BE4EAC.4020900@cirt.net> References: <47BE4EAC.4020900@cirt.net> Message-ID: <20080222044418.GA28725@navi.v2s.org> On Thu, Feb 21, 2008 at 11:25:16PM -0500, Sullo wrote: > In order to bring some community contribution to Nikto, I've set up a > project site on Assembla.com, which will let everyone commit to the > source code via Subversion, and tickets via Trac. Assembla manages the > software (woohoo!), and has more tools the project can use should they > become necessary--such as a wiki, chat, etc. > > I hope this will encourage more people to help out, whether it's via > code updates or tickets. Instructions for signing up for an Assembla > account and joining the project are on the main page--you can't miss it. > > http://trac2.assembla.com/Nikto_2/wiki/WikiStart > > Links & announcements on cirt.net are forthcoming, but I want to shake > this out a little... so please post here or let me know if you > experience any difficulties with Assembla, Trac or SVN. So I just signed up for an account and all, but when I went to login to trac I noticed the trac http login doesn't redirect users to https. Something to note before logging in. Otherwise, looks awesome!!!! Regards, Jabra -- Jabra < jabra at spl0it.org > http://www.spl0it.org From sullo at cirt.net Fri Feb 22 04:50:45 2008 From: sullo at cirt.net (Sullo) Date: Thu, 21 Feb 2008 23:50:45 -0500 Subject: [Nikto-discuss] Nikto Subversion & Trac now available In-Reply-To: <20080222044418.GA28725@navi.v2s.org> References: <47BE4EAC.4020900@cirt.net> <20080222044418.GA28725@navi.v2s.org> Message-ID: <47BE54A5.6070608@cirt.net> Jabra wrote: > So I just signed up for an account and all, but when I went to login to > trac I noticed the trac http login doesn't redirect users to https. > Something to note before logging in. > I don't have control over the Login link in the upper right, but I did change the link in the Big Yellow Box. I'll be sure from now on to link directly to the https site, since it all works there just as well (or, arguably, better). Regards Sullo