From dave at cirt.net Wed Feb 4 19:18:25 2009 From: dave at cirt.net (David Lodge) Date: Wed, 04 Feb 2009 19:18:25 -0000 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk wrote: > I have a number of Nikto instances on different machines, and none of > them are truly supported by the OS (hence my version bump ticket in the > Gentoo bugzilla). Would it be possible for Nikto to report in the output > then it is behind in the major release? The Gentoo problem is resolved in trunk and will be resolved in Nikto 2.10 (I was wanting to release it on the 31/12/2008, but ran out of time, but it'll be a month or two). Unfortunately, I'm not going to backport this to Nikto 2.03 (as it did take quite a rework of the config code). In terms of whether the current version is the most up to date; I'd normally shy away from checking this (though it is easy to do), simply because it means that nikto'd have to contact www.cirt.net to get version information. As I normally run nikto from a non-Internet connected source, I wouldn't want to wait for a timeout each time I run it. I could add an option to the configuration file to give it the option to check whether nikto needs an update. CC'ing to nikto-discuss in case anybody has any strong opinions either way... Thanks dave From FBreedijk at schubergphilis.com Wed Feb 4 20:40:11 2009 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 4 Feb 2009 21:40:11 +0100 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: Dave, Actually I was thinking more along the following line. I normally run nikto -update every night. If there is a plugin that will report that the base version is out of date, that would do the trick for me. If I am running without an internet connection no problem, I will make sure the plugins get there somehow. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > -----Original Message----- > From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > bounces at attrition.org] On Behalf Of David Lodge > Sent: 04 February 2009 20:18 > To: Frank Breedijk > Cc: nikto-discuss at attrition.org > Subject: [Nikto-discuss] Nikto automatically checking version, was Re: > Nikto bug about Zeus (ticket #52) > > On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk > wrote: > > I have a number of Nikto instances on different machines, and none of > > them are truly supported by the OS (hence my version bump ticket in > the > > Gentoo bugzilla). Would it be possible for Nikto to report in the > output > > then it is behind in the major release? > > The Gentoo problem is resolved in trunk and will be resolved in Nikto > 2.10 > (I was wanting to release it on the 31/12/2008, but ran out of time, > but > it'll be a month or two). Unfortunately, I'm not going to backport this > to > Nikto 2.03 (as it did take quite a rework of the config code). > > In terms of whether the current version is the most up to date; I'd > normally shy away from checking this (though it is easy to do), simply > because it means that nikto'd have to contact www.cirt.net to get > version > information. As I normally run nikto from a non-Internet connected > source, > I wouldn't want to wait for a timeout each time I run it. I could add > an > option to the configuration file to give it the option to check whether > nikto needs an update. > > CC'ing to nikto-discuss in case anybody has any strong opinions either > way... > > Thanks > > dave > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss From csullo at gmail.com Wed Feb 4 20:47:44 2009 From: csullo at gmail.com (Sullo) Date: Wed, 4 Feb 2009 15:47:44 -0500 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: If the versions file in the old ver directory is correct (which it wasn't for 2.02, incidentally--it is now), you'll see a message when you try to update (minus the prints and such): print "+ Nikto has been updated to $REMOTE{$remotefile}, local copy is $NIKTO{version}\n"; print "+ No update has taken place. Please upgrade Nikto by visiting http://$server/\n"; So, if you have a cron running you may want to grep for some of that and send an email. Sullo On Wed, Feb 4, 2009 at 3:40 PM, Frank Breedijk wrote: > Dave, > > Actually I was thinking more along the following line. I normally run nikto -update every night. If there is a plugin that will report that the base version is out of date, that would do the trick for me. > > If I am running without an internet connection no problem, I will make sure the plugins get there somehow. > > Frank Breedijk > ..-. .-. .- -. -.- > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > > > >> -----Original Message----- >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- >> bounces at attrition.org] On Behalf Of David Lodge >> Sent: 04 February 2009 20:18 >> To: Frank Breedijk >> Cc: nikto-discuss at attrition.org >> Subject: [Nikto-discuss] Nikto automatically checking version, was Re: >> Nikto bug about Zeus (ticket #52) >> >> On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk >> wrote: >> > I have a number of Nikto instances on different machines, and none of >> > them are truly supported by the OS (hence my version bump ticket in >> the >> > Gentoo bugzilla). Would it be possible for Nikto to report in the >> output >> > then it is behind in the major release? >> >> The Gentoo problem is resolved in trunk and will be resolved in Nikto >> 2.10 >> (I was wanting to release it on the 31/12/2008, but ran out of time, >> but >> it'll be a month or two). Unfortunately, I'm not going to backport this >> to >> Nikto 2.03 (as it did take quite a rework of the config code). >> >> In terms of whether the current version is the most up to date; I'd >> normally shy away from checking this (though it is easy to do), simply >> because it means that nikto'd have to contact www.cirt.net to get >> version >> information. As I normally run nikto from a non-Internet connected >> source, >> I wouldn't want to wait for a timeout each time I run it. I could add >> an >> option to the configuration file to give it the option to check whether >> nikto needs an update. >> >> CC'ing to nikto-discuss in case anybody has any strong opinions either >> way... >> >> Thanks >> >> dave >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/ From FBreedijk at schubergphilis.com Thu Feb 5 13:40:27 2009 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Thu, 5 Feb 2009 14:40:27 +0100 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: That would indeed have done the trick had it worked in version 2.02. Thanks. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > -----Original Message----- > From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > bounces at attrition.org] On Behalf Of Sullo > Sent: 04 February 2009 21:48 > To: Frank Breedijk > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] Nikto automatically checking version, was > Re: Nikto bug about Zeus (ticket #52) > > If the versions file in the old ver directory is correct (which it > wasn't for 2.02, incidentally--it is now), you'll see a message when > you try to update (minus the prints and such): > print "+ Nikto has been updated to $REMOTE{$remotefile}, local > copy is $NIKTO{version}\n"; > print "+ No update has taken place. Please upgrade Nikto by > visiting http://$server/\n"; > > So, if you have a cron running you may want to grep for some of that > and send an email. > > Sullo > > On Wed, Feb 4, 2009 at 3:40 PM, Frank Breedijk > wrote: > > Dave, > > > > Actually I was thinking more along the following line. I normally run > nikto -update every night. If there is a plugin that will report that > the base version is out of date, that would do the trick for me. > > > > If I am running without an internet connection no problem, I will > make sure the plugins get there somehow. > > > > Frank Breedijk > > ..-. .-. .- -. -.- > > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: > www.schubergphilis.com > > > > > > > >> -----Original Message----- > >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > >> bounces at attrition.org] On Behalf Of David Lodge > >> Sent: 04 February 2009 20:18 > >> To: Frank Breedijk > >> Cc: nikto-discuss at attrition.org > >> Subject: [Nikto-discuss] Nikto automatically checking version, was > Re: > >> Nikto bug about Zeus (ticket #52) > >> > >> On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk > >> wrote: > >> > I have a number of Nikto instances on different machines, and none > of > >> > them are truly supported by the OS (hence my version bump ticket > in > >> the > >> > Gentoo bugzilla). Would it be possible for Nikto to report in the > >> output > >> > then it is behind in the major release? > >> > >> The Gentoo problem is resolved in trunk and will be resolved in > Nikto > >> 2.10 > >> (I was wanting to release it on the 31/12/2008, but ran out of time, > >> but > >> it'll be a month or two). Unfortunately, I'm not going to backport > this > >> to > >> Nikto 2.03 (as it did take quite a rework of the config code). > >> > >> In terms of whether the current version is the most up to date; I'd > >> normally shy away from checking this (though it is easy to do), > simply > >> because it means that nikto'd have to contact www.cirt.net to get > >> version > >> information. As I normally run nikto from a non-Internet connected > >> source, > >> I wouldn't want to wait for a timeout each time I run it. I could > add > >> an > >> option to the configuration file to give it the option to check > whether > >> nikto needs an update. > >> > >> CC'ing to nikto-discuss in case anybody has any strong opinions > either > >> way... > >> > >> Thanks > >> > >> dave > >> _______________________________________________ > >> Nikto-discuss mailing list > >> Nikto-discuss at attrition.org > >> https://attrition.org/mailman/listinfo/nikto-discuss > > _______________________________________________ > > Nikto-discuss mailing list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > > > -- > > http://www.cirt.net | http://www.osvdb.org/ > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss From csullo at gmail.com Thu Feb 5 13:49:32 2009 From: csullo at gmail.com (Sullo) Date: Thu, 5 Feb 2009 08:49:32 -0500 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: Sorry about that... various update processes are not as smooth as they should be. The code transition to Dave went swimmingly (I think) but the rest of it is a bit of a cluster because of how I the process grew up :-) On Thu, Feb 5, 2009 at 8:40 AM, Frank Breedijk wrote: > That would indeed have done the trick had it worked in version 2.02. Thanks. > > Frank Breedijk > ..-. .-. .- -. -.- > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > > > >> -----Original Message----- >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- >> bounces at attrition.org] On Behalf Of Sullo >> Sent: 04 February 2009 21:48 >> To: Frank Breedijk >> Cc: nikto-discuss at attrition.org >> Subject: Re: [Nikto-discuss] Nikto automatically checking version, was >> Re: Nikto bug about Zeus (ticket #52) >> >> If the versions file in the old ver directory is correct (which it >> wasn't for 2.02, incidentally--it is now), you'll see a message when >> you try to update (minus the prints and such): >> print "+ Nikto has been updated to $REMOTE{$remotefile}, local >> copy is $NIKTO{version}\n"; >> print "+ No update has taken place. Please upgrade Nikto by >> visiting http://$server/\n"; >> >> So, if you have a cron running you may want to grep for some of that >> and send an email. >> >> Sullo >> >> On Wed, Feb 4, 2009 at 3:40 PM, Frank Breedijk >> wrote: >> > Dave, >> > >> > Actually I was thinking more along the following line. I normally run >> nikto -update every night. If there is a plugin that will report that >> the base version is out of date, that would do the trick for me. >> > >> > If I am running without an internet connection no problem, I will >> make sure the plugins get there somehow. >> > >> > Frank Breedijk >> > ..-. .-. .- -. -.- >> > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: >> www.schubergphilis.com >> > >> > >> > >> >> -----Original Message----- >> >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- >> >> bounces at attrition.org] On Behalf Of David Lodge >> >> Sent: 04 February 2009 20:18 >> >> To: Frank Breedijk >> >> Cc: nikto-discuss at attrition.org >> >> Subject: [Nikto-discuss] Nikto automatically checking version, was >> Re: >> >> Nikto bug about Zeus (ticket #52) >> >> >> >> On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk >> >> wrote: >> >> > I have a number of Nikto instances on different machines, and none >> of >> >> > them are truly supported by the OS (hence my version bump ticket >> in >> >> the >> >> > Gentoo bugzilla). Would it be possible for Nikto to report in the >> >> output >> >> > then it is behind in the major release? >> >> >> >> The Gentoo problem is resolved in trunk and will be resolved in >> Nikto >> >> 2.10 >> >> (I was wanting to release it on the 31/12/2008, but ran out of time, >> >> but >> >> it'll be a month or two). Unfortunately, I'm not going to backport >> this >> >> to >> >> Nikto 2.03 (as it did take quite a rework of the config code). >> >> >> >> In terms of whether the current version is the most up to date; I'd >> >> normally shy away from checking this (though it is easy to do), >> simply >> >> because it means that nikto'd have to contact www.cirt.net to get >> >> version >> >> information. As I normally run nikto from a non-Internet connected >> >> source, >> >> I wouldn't want to wait for a timeout each time I run it. I could >> add >> >> an >> >> option to the configuration file to give it the option to check >> whether >> >> nikto needs an update. >> >> >> >> CC'ing to nikto-discuss in case anybody has any strong opinions >> either >> >> way... >> >> >> >> Thanks >> >> >> >> dave >> >> _______________________________________________ >> >> Nikto-discuss mailing list >> >> Nikto-discuss at attrition.org >> >> https://attrition.org/mailman/listinfo/nikto-discuss >> > _______________________________________________ >> > Nikto-discuss mailing list >> > Nikto-discuss at attrition.org >> > https://attrition.org/mailman/listinfo/nikto-discuss >> > >> >> >> >> -- >> >> http://www.cirt.net | http://www.osvdb.org/ >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/ From FBreedijk at schubergphilis.com Thu Feb 5 14:07:35 2009 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Thu, 5 Feb 2009 15:07:35 +0100 Subject: [Nikto-discuss] Nikto automatically checking version, was Re: Nikto bug about Zeus (ticket #52) In-Reply-To: References: Message-ID: I guess I missed a smiley there ;) I would probably be in the same position if I every had to hand over AutoNessus. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > -----Original Message----- > From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > bounces at attrition.org] On Behalf Of Sullo > Sent: 05 February 2009 14:50 > To: Frank Breedijk > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] Nikto automatically checking version, was > Re: Nikto bug about Zeus (ticket #52) > > Sorry about that... various update processes are not as smooth as they > should be. The code transition to Dave went swimmingly (I think) but > the rest of it is a bit of a cluster because of how I the process grew > up :-) > > > On Thu, Feb 5, 2009 at 8:40 AM, Frank Breedijk > wrote: > > That would indeed have done the trick had it worked in version 2.02. > Thanks. > > > > Frank Breedijk > > ..-. .-. .- -. -.- > > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: > www.schubergphilis.com > > > > > > > >> -----Original Message----- > >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > >> bounces at attrition.org] On Behalf Of Sullo > >> Sent: 04 February 2009 21:48 > >> To: Frank Breedijk > >> Cc: nikto-discuss at attrition.org > >> Subject: Re: [Nikto-discuss] Nikto automatically checking version, > was > >> Re: Nikto bug about Zeus (ticket #52) > >> > >> If the versions file in the old ver directory is correct (which it > >> wasn't for 2.02, incidentally--it is now), you'll see a message when > >> you try to update (minus the prints and such): > >> print "+ Nikto has been updated to $REMOTE{$remotefile}, local > >> copy is $NIKTO{version}\n"; > >> print "+ No update has taken place. Please upgrade Nikto by > >> visiting http://$server/\n"; > >> > >> So, if you have a cron running you may want to grep for some of that > >> and send an email. > >> > >> Sullo > >> > >> On Wed, Feb 4, 2009 at 3:40 PM, Frank Breedijk > >> wrote: > >> > Dave, > >> > > >> > Actually I was thinking more along the following line. I normally > run > >> nikto -update every night. If there is a plugin that will report > that > >> the base version is out of date, that would do the trick for me. > >> > > >> > If I am running without an internet connection no problem, I will > >> make sure the plugins get there somehow. > >> > > >> > Frank Breedijk > >> > ..-. .-. .- -. -.- > >> > T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: > >> www.schubergphilis.com > >> > > >> > > >> > > >> >> -----Original Message----- > >> >> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > >> >> bounces at attrition.org] On Behalf Of David Lodge > >> >> Sent: 04 February 2009 20:18 > >> >> To: Frank Breedijk > >> >> Cc: nikto-discuss at attrition.org > >> >> Subject: [Nikto-discuss] Nikto automatically checking version, > was > >> Re: > >> >> Nikto bug about Zeus (ticket #52) > >> >> > >> >> On Wed, 04 Feb 2009 08:21:49 -0000, Frank Breedijk > >> >> wrote: > >> >> > I have a number of Nikto instances on different machines, and > none > >> of > >> >> > them are truly supported by the OS (hence my version bump > ticket > >> in > >> >> the > >> >> > Gentoo bugzilla). Would it be possible for Nikto to report in > the > >> >> output > >> >> > then it is behind in the major release? > >> >> > >> >> The Gentoo problem is resolved in trunk and will be resolved in > >> Nikto > >> >> 2.10 > >> >> (I was wanting to release it on the 31/12/2008, but ran out of > time, > >> >> but > >> >> it'll be a month or two). Unfortunately, I'm not going to > backport > >> this > >> >> to > >> >> Nikto 2.03 (as it did take quite a rework of the config code). > >> >> > >> >> In terms of whether the current version is the most up to date; > I'd > >> >> normally shy away from checking this (though it is easy to do), > >> simply > >> >> because it means that nikto'd have to contact www.cirt.net to get > >> >> version > >> >> information. As I normally run nikto from a non-Internet > connected > >> >> source, > >> >> I wouldn't want to wait for a timeout each time I run it. I could > >> add > >> >> an > >> >> option to the configuration file to give it the option to check > >> whether > >> >> nikto needs an update. > >> >> > >> >> CC'ing to nikto-discuss in case anybody has any strong opinions > >> either > >> >> way... > >> >> > >> >> Thanks > >> >> > >> >> dave > >> >> _______________________________________________ > >> >> Nikto-discuss mailing list > >> >> Nikto-discuss at attrition.org > >> >> https://attrition.org/mailman/listinfo/nikto-discuss > >> > _______________________________________________ > >> > Nikto-discuss mailing list > >> > Nikto-discuss at attrition.org > >> > https://attrition.org/mailman/listinfo/nikto-discuss > >> > > >> > >> > >> > >> -- > >> > >> http://www.cirt.net | http://www.osvdb.org/ > >> _______________________________________________ > >> Nikto-discuss mailing list > >> Nikto-discuss at attrition.org > >> https://attrition.org/mailman/listinfo/nikto-discuss > > > > > > -- > > http://www.cirt.net | http://www.osvdb.org/ > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss