[Nikto-discuss] False positives ?

David Lodge dave at cirt.net
Mon May 11 14:10:54 UTC 2009


Nick, I sent you an email about this this morning.

On Mon, 11 May 2009 14:51:30 +0100, Thomas Raef <traef at ebasedsecurity.com>  
wrote:
> I've noticed these false positives as well.
> If you have a default 404 page, you'll see these false positives as the  
> URL issued with the GET command does return a page - your default 404  
> page so it assumes that since it issued a command and received a result  
> the command must have worked.
> That's been my findings anyway. Anyone have more information?

In my experience it tends to happen when the web server returns a 200 and  
then returns a reader friendly page to say "file not found". Nikto does  
perform some checks to attempt to work out non-404 404 pages, but it can't  
always get them.

If you can send me any examples of pages (either the output from a  
nikto.pl -D d or the page itself) then I can use this to improve the  
matching algorithms.

Thanks

dave


More information about the Nikto-discuss mailing list