[Nikto-discuss] Unwanted authentication brute-force
chris at mediumcool.net
Wed Dec 8 03:50:47 CST 2010
I'm using Nikto 2.1.3 on Windows XP.
When Nikto attempts to GET the page /bandwidth/index.cgi on the server
I'm testing it recieves the response '401 Requires Authorization'. Nikto
then appears to enter a loop repeatledly GETing /bandwidth/index.cgi
which quickly trips my client's IDS and gets me blacklisted.
I've done some test on my own web server using Nikto debugging and it
appears Nikto is trying to brute-force authentication, making around 700
request for /bandwidth/index.cgi with various credentials before it
moves on to the next test.
The command I'm running is:
nikto.pl -h 172.16.20.17 -T 1 -D D > debug.txt
I could get myself whitelisted, but I really don't want to be trying to
I see there are various options for controlling plugins and tests but
I've had a look at the code, db_tests etc., but it's hard to get a
handle on what's actually being run.
More information about the Nikto-discuss