[Nikto-discuss] Unwanted authentication brute-force

Chris Thomas chris at mediumcool.net
Wed Dec 8 03:50:47 CST 2010


I'm using Nikto 2.1.3 on Windows XP.

When Nikto attempts to GET the page /bandwidth/index.cgi on the server 
I'm testing it recieves the response '401 Requires Authorization'. Nikto 
then appears to enter a loop repeatledly GETing /bandwidth/index.cgi 
which quickly trips my client's IDS and gets me blacklisted.

I've done some test on my own web server using Nikto debugging and it 
appears Nikto is trying to brute-force authentication, making around 700 
request for /bandwidth/index.cgi with various credentials before it 
moves on to the next test.

The command I'm running is:
nikto.pl -h -T 1 -D D > debug.txt

I could get myself whitelisted, but I really don't want to be trying to 
brute-force authentication.

I see there are various options for controlling plugins and tests but 
I've had a look at the code, db_tests etc., but it's hard to get a 
handle on what's actually being run.

Any suggestions?



More information about the Nikto-discuss mailing list