[Nikto-discuss] Unwanted authentication brute-force

Sullo csullo at gmail.com
Wed Dec 8 12:11:43 CST 2010

There was actually a bug in the auth guessing stuff that may have caused the
high number of attempts--I just fixed it a few nights ago in the trunk
version. It should be ~300 per directory (or per realm in the trunk

You can disable plugins using -Plugins, such as:
-Plugins "@@DEFAULT;-auth"

That should run all the default ones except the auth testing.

See this page for more info: https://cirt.net/nikto2-docs/options.html


On Wed, Dec 8, 2010 at 4:50 AM, Chris Thomas <chris at mediumcool.net> wrote:

> Hi,
> I'm using Nikto 2.1.3 on Windows XP.
> When Nikto attempts to GET the page /bandwidth/index.cgi on the server I'm
> testing it recieves the response '401 Requires Authorization'. Nikto then
> appears to enter a loop repeatledly GETing /bandwidth/index.cgi which
> quickly trips my client's IDS and gets me blacklisted.
> I've done some test on my own web server using Nikto debugging and it
> appears Nikto is trying to brute-force authentication, making around 700
> request for /bandwidth/index.cgi with various credentials before it moves on
> to the next test.
> The command I'm running is:
> nikto.pl -h -T 1 -D D > debug.txt
> I could get myself whitelisted, but I really don't want to be trying to
> brute-force authentication.
> I see there are various options for controlling plugins and tests but I've
> had a look at the code, db_tests etc., but it's hard to get a handle on
> what's actually being run.
> Any suggestions?
> Thanks.
> Chris
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss


http://www.cirt.net     |      http://www.osvdb.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20101208/9614effd/attachment.html>

More information about the Nikto-discuss mailing list