From sullo at cirt.net Tue Feb 2 20:19:49 2010 From: sullo at cirt.net (Sullo) Date: Tue, 2 Feb 2010 15:19:49 -0500 Subject: [Nikto-discuss] Nikto version 2.1.1 released! Message-ID: I'm happy to announce the immediate availability of Nikto 2.1.1! Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers In addition to bug fixes, 2.1.1 contains some new functionality, including: - New remote file inclusion (RFI) testing - Over 2300 new RFI tests (courtesy RSnake/OSVDB) - Sending of each test ID in the User-Agent - Libwhisker 2.5, which includes 2 new IDS evasion techniques - Ability to run specific plugins - XML report now includes SSL information See the CHANGELOG.txt file, cirt.net or assembla.com for the full list of changes. Download: http://cirt.net/Nikto2 MD5 Checksums: nikto-2.1.1.tar.bz2 = 4a7ca9634190eba8cac9847117a72446 nikto-2.1.1.tar.gz = a9404c3f464b08f3f48788d5f39e0ca7 As always, feedback, bugs and suggestions welcome. -Sullo -- http://www.cirt.net | http://www.osvdb.org/ From pswrdf at gmail.com Fri Feb 5 13:35:18 2010 From: pswrdf at gmail.com (Vladimir Passwordoff) Date: Fri, 5 Feb 2010 16:35:18 +0300 Subject: [Nikto-discuss] Science work Message-ID: <4f8deb111002050535m497047b5j9beddcd99bffeafb@mail.gmail.com> Hello. My name is Vladimir, I'm Russian student. On the 5 course of Information Security Faculty (MEPHI). And I'm interesting in your project (Nikto). I want to help your project. Would you offer me some science work? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100205/51737ca7/attachment-0001.html From dilekbilici at hotmail.com Fri Feb 5 13:57:23 2010 From: dilekbilici at hotmail.com (Dilek Bilici) Date: Fri, 5 Feb 2010 14:57:23 +0100 Subject: [Nikto-discuss] (no subject) Message-ID: Hello, Could someone help me about this message when I run Nikto : "Could not work out the Nikto EXECDIR, try setting it in niktorc" ? Thanks _________________________________________________________________ T?l?chargez Internet Explorer 8 et surfez sans laisser de trace ! http://clk.atdmt.com/FRM/go/182932252/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100205/66f3118f/attachment.html From dave at cirt.net Fri Feb 5 14:02:02 2010 From: dave at cirt.net (David Lodge) Date: Fri, 05 Feb 2010 14:02:02 -0000 Subject: [Nikto-discuss] (no subject) In-Reply-To: References: Message-ID: On Fri, 05 Feb 2010 13:57:23 -0000, Dilek Bilici wrote: > Could someone help me about this message when I run Nikto : "Could not > work out the Nikto EXECDIR, try setting it in niktorc" ? It sounds like nikto can't work out where the configuration file is (nikto.conf). Which version of nikto are you running, as this changed with 2.1.0? Thanks dave From dave at cirt.net Fri Feb 5 14:06:41 2010 From: dave at cirt.net (David Lodge) Date: Fri, 05 Feb 2010 14:06:41 -0000 Subject: [Nikto-discuss] Science work In-Reply-To: <4f8deb111002050535m497047b5j9beddcd99bffeafb@mail.gmail.com> References: <4f8deb111002050535m497047b5j9beddcd99bffeafb@mail.gmail.com> Message-ID: On Fri, 05 Feb 2010 13:35:18 -0000, Vladimir Passwordoff wrote: > Hello. My name is Vladimir, I'm Russian student. On the 5 course of > Information Security Faculty (MEPHI). And I'm interesting in your project > (Nikto). I want to help your project. Would you offer me some science > work? We can always use developers to help with Nikto, as it is open source you can work on the open bugs or adding facilities through the assembla development page: https://www.assembla.com/wiki/show/Nikto_2 You'll need to get an Assembla account and request to join the team. The trac database has a list of currently open issues -- or if you can think of other things to add. Could I ask that if you decide to help, you post your first few patches to a bug report so that Sullo or I can make sure that fit in with the way we're taking Nikto forward? Thanks dave From arbatovevgeniy at gmail.com Wed Feb 10 10:07:35 2010 From: arbatovevgeniy at gmail.com (Evgeniy Arbatov) Date: Wed, 10 Feb 2010 12:07:35 +0200 Subject: [Nikto-discuss] Nikto and HTTP Not Authorized Message-ID: <56c989d51002100207g5facabcbie70b291234005754@mail.gmail.com> Hello, I have a small issue with HTTP authentication and Nikto. When I am running this command: $ perl nikto.pl -nolookup -nossl -port 80 -Plugins ALL -h 10.0.0.1 -id UserName:passWoRD I do not see any authentication attempts with Wireshark. This is the dump of the request: HEAD / HTTP/1.1 Connection: Keep-Alive Content-Length: 0 User-Agent: Mozilla/4.75 (Nikto/2.1.1) (Evasions:None) (Test:Port Check) Content-Type: application/x-www-form-urlencoded Host: 10.0.0.1 HTTP/1.0 401 Not Authorized WWW-Authenticate: Basic realm="xxxxxxx" But there is no Authorization: Basic 'base-64 encoded username&passwod' sent by the client. What am I missing? I am using Nikto 2.1.1 and have run the $perl nikto.pl -update. Thank you in advance! Evgeniy From arbatovevgeniy at gmail.com Wed Feb 10 10:45:21 2010 From: arbatovevgeniy at gmail.com (Evgeniy Arbatov) Date: Wed, 10 Feb 2010 12:45:21 +0200 Subject: [Nikto-discuss] Nikto and HTTP Not Authorized In-Reply-To: <56c989d51002100207g5facabcbie70b291234005754@mail.gmail.com> References: <56c989d51002100207g5facabcbie70b291234005754@mail.gmail.com> Message-ID: <56c989d51002100245h6c9b12d8j4fdcfca628e78e40@mail.gmail.com> Never mind. Issue resolved after running Nikto a little longer. On Wed, Feb 10, 2010 at 12:07 PM, Evgeniy Arbatov wrote: > Hello, > > I have a small issue with HTTP authentication and Nikto. When I am > running this command: > > $ perl nikto.pl -nolookup -nossl -port 80 -Plugins ALL -h 10.0.0.1 -id > UserName:passWoRD > > I do not see any authentication attempts with Wireshark. This is the > dump of the request: > > HEAD / HTTP/1.1 > > Connection: Keep-Alive > > Content-Length: 0 > > User-Agent: Mozilla/4.75 (Nikto/2.1.1) (Evasions:None) (Test:Port Check) > > Content-Type: application/x-www-form-urlencoded > > Host: ?10.0.0.1 > > > HTTP/1.0 401 Not Authorized > > WWW-Authenticate: Basic realm="xxxxxxx" > > But there is no Authorization: Basic 'base-64 encoded > username&passwod' sent by the client. What am I missing? > > I am using Nikto 2.1.1 and have run the $perl nikto.pl -update. > > Thank you in advance! > > Evgeniy > From dave at cirt.net Wed Feb 10 14:45:40 2010 From: dave at cirt.net (David Lodge) Date: Wed, 10 Feb 2010 14:45:40 -0000 Subject: [Nikto-discuss] Nikto and HTTP Not Authorized In-Reply-To: <56c989d51002100245h6c9b12d8j4fdcfca628e78e40@mail.gmail.com> References: <56c989d51002100207g5facabcbie70b291234005754@mail.gmail.com> <56c989d51002100245h6c9b12d8j4fdcfca628e78e40@mail.gmail.com> Message-ID: On Wed, 10 Feb 2010 10:45:21 -0000, Evgeniy Arbatov wrote: > Never mind. Issue resolved after running Nikto a little longer. This is a sort of known "feature" with Nikto after 1.00; basically only the tests plugin tries to intelligently authenticate (and try to follow redirections). It has been raised as a bug: http://trac2.assembla.com/Nikto_2/ticket/101 dave From jaslinamuhammedkk at gmail.com Sun Feb 28 10:01:56 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Sun, 28 Feb 2010 15:31:56 +0530 Subject: [Nikto-discuss] error occured Message-ID: I encountered error while scanning the webserver using nikto-2.1.1. Like, + ERROR: /help.html returned an error: error reading HTTP response + /tsweb/: Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html + ERROR: /blah_badfile.shtml returned an error: error reading HTTP response + ERROR: /SiteServer/Admin/commerce/foundation/DSN.asp returned an error: error reading HTTP response + /autologon.html?10514: Remotely Anywhere 5.10.415 is vulnerable to XSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000. ... I could not get it.why this error occurs? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100228/5dd511ba/attachment.html From dave at cirt.net Sun Feb 28 14:13:52 2010 From: dave at cirt.net (David Lodge) Date: Sun, 28 Feb 2010 14:13:52 -0000 Subject: [Nikto-discuss] error occured In-Reply-To: References: Message-ID: On Sun, 28 Feb 2010 10:01:56 -0000, jaslina kk wrote: > I encountered error while scanning the webserver using nikto-2.1.1. > Like, > + ERROR: /help.html returned an error: error reading HTTP response > + /tsweb/: Microsoft TSAC found. > http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html > + ERROR: /blah_badfile.shtml returned an error: error reading HTTP > response > + ERROR: /SiteServer/Admin/commerce/foundation/DSN.asp returned an error: > error reading HTTP response > + /autologon.html?10514: Remotely Anywhere 5.10.415 is vulnerable to XSS > attacks that can lead to cookie theft or privilege escalation. This is > typically found on port 2000. > ... > I could not get it.why this error occurs? ERROR messages like are from when the HTTP server doesn't return a response, or returns a mangled response. I usually only see these on embedded devices or over a slow link, though some web servers fail to return a response on some URIs. I normally advise trying these by hand (e.g. through nc or through nikto -Single) to see exactly what the web server is doing. dave