From jaslinamuhammedkk at gmail.com Tue Mar 2 05:54:43 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Tue, 2 Mar 2010 11:24:43 +0530 Subject: [Nikto-discuss] alerting Message-ID: I am planning to do an automatic alert via email to network administrator about the vulnerabilities. Its a LAN scanner..I thought of building it up from nikto in linux platform. also using the *sendmail in linux.* Is there any other method for doing this? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100302/dac7c07c/attachment.html From FBreedijk at schubergphilis.com Tue Mar 2 06:27:22 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Tue, 2 Mar 2010 07:27:22 +0100 Subject: [Nikto-discuss] alerting Message-ID: Jaslina, I am planning to include support for native Nikto in version 2 of Seccubus. I am getting some development hours in, but don't know when the rewrite will be finished. It can also be done via Seccubus V1 if you kick of Nikto via Nessus or OpenVAS. Alternatively, iif you are looking for more granularity and are parsing the Nikto output file to get to the individual findings we could join forces and integrate native Nikto into Seccubus V1. Frank ..-. .-. .- -. -.- Typed with my thumbs on a tiny keyboard Frank Breedijk CISSP - Schuberg Philis ________________________________ From: nikto-discuss-bounces at attrition.org To: nikto-discuss at attrition.org Sent: Tue Mar 02 06:54:43 2010 Subject: [Nikto-discuss] alerting I am planning to do an automatic alert via email to network administrator about the vulnerabilities. Its a LAN scanner..I thought of building it up from nikto in linux platform. also using the sendmail in linux. Is there any other method for doing this? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100302/7ed61b8f/attachment-0001.html From dave at cirt.net Tue Mar 2 07:45:15 2010 From: dave at cirt.net (David Lodge) Date: Tue, 02 Mar 2010 07:45:15 -0000 Subject: [Nikto-discuss] alerting In-Reply-To: References: Message-ID: On Tue, 02 Mar 2010 05:54:43 -0000, jaslina kk wrote: > I am planning to do an automatic alert via email to network administrator > about the vulnerabilities. Its a LAN scanner..I thought of building it > up > from nikto in linux platform. also using the *sendmail in linux.* Is > there > any other method for doing this? It's up to you how you do this, the easiest way would be to just email Nikto's output as part of a shell script. If you want to be adventurous, you could try and write a report plugin for Nikto to automagically email when it finds a vulnerability. From karlenenorris at hotmail.com Wed Mar 10 16:36:35 2010 From: karlenenorris at hotmail.com (karlene norris) Date: Wed, 10 Mar 2010 16:36:35 +0000 Subject: [Nikto-discuss] Nikto Assignment Question Message-ID: Please can you help. I am lookin for more information regarding : the mutate technique IDS evasion But explained in more detail, I have loked everywhere on the net and in pdfs and they all seem to say the same thing. I look forward to hearing from you and would be happy to send you my project once i have finished Many thanks _________________________________________________________________ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100310/92d17085/attachment.html From csullo at gmail.com Wed Mar 10 16:46:06 2010 From: csullo at gmail.com (Sullo) Date: Wed, 10 Mar 2010 11:46:06 -0500 Subject: [Nikto-discuss] Nikto Assignment Question In-Reply-To: References: Message-ID: On Wed, Mar 10, 2010 at 11:36 AM, karlene norris wrote: > I am lookin for more information regarding : > > the mutate technique the most detail for this is in the docs: http://cirt.net/nikto2-docs/options.html#id303478 beyond that, looking at the code or asking specific questions here is your best bet. > IDS evasion The evasion techniques are based on RFP's original paper and implemented in libwhisker. http://www.wiretrip.net/rfp/txt/whiskerids.html I hope that helps. -Sullo From StormontS at imsweb.com Wed Mar 10 20:18:03 2010 From: StormontS at imsweb.com (Stormont, Stephen (IMS)) Date: Wed, 10 Mar 2010 15:18:03 -0500 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line Message-ID: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> I have Nessus 4 installed on Fedora 12 and I have Nikto installed. All of our nessus scans are done from the command line, and I'm trying to figure out which files I need to edit (and what I need to put in them) to get Nikto up and running since we don't use the Nessus GUI for scans. Thanks. Steve ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100310/ca41d723/attachment.html From csullo at gmail.com Wed Mar 10 20:23:18 2010 From: csullo at gmail.com (Sullo) Date: Wed, 10 Mar 2010 15:23:18 -0500 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> References: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> Message-ID: On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) wrote: > ??????? I have Nessus 4 installed on Fedora 12 and I have Nikto installed. > All of our nessus scans are done from the command line, and I'm trying to > figure out which files I need to edit (and what I need to put in them) to > get Nikto up and running since we don't use the Nessus GUI for scans. did you check this out? http://blog.tenablesecurity.com/2008/09/using-nessus-to.html From StormontS at imsweb.com Wed Mar 10 20:25:47 2010 From: StormontS at imsweb.com (Stormont, Stephen (IMS)) Date: Wed, 10 Mar 2010 15:25:47 -0500 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: References: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> Message-ID: <478A13719799AF40B1BADDC32F8ABB58029257D094@FALCON.omni.imsweb.com> Yes, but that says "To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'." and we don't use the GUI. -----Original Message----- From: Sullo [mailto:csullo at gmail.com] Sent: Wednesday, March 10, 2010 3:23 PM To: Stormont, Stephen (IMS) Cc: nikto-discuss at attrition.org Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) wrote: > I have Nessus 4 installed on Fedora 12 and I have Nikto installed. > All of our nessus scans are done from the command line, and I'm trying to > figure out which files I need to edit (and what I need to put in them) to > get Nikto up and running since we don't use the Nessus GUI for scans. did you check this out? http://blog.tenablesecurity.com/2008/09/using-nessus-to.html Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. From csullo at gmail.com Wed Mar 10 20:28:37 2010 From: csullo at gmail.com (Sullo) Date: Wed, 10 Mar 2010 15:28:37 -0500 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: <478A13719799AF40B1BADDC32F8ABB58029257D094@FALCON.omni.imsweb.com> References: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> <478A13719799AF40B1BADDC32F8ABB58029257D094@FALCON.omni.imsweb.com> Message-ID: Hmm... I think you might have better luck asking on one of the Nessus lists rather than here, unless someone else on the list knows... On Wed, Mar 10, 2010 at 3:25 PM, Stormont, Stephen (IMS) wrote: > ? ? ? ?Yes, but that says "To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'." ?and we don't use the GUI. > > -----Original Message----- > From: Sullo [mailto:csullo at gmail.com] > Sent: Wednesday, March 10, 2010 3:23 PM > To: Stormont, Stephen (IMS) > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) > wrote: >> ? ? ? ? I have Nessus 4 installed on Fedora 12 and I have Nikto installed. >> All of our nessus scans are done from the command line, and I'm trying to >> figure out which files I need to edit (and what I need to put in them) to >> get Nikto up and running since we don't use the Nessus GUI for scans. > > did you check this out? > http://blog.tenablesecurity.com/2008/09/using-nessus-to.html > > Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. > -- http://www.cirt.net | http://www.osvdb.org/ From lyger at attrition.org Wed Mar 10 20:42:06 2010 From: lyger at attrition.org (lyger) Date: Wed, 10 Mar 2010 20:42:06 +0000 (UTC) Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: References: <478A13719799AF40B1BADDC32F8ABB58029257D093@FALCON.omni.imsweb.com> <478A13719799AF40B1BADDC32F8ABB58029257D094@FALCON.omni.imsweb.com> Message-ID: Check out: https://discussions.nessus.org/index.jspa Plenty of Tenable and other knowledgable folk on there, perhaps someone might take an interest in the question and discuss. On Wed, 10 Mar 2010, Sullo wrote: ": " Hmm... I think you might have better luck asking on one of the Nessus ": " lists rather than here, unless someone else on the list knows... ": " ": " On Wed, Mar 10, 2010 at 3:25 PM, Stormont, Stephen (IMS) ": " wrote: ": " > ? ? ? ?Yes, but that says "To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'." ?and we don't use the GUI. ": " > ": " > -----Original Message----- ": " > From: Sullo [mailto:csullo at gmail.com] ": " > Sent: Wednesday, March 10, 2010 3:23 PM ": " > To: Stormont, Stephen (IMS) ": " > Cc: nikto-discuss at attrition.org ": " > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line ": " > ": " > On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) ": " > wrote: ": " >> ? ? ? ? I have Nessus 4 installed on Fedora 12 and I have Nikto installed. ": " >> All of our nessus scans are done from the command line, and I'm trying to ": " >> figure out which files I need to edit (and what I need to put in them) to ": " >> get Nikto up and running since we don't use the Nessus GUI for scans. ": " > ": " > did you check this out? ": " > http://blog.tenablesecurity.com/2008/09/using-nessus-to.html From FBreedijk at schubergphilis.com Thu Mar 11 00:47:32 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Thu, 11 Mar 2010 01:47:32 +0100 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line Message-ID: Stephen, You can create the configuration file in the GUI and then save the file as a .nessusrc file. Frank ..-. .-. .- -. -.- Typed with my thumbs on a tiny keyboard Frank Breedijk CISSP - Schuberg Philis ----- Original Message ----- From: nikto-discuss-bounces at attrition.org To: Stormont, Stephen (IMS) Cc: nikto-discuss at attrition.org Sent: Wed Mar 10 21:28:37 2010 Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line Hmm... I think you might have better luck asking on one of the Nessus lists rather than here, unless someone else on the list knows... On Wed, Mar 10, 2010 at 3:25 PM, Stormont, Stephen (IMS) wrote: > ? ? ? ?Yes, but that says "To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'." ?and we don't use the GUI. > > -----Original Message----- > From: Sullo [mailto:csullo at gmail.com] > Sent: Wednesday, March 10, 2010 3:23 PM > To: Stormont, Stephen (IMS) > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) > wrote: >> ? ? ? ? I have Nessus 4 installed on Fedora 12 and I have Nikto installed. >> All of our nessus scans are done from the command line, and I'm trying to >> figure out which files I need to edit (and what I need to put in them) to >> get Nikto up and running since we don't use the Nessus GUI for scans. > > did you check this out? > http://blog.tenablesecurity.com/2008/09/using-nessus-to.html > > Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. > -- http://www.cirt.net | http://www.osvdb.org/ _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss From StormontS at imsweb.com Thu Mar 11 03:38:22 2010 From: StormontS at imsweb.com (Stormont, Stephen (IMS)) Date: Wed, 10 Mar 2010 22:38:22 -0500 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: References: Message-ID: <478A13719799AF40B1BADDC32F8ABB5802925B5539@FALCON.omni.imsweb.com> Nessus 4 has done away with the separate Nessus Client and I can't find the respective location in the new version. Doesn't a .nessusrc file have to already exist in order for Seccubus to work? ________________________________________ From: Frank Breedijk [FBreedijk at schubergphilis.com] Sent: Wednesday, March 10, 2010 7:47 PM To: 'csullo at gmail.com'; Stormont, Stephen (IMS) Cc: 'nikto-discuss at attrition.org' Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line Stephen, You can create the configuration file in the GUI and then save the file as a .nessusrc file. Frank ..-. .-. .- -. -.- Typed with my thumbs on a tiny keyboard Frank Breedijk CISSP - Schuberg Philis ----- Original Message ----- From: nikto-discuss-bounces at attrition.org To: Stormont, Stephen (IMS) Cc: nikto-discuss at attrition.org Sent: Wed Mar 10 21:28:37 2010 Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line Hmm... I think you might have better luck asking on one of the Nessus lists rather than here, unless someone else on the list knows... On Wed, Mar 10, 2010 at 3:25 PM, Stormont, Stephen (IMS) wrote: > Yes, but that says "To change this under NessusClient3 for example, edit the policy and click on the 'Advanced' tab. In the drop down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from 'no' to 'yes'." and we don't use the GUI. > > -----Original Message----- > From: Sullo [mailto:csullo at gmail.com] > Sent: Wednesday, March 10, 2010 3:23 PM > To: Stormont, Stephen (IMS) > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) > wrote: >> I have Nessus 4 installed on Fedora 12 and I have Nikto installed. >> All of our nessus scans are done from the command line, and I'm trying to >> figure out which files I need to edit (and what I need to put in them) to >> get Nikto up and running since we don't use the Nessus GUI for scans. > > did you check this out? > http://blog.tenablesecurity.com/2008/09/using-nessus-to.html > > Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. > -- http://www.cirt.net | http://www.osvdb.org/ _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. From wkwang at cisco.com Thu Mar 11 20:17:05 2010 From: wkwang at cisco.com (Peter Wang) Date: Thu, 11 Mar 2010 15:17:05 -0500 Subject: [Nikto-discuss] Error reading HTTP response Message-ID: Hi, I upgraded Nikto to 2.1.1 and did a scan. Nikto returned a lot of ?error reading HTTP response?. It didn?t have this error with previous Nikto 2.03 version. Do you know what?s the issue with Nikto 2.1.1? nikto -Cgidirs all -host 10.1.6.9 -p 80 -F xml -o /tmp/watch:vtp-web-defect.tcl:20100304-223531:nikto: Nikto v2.1.1 --------------------------------------------------------------------------- + Target IP: 10.1.6.9 + Target Hostname: 10.1.6.9 + Target Port: 80 + Start Time: 2010-03-05 22:36:09 --------------------------------------------------------------------------- + Server: cisco-IOS + ERROR: /webcgi/flexform.cgi returned an error: error reading HTTP response + ERROR: /mpcgi/flexform.cgi returned an error: error reading HTTP response + ERROR: /htbin/flexform.cgi returned an error: error reading HTTP response + ERROR: /fcgi-bin/flexform.cgi returned an error: error reading HTTP response + ERROR: /webcgi/lwgate returned an error: error reading HTTP response + ERROR: /mpcgi/lwgate returned an error: error reading HTTP response + ERROR: /htbin/lwgate returned an error: error reading HTTP response + ERROR: /fcgi-bin/lwgate returned an error: error reading HTTP response + ERROR: /cgi-sys/handler.cgi returned an error: error reading HTTP response + ERROR: /scripts/handler.cgi returned an error: error reading HTTP response + ERROR: /cgi-perl/handler.cgi returned an error: error reading HTTP response + ERROR: /bin/finger returned an error: error reading HTTP response + ERROR: /cgi-sys/formmail.pl returned an error: error reading HTTP response + ERROR: /scripts/formmail.pl returned an error: error reading HTTP response + ERROR: /cgi-perl/formmail.pl returned an error: error reading HTTP response Thanks, Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100311/aa030f30/attachment.html From dave at cirt.net Fri Mar 12 09:59:19 2010 From: dave at cirt.net (David Lodge) Date: Fri, 12 Mar 2010 09:59:19 -0000 Subject: [Nikto-discuss] Error reading HTTP response In-Reply-To: References: Message-ID: On Thu, 11 Mar 2010 20:17:05 -0000, Peter Wang wrote: > Hi, > > I upgraded Nikto to 2.1.1 and did a scan. Nikto returned a lot of ?error > reading HTTP response?. It didn?t have this error with previous Nikto > 2.03 > version. > > Do you know what?s the issue with Nikto 2.1.1? I added this in 2.1.0 - before it would silently ignore errors from the webserver. Now it reports them, this is the web server not returning an HTTP response. You normally get these from embedded devices, or if there's an IPS. Though it looks like some webservers return it for all CGI paths. I'm tempted to alter this to an optional error reporting (e.g. -D e to see errors). dave From csullo at gmail.com Fri Mar 12 13:51:30 2010 From: csullo at gmail.com (Sullo) Date: Fri, 12 Mar 2010 08:51:30 -0500 Subject: [Nikto-discuss] Error reading HTTP response In-Reply-To: References: Message-ID: On Fri, Mar 12, 2010 at 4:59 AM, David Lodge wrote: > I'm tempted to alter this to an optional error reporting (e.g. -D e to see > errors). I was thinking the same thing... we could also count them on a per target basis and put out a total when we report # of tests run and # of findings, e.g.: + 3826 items checked, 39 item(s) reported, 22 errors testing host instead of: + 3826 items checked: 39 item(s) reported on remote host That way it's always there in case someone wants to re-run, or the number is exceptionally high. -- http://www.cirt.net | http://www.osvdb.org/ From rkanouse at neca.org Fri Mar 12 20:22:18 2010 From: rkanouse at neca.org (Kanouse, Robert) Date: Fri, 12 Mar 2010 15:22:18 -0500 Subject: [Nikto-discuss] Error Message Message-ID: <834B26A9881C2F478F4EA9A37D316E2905C51477@exchprod.neca.pri> I am new to using Nikto and I am having trouble understanding this message: ***** SSL support not available (see docs for SSL install instructions) ***** How do I address this? Thanks. Bob Kanouse Privilege and Confidentiality Notice The information in this message is intended for the named recipients only. It may contain information that is privileged, confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this e-mail in error, do not print it or disseminate it or its contents. In such event, please notify the sender by return e-mail and delete the e-mail file immediately thereafter. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100312/5736e85b/attachment.html From dave at cirt.net Sat Mar 13 09:27:40 2010 From: dave at cirt.net (David Lodge) Date: Sat, 13 Mar 2010 09:27:40 -0000 Subject: [Nikto-discuss] Error Message In-Reply-To: <834B26A9881C2F478F4EA9A37D316E2905C51477@exchprod.neca.pri> References: <834B26A9881C2F478F4EA9A37D316E2905C51477@exchprod.neca.pri> Message-ID: On Fri, 12 Mar 2010 20:22:18 -0000, Kanouse, Robert wrote: > I am new to using Nikto and I am having trouble understanding this > message: > > ***** SSL support not available (see docs for SSL install instructions) > ***** This message comes from LibWhisker and basically refers to the fact that it cannot find an SSL library to use. On Linux/Unix, install Net::SSLeay and everything should work fine. On Windows its a bit more of a struggle and depends on what flavour of Perl you're running. If you're running it on Windows give me a shout and I'll have a look on my work PC and work out how I persuaded it to work. dave From deaf.c0t at gmail.com Sat Mar 13 10:46:24 2010 From: deaf.c0t at gmail.com (John Smith) Date: Sat, 13 Mar 2010 10:46:24 +0000 Subject: [Nikto-discuss] change @CGIDIRS Message-ID: <565ebf901003130246x5f61176eja984a8dad4e465ce@mail.gmail.com> Good day everyone! I'd like to know where and how can I change value of arrays @CGIDIRS, @MUTATEDIRS, @ADMINS, etc. I downloaded current version 2.1.1 and tried to add it to nikto.conf. Run: perl nikto.pl -Display V -Plugins cgi -host localhost -Cgidirs all Looked at apache's log - nothing. Created config.txt (Is it used in 2.1 branch?) with that variables, nothing changed Does it work for 1.x branch only? What should I do or where is my mistake? -- Faithfully yours, John. From dave at cirt.net Sat Mar 13 11:02:03 2010 From: dave at cirt.net (David Lodge) Date: Sat, 13 Mar 2010 11:02:03 -0000 Subject: [Nikto-discuss] change @CGIDIRS In-Reply-To: <565ebf901003130246x5f61176eja984a8dad4e465ce@mail.gmail.com> References: <565ebf901003130246x5f61176eja984a8dad4e465ce@mail.gmail.com> Message-ID: On Sat, 13 Mar 2010 10:46:24 -0000, John Smith wrote: > I'd like to know where and how can I change value of arrays @CGIDIRS, > @MUTATEDIRS, @ADMINS, etc. > > I downloaded current version 2.1.1 and tried to add it to nikto.conf. They're in plugins/db_variables. Sometimes it's confusing what's where, but generally stuff that changes how Nikto runs (e.g. plugins directory, plugin macros, whether to send back strange results etc.) is in nikto.conf; anything that affects a scan (e.g. password directories, CGI directories etc) is in plugins/db_variables. The line is: @CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/ > Run: > perl nikto.pl -Display V -Plugins cgi -host localhost -Cgidirs all You're using the new "Plugins" option, please note that the above line will *only* run the cgi plugin and nothing else (which just checks the web server to see whether the CGI directory exists). I keep meaning to write up how the Plugins option works and put it on cirt.net; but I'm lazy! But Plugins is in a development stage at the moment and the version in trunk may change before the next release. > Created config.txt (Is it used in 2.1 branch?) with that variables, > nothing changed config.txt is pre-2.1.0 - I replaced it with nikto.conf to better match how other applications work. From jaslinamuhammedkk at gmail.com Wed Mar 17 05:44:24 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Wed, 17 Mar 2010 11:14:24 +0530 Subject: [Nikto-discuss] report generation Message-ID: I want to make some changes in the Nikto report....But I couldn't understand where the code for the report generation is present...Which file is generating the report? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100317/fe23a26f/attachment.html From jaslinamuhammedkk at gmail.com Wed Mar 17 06:39:14 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Wed, 17 Mar 2010 12:09:14 +0530 Subject: [Nikto-discuss] webserver identification Message-ID: How nikto identifies the webserver? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100317/a3bd3501/attachment.html From dave at cirt.net Wed Mar 17 07:43:40 2010 From: dave at cirt.net (David Lodge) Date: Wed, 17 Mar 2010 07:43:40 -0000 Subject: [Nikto-discuss] report generation In-Reply-To: References: Message-ID: On Wed, 17 Mar 2010 05:44:24 -0000, jaslina kk wrote: > I want to make some changes in the Nikto report....But I couldn't > understand > where the code for the report generation is present...Which file is > generating the report? The reports are generated by the plugins/nikto_reports*.plugin plugins. Though if you want to edit the HTML/XML reports, you can edit the templates directly in templates/* Thanks dave From dave at cirt.net Wed Mar 17 07:44:23 2010 From: dave at cirt.net (David Lodge) Date: Wed, 17 Mar 2010 07:44:23 -0000 Subject: [Nikto-discuss] webserver identification In-Reply-To: References: Message-ID: On Wed, 17 Mar 2010 06:39:14 -0000, jaslina kk wrote: > How nikto identifies the webserver? This is simply by pulling the HTTP banner that the server returns on each request. From FBreedijk at schubergphilis.com Wed Mar 17 13:41:43 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 17 Mar 2010 14:41:43 +0100 Subject: [Nikto-discuss] Integrate Nikto with Nessus 4 command line In-Reply-To: <478A13719799AF40B1BADDC32F8ABB5802925B5539@FALCON.omni.imsweb.com> References: <478A13719799AF40B1BADDC32F8ABB5802925B5539@FALCON.omni.imsweb.com> Message-ID: Tread was moved to the Seccubus mailing list. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > -----Original Message----- > From: Stormont, Stephen (IMS) [mailto:StormontS at imsweb.com] > Sent: 11 March 2010 04:38 > To: Frank Breedijk; 'csullo at gmail.com' > Cc: 'nikto-discuss at attrition.org' > Subject: RE: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > Nessus 4 has done away with the separate Nessus Client and I can't find > the respective location in the new version. Doesn't a .nessusrc file > have to already exist in order for Seccubus to work? > > ________________________________________ > From: Frank Breedijk [FBreedijk at schubergphilis.com] > Sent: Wednesday, March 10, 2010 7:47 PM > To: 'csullo at gmail.com'; Stormont, Stephen (IMS) > Cc: 'nikto-discuss at attrition.org' > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > Stephen, > > You can create the configuration file in the GUI and then save the file > as a .nessusrc file. > > Frank > ..-. .-. .- -. -.- > Typed with my thumbs on a tiny keyboard > Frank Breedijk CISSP - Schuberg Philis > > ----- Original Message ----- > From: nikto-discuss-bounces at attrition.org bounces at attrition.org> > To: Stormont, Stephen (IMS) > Cc: nikto-discuss at attrition.org > Sent: Wed Mar 10 21:28:37 2010 > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command line > > Hmm... I think you might have better luck asking on one of the Nessus > lists rather than here, unless someone else on the list knows... > > On Wed, Mar 10, 2010 at 3:25 PM, Stormont, Stephen (IMS) > wrote: > > Yes, but that says "To change this under NessusClient3 for > example, edit the policy and click on the 'Advanced' tab. In the drop > down menu, select "Nikto (NASL wrapper)" and change "Enable Nikto" from > 'no' to 'yes'." and we don't use the GUI. > > > > -----Original Message----- > > From: Sullo [mailto:csullo at gmail.com] > > Sent: Wednesday, March 10, 2010 3:23 PM > > To: Stormont, Stephen (IMS) > > Cc: nikto-discuss at attrition.org > > Subject: Re: [Nikto-discuss] Integrate Nikto with Nessus 4 command > line > > > > On Wed, Mar 10, 2010 at 3:18 PM, Stormont, Stephen (IMS) > > wrote: > >> I have Nessus 4 installed on Fedora 12 and I have Nikto > installed. > >> All of our nessus scans are done from the command line, and I'm > trying to > >> figure out which files I need to edit (and what I need to put in > them) to > >> get Nikto up and running since we don't use the Nessus GUI for > scans. > > > > did you check this out? > > http://blog.tenablesecurity.com/2008/09/using-nessus-to.html > > > > Information in this e-mail may be confidential. It is intended only > for the addressee(s) identified above. If you are not the addressee(s), > or an employee or agent of the addressee(s), please note that any > dissemination, distribution, or copying of this communication is > strictly prohibited. If you have received this e-mail in error, please > notify the sender of the error. > > > > > > -- > > http://www.cirt.net | http://www.osvdb.org/ > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > Information in this e-mail may be confidential. It is intended only for > the addressee(s) identified above. If you are not the addressee(s), or > an employee or agent of the addressee(s), please note that any > dissemination, distribution, or copying of this communication is > strictly prohibited. If you have received this e-mail in error, please > notify the sender of the error. From jaslinamuhammedkk at gmail.com Thu Mar 18 14:44:44 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Thu, 18 Mar 2010 20:14:44 +0530 Subject: [Nikto-discuss] report Message-ID: Which part of Nikto code generates this... Portions of the server's ident string (Apache/2.2.3 Perl/v5.8.8) are not in the Nikto database or is newer than the known string. Would you like to submit this information (*no server specific data*) to CIRT.net for a Nikto update (or you may email to sullo at cirt.net) (y/n)? y -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100318/3fe9e0e8/attachment.html From jaslinamuhammedkk at gmail.com Thu Mar 18 14:58:32 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Thu, 18 Mar 2010 20:28:32 +0530 Subject: [Nikto-discuss] nikto Message-ID: I am a beginner in the network field...Can anyone briefly explain the data flow in the nikto code..I need a clear cut idea about how the code works..which part of the code executes first etc.. -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100318/e0fc6b64/attachment.html From jaslinamuhammedkk at gmail.com Thu Mar 18 14:59:36 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Thu, 18 Mar 2010 20:29:36 +0530 Subject: [Nikto-discuss] nikto Message-ID: In which part of the code nikto accepts the IP address given through the commandline? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100318/055937e3/attachment.html From jaslinamuhammedkk at gmail.com Thu Mar 18 15:03:21 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Thu, 18 Mar 2010 20:33:21 +0530 Subject: [Nikto-discuss] my project Message-ID: What I need to do is, Make Nikto a LAN vulnerability scanner and it should also alert the network admin. So I need to know how nikto identifies that given IP address is a web server?How can I make nikto to scan a group of fixed IP addresses in the LAN? As I am a beginner, I need help... -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100318/6c4037f2/attachment.html From csullo at gmail.com Thu Mar 18 16:01:06 2010 From: csullo at gmail.com (Sullo) Date: Thu, 18 Mar 2010 12:01:06 -0400 Subject: [Nikto-discuss] my project In-Reply-To: References: Message-ID: On Thu, Mar 18, 2010 at 11:03 AM, jaslina kk wrote: > What I need to do is, > > Make Nikto a LAN vulnerability scanner and it should also alert the > network admin. You would probably need to create a report plugin to do that... others have asked about this, so if you write it please see if you can share the code with the community! > So I need to know how nikto identifies that given IP address > is a web server? it attempts an http GET request on the port, and if that fails, tries to connect with SSL and issues a new GET request. If one succeeds then it is tested, if both fail then it is assumed not to be a web server. > How can I make nikto to scan a group of fixed IP addresses > in the LAN? please see the documentation on how to use nmap in conjunction with nikto: http://cirt.net/nikto2-docs/usage.html#id254985 -Sullo -- http://www.cirt.net | http://www.osvdb.org/ From csullo at gmail.com Thu Mar 18 16:01:55 2010 From: csullo at gmail.com (Sullo) Date: Thu, 18 Mar 2010 12:01:55 -0400 Subject: [Nikto-discuss] nikto In-Reply-To: References: Message-ID: On Thu, Mar 18, 2010 at 10:59 AM, jaslina kk wrote: > In which part of the code nikto accepts the IP address given through the > commandline? sub set_targets() in nitko_core.plugin parses what is sent via the command line. -- http://www.cirt.net | http://www.osvdb.org/ From csullo at gmail.com Thu Mar 18 16:02:23 2010 From: csullo at gmail.com (Sullo) Date: Thu, 18 Mar 2010 12:02:23 -0400 Subject: [Nikto-discuss] nikto In-Reply-To: References: Message-ID: On Thu, Mar 18, 2010 at 10:58 AM, jaslina kk wrote: > I am a beginner in the network field...Can anyone briefly explain the data > flow in the nikto code..I need a clear cut idea about how the code > works..which part of the code executes first etc.. Your best bet is really just to look through nikto.pl to get a high level of how it works, and you can see how targets are acquired and then tested. The rest of the code is in the plugins/*.plugin files and can be traced via the various function and plugin interface calls. Regards, Sullo -- http://www.cirt.net | http://www.osvdb.org/ From FBreedijk at schubergphilis.com Thu Mar 18 16:26:01 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Thu, 18 Mar 2010 17:26:01 +0100 Subject: [Nikto-discuss] my project In-Reply-To: References: Message-ID: Jaslina, Your project and my project Seccubus are pretty much aligned. Have a look at seccubus.com and contact me off the list if you need to know more. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com > -----Original Message----- > From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss- > bounces at attrition.org] On Behalf Of Sullo > Sent: 18 March 2010 17:01 > To: jaslina kk > Cc: nikto-discuss at attrition.org > Subject: Re: [Nikto-discuss] my project > > On Thu, Mar 18, 2010 at 11:03 AM, jaslina kk > wrote: > > What I need to do is, > > > > Make Nikto a LAN vulnerability scanner and it should also > alert the > > network admin. > > You would probably need to create a report plugin to do that... others > have asked about this, so if you write it please see if you can share > the code with the community! > > > So I need to know how nikto identifies that given IP address > > is a web server? > > it attempts an http GET request on the port, and if that fails, tries > to connect with SSL and issues a new GET request. If one succeeds then > it is tested, if both fail then it is assumed not to be a web server. > > > How can I make nikto to scan a group of fixed IP addresses > > in the LAN? > > please see the documentation on how to use nmap in conjunction with > nikto: > http://cirt.net/nikto2-docs/usage.html#id254985 > > -Sullo > > -- > > http://www.cirt.net | http://www.osvdb.org/ > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss From deaf.c0t at gmail.com Thu Mar 18 18:08:05 2010 From: deaf.c0t at gmail.com (John Smith) Date: Thu, 18 Mar 2010 18:08:05 +0000 Subject: [Nikto-discuss] Fwd: change @CGIDIRS In-Reply-To: <565ebf901003140007h68e309c0s2fd5ed81e05755ac@mail.gmail.com> References: <565ebf901003130246x5f61176eja984a8dad4e465ce@mail.gmail.com> <565ebf901003130432r2a30794fl4a468bbd20fc13f5@mail.gmail.com> <565ebf901003140007h68e309c0s2fd5ed81e05755ac@mail.gmail.com> Message-ID: <565ebf901003181108u715db4d5pbc360d2e4cdabfaf@mail.gmail.com> I'll continue ask my questions, if you don't contradict :) 2010/3/13 David Lodge : > What you can do though is to create a file called plugins/udb_variables and > put your enhanced @CGIDIRS in there. This is a user database and will > override any variables in db_variables. > > It looks like I'll need to update the docs on this. Yes, it works. But my @CGIDIRS doesn't override default values. My value is added! So, I have to write in udb_variables : @CGIDIRS=/mycgi/ .. I had to use SPACE or I got something like that: ... /cgi-perl//mycgi-bin/ Do another variables(@USERS etc) work as above? And the most important thing. My local apache has /cgi-bin/ directory, but Nikto didn't report me about it. I added this line: @HTTPFOUND=200 301 302 401 403 ?500 to udb_variables. And run: perl nikto.pl -Display 124V -Cgidirs all -mutate 1 -Tuning 0123b -Format htm -o webapp- webapp-localhost localhost.htm -host localhost but when I use browser I get: Access forbidden! ?You don't have permission to access the requested directory. There is either no index document or the directory is read-protected. ?If you think this is a server error, please contact the webmaster. Error 403 Does Nikto inform me about it? > > We could need some help with documentation - neither Sullo or I have had a > chance to do a proper review of it for readability purposes, so if you do > notice anything that sounds strange or is plain wrong then please highlight > it. > Okay, I'll try. Another question. When I started scan local web server with options: perl nikto.pl -Display 12 ?-host localhost -Cgidirs all -mutate 123 Nikto ate all RAM. Some system information: Suse Linux x64, 2GB RAM, AMD Athlon(tm) 64 X2 Dual Core > free ? ? ? ? ? ? ? ? ? ?total ? ? ? used ? ? ? free ? ? shared ? ?buffers ? ? cached Mem: ? ? ? 1923368 ? ?1908528 ? ? ?14840 ? ? ? ? ?0 ? ? ? 3276 ? ? 670412 -/+ buffers/cache: ? ?1234840 ? ? 688528 Swap: ? ? ?8393912 ? ?2674392 ? ?5719520 > perl -v This is perl, v5.10.0 built for x86_64-linux-thread-multi Copyright 1987-2007, Larry Wall top showed ~70% using system's memory. Thanks! From jaslinamuhammedkk at gmail.com Fri Mar 19 04:00:18 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Fri, 19 Mar 2010 09:30:18 +0530 Subject: [Nikto-discuss] (no subject) Message-ID: Thank you.. -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100319/5a7176b6/attachment.html From jaslinamuhammedkk at gmail.com Fri Mar 19 04:02:07 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Fri, 19 Mar 2010 09:32:07 +0530 Subject: [Nikto-discuss] server Message-ID: I want to change the server identification part..and want to change it to a normal system scanner..So which part do i need to look? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100319/5562d362/attachment.html From jaslinamuhammedkk at gmail.com Fri Mar 19 04:45:51 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Fri, 19 Mar 2010 10:15:51 +0530 Subject: [Nikto-discuss] target and parse_hostfile Message-ID: Can anyone tell me, what is done by set_target and parse_hostfile? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100319/bb77f98d/attachment.html From dave at cirt.net Fri Mar 19 08:16:05 2010 From: dave at cirt.net (David Lodge) Date: Fri, 19 Mar 2010 08:16:05 -0000 Subject: [Nikto-discuss] server In-Reply-To: References: Message-ID: On Fri, 19 Mar 2010 04:02:07 -0000, jaslina kk wrote: > I want to change the server identification part..and want to change it > to a > normal system scanner..So which part do i need to look? The web server banner is grabbed in the get_banner function. > Can anyone tell me, what is done by set_target and parse_hostfile? set_target parses whatever is passed to it by the -hosts option and turns it into a list of targets (in the %MARKS hash). The %MARK hash is documented in the documentation. parse_hostfile does what it says on the tin if a hostfile is passed or an nmap file is sent through stdin, it'll parse it and return an array of hosts. dave From jaslinamuhammedkk at gmail.com Fri Mar 19 17:26:45 2010 From: jaslinamuhammedkk at gmail.com (jaslina kk) Date: Fri, 19 Mar 2010 22:56:45 +0530 Subject: [Nikto-discuss] -e host Message-ID: what is -e host? -- Regards Jaslina K K -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20100319/3e4a7b65/attachment.html From csullo at gmail.com Fri Mar 19 17:33:18 2010 From: csullo at gmail.com (Sullo) Date: Fri, 19 Mar 2010 13:33:18 -0400 Subject: [Nikto-discuss] -e host In-Reply-To: References: Message-ID: On Fri, Mar 19, 2010 at 1:26 PM, jaslina kk wrote: > > what is -e host? -e is for evasion techniques. once again, please see the documentation here--it's fairly extensive. http://cirt.net/nikto2-docs/ -- http://www.cirt.net | http://www.osvdb.org/ From erik at edgeos.com Sat Mar 27 00:30:43 2010 From: erik at edgeos.com (Erik Stephens) Date: Fri, 26 Mar 2010 17:30:43 -0700 Subject: [Nikto-discuss] Encoding in xml output Message-ID: <20100326173043.1c375a64@workstation> Seeing some upper ascii characters in the xml output. I think it is up to nikto to specify the encoding in its output. Instead of this: Should it be something like this? Assuming I'm correct and a patch will get in eventually, what should we assume the encoding is? ISO-8859-1 or UTF-8? In the output I've seen, it looks like ISO-8859-1. Looks like we can edit templates/xml_start.tmpl and hard-code the encoding there until it gets patched. Is that a decent workaround? Hopefully it's a simple patch. I'd offer up one but I don't know enough about the nikto source and perl in general. I'm a python guy, which means I can't touch perl code - I might see something I like ;) Thx, Erik From resident.deity at gmail.com Mon Mar 29 12:36:11 2010 From: resident.deity at gmail.com (david lodge) Date: Mon, 29 Mar 2010 13:36:11 +0100 Subject: [Nikto-discuss] Encoding in xml output In-Reply-To: <20100326173043.1c375a64@workstation> References: <20100326173043.1c375a64@workstation> Message-ID: > Seeing some upper ascii characters in the xml output. ?I think it is > up to nikto to specify the encoding in its output. ?Instead of this: > > ? > > Should it be something like this? > > ? Damnit I had to research to find this: http://www.w3.org/TR/2008/REC-xml-20081126/#sec-well-formed The format is: [23] XMLDecl ::= '' So encoding is optional; which mean the XML is valid; but point taken - we should really include an explicit encoding specification. I'm interested in which malformed bits you found though - we should be trapping anything that can have strange characters within CDATA tags, anything else that gets through is a bug. Some redacted samples would be useful (or a copy and paste of the bad bit). > Assuming I'm correct and a patch will get in eventually, what should > we assume the encoding is? ?ISO-8859-1 or UTF-8? ?In the output I've > seen, it looks like ISO-8859-1. ?Looks like we can edit > templates/xml_start.tmpl and hard-code the encoding there until it > gets patched. ?Is that a decent workaround? IIRC, perl 5.6+, like python, uses UTF-8 internally. This is a pretty moot point at the moment as the databases and messages only use ASCII codes from <127. I'd go with UTF-8 to be safe :-) We can just fix this by altering templates/xml_start.tmpl, line 1 to be: I'll add it to my list of things to do. dave From erik at edgeos.com Tue Mar 30 19:44:36 2010 From: erik at edgeos.com (Erik Stephens) Date: Tue, 30 Mar 2010 15:44:36 -0400 Subject: [Nikto-discuss] Encoding in xml output In-Reply-To: References: <20100326173043.1c375a64@workstation> Message-ID: <4BB254A4.5040205@edgeos.com> On 3/29/10 8:36 AM, david lodge wrote: > I'm interested in which malformed bits you found though - we should be > trapping anything that can have strange characters within CDATA tags, > anything else that gets through is a bug. Some redacted samples would > be useful (or a copy and paste of the bad bit). One bad byte I found was 0xca, as in: """ I n c . ca C o n t e n t S e r v e r """ Looks like 0xca is an E with circumflex in iso-8859-1 and the start of a two-byte character in utf-8. Doesn't look like valid utf-8. I'm using this as a reference: http://en.wikipedia.org/wiki/Utf-8#Description > IIRC, perl 5.6+, like python, uses UTF-8 internally. This is a pretty > moot point at the moment as the databases and messages only use ASCII > codes from<127. I'd go with UTF-8 to be safe :-) I'm seeing this byte in plugins/db_tests (the ContentServer on), so maybe it was just a typo and simpler to edit that file? -Erik From dave at cirt.net Tue Mar 30 21:04:01 2010 From: dave at cirt.net (David Lodge) Date: Tue, 30 Mar 2010 23:04:01 +0200 Subject: [Nikto-discuss] Encoding in xml output In-Reply-To: <4BB254A4.5040205@edgeos.com> References: <20100326173043.1c375a64@workstation> <4BB254A4.5040205@edgeos.com> Message-ID: On Tue, 30 Mar 2010 21:44:36 +0200, Erik Stephens wrote: > On 3/29/10 8:36 AM, david lodge wrote: >> I'm interested in which malformed bits you found though - we should be >> trapping anything that can have strange characters within CDATA tags, >> anything else that gets through is a bug. Some redacted samples would >> be useful (or a copy and paste of the bad bit). > > One bad byte I found was 0xca, as in: > """ > I n c . ca C o n t e n t S e r v e r > """ > > Looks like 0xca is an E with circumflex in iso-8859-1 and the start of a > two-byte character in utf-8. Doesn't look like valid utf-8. I'm using > this as a reference: That's not actually as bad as it looks - that bytes in the message, which we can easily fix. What I guess has happened as db_tests has been edited on various platforms (Solaris<->Linux<->Windows<->Mac OS X) somewhere a conversion has happened from UTF-8 to iso-8859-1. The message is "Open Market Inc.?ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. CA-2000-02."; which would logically place a copyright symbol before ContentServer, which is 0xc2 0xa9 in UTF-8. Having checked, it was first imported like this when Nikto went into Assembla, so, it may have been like this since Nikto 1.0! I'll fix this. >> IIRC, perl 5.6+, like python, uses UTF-8 internally. This is a pretty >> moot point at the moment as the databases and messages only use ASCII >> codes from<127. I'd go with UTF-8 to be safe :-) > I'm seeing this byte in plugins/db_tests (the ContentServer on), so > maybe it was just a typo and simpler to edit that file? There's always one thing to prove me wrong :-) Seriously though this is probably something we should take note of in future, if it's in the data or match field the encoding could become important, and restricting Nikto to iso-8859-1 may remove any vulnerabilities in non-latin character sets. I need to think this one through. Thanks for reporting it dave From FBreedijk at schubergphilis.com Wed Mar 31 11:13:26 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 31 Mar 2010 13:13:26 +0200 Subject: [Nikto-discuss] Documentation update (Nikto + Nessus) Message-ID: http://cirt.net/nikto2-docs/usage.html states: Nessus (http://www.nessus.org/nessus/) can be configured to automatically launch Nikto when it finds a web server. Ensure Nikto works properly, then place the directory containing nikto.pl in root's PATH environment variable. When nessusd starts, it should see the nikto.pl program and enable usage through the GUI. However Tennable's article (http://blog.tenablesecurity.com/2008/09/using-nessus-to.html) states that: Nikto.pl should be in the path Nikto.nasl should be present You should run nessusd -R And restart nessusd Frank Breedijk, CISSP Mission Critical Engineer, Security Schuberg Philis phone: +31 20 750 65 00 direct: +31 20 750 65 38 mobile: +31 6 438 22 637 email: fbreedijk at schubergphilis.com www.schubergphilis.com? Star Parc Boeing Ave 271 1119 PD Schiphol-Rijk THE NETHERLANDS From FBreedijk at schubergphilis.com Wed Mar 31 11:22:48 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 31 Mar 2010 13:22:48 +0200 Subject: [Nikto-discuss] Documentation updates Message-ID: http://cirt.net/nikto2-docs/options.html -host Host(s) to target. Can be an IP address, hostname or text file of hosts. A single dash (-) maybe used for stdout. Can also parse nmap -oG style output Should read: -host Host(s) to target. Can be an IP address, hostname or text file of hosts. A single dash (-) maybe used for stdin. Can also parse nmap -oG style output -Tuning This chapter does not provide the default if this option is not given Frank From FBreedijk at schubergphilis.com Wed Mar 31 12:13:43 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 31 Mar 2010 14:13:43 +0200 Subject: [Nikto-discuss] Bug report - Plugin 001554 Message-ID: Plugin 001554 reprots that /administrator/ exists on https://secure.sectionzero.org/ but it doesn't. ------------------------------------------ agent ~ # openssl s_client -connect secure.sectionzero.org:443 CONNECTED(00000003) depth=0 /CN=secure.sectionzero.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=secure.sectionzero.org verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=secure.sectionzero.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=secure.sectionzero.org i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFxDCCA6ygAwIBAgICcjkwDQYJKoZIhvcNAQEFBQAwVDEUMBIGA1UEChMLQ0Fj ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UE AxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wOTAyMTYwNTA1MjVaFw0xMTAyMTYw NTA1MjVaMCExHzAdBgNVBAMTFnNlY3VyZS5zZWN0aW9uemVyby5vcmcwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrQdGpgByr2JqIjYa1hjIlLHKf9Ir5 RjikbA3cQ89lAoixbeA65WQ9V12/lurIKYviTyXoJVQtOd9SyOfRaby2Wz8itcCd AfNRAF44y9WBDAL/fY0n3kQbMhOtXMC4f8i5fp5ewfhtMuNNNYMwvcsOGwQA25Gv z22OHUaWL5Pgl0ach3h3ufy5TcQGZR1UQXoON/XdwuiGd4Qj1EQfjCJw8CDcBGq6 2BYV6KId7UJ1YdVaRtG8knt5VnDW6yW3TBOIrCI4643dOo+vYgxygNkS0NSIo4pR vvELMttsPsVDkfVaJvZWmFbKCRx53Ejfj4ebc0z8v4mN2StIO3Efr5NQP/T9KkDE 1K01agr7Kesy/OrhKvuNoX9Z0HpKrx0KtTJJdvQzXBNmaUHJH9tPvFS20SA2nDFS tervLVUIKA6kpGmBS3HTL4Khlj3gULhj8TOy4S5VBhmXWnlwsCD1520A5Ecv3yfK QdFFvWYTqPdMR7sDprc+b/GzwuRq6w68b9zlGzborRghYG1hGhVUKTxJz4spnLFq QmC1iws4M2bg/HQ8jPxkN4nRaOvO8gSXIXDBNut3yznVWqhabQHVYrY5oAlCX18D moZAzrScYXgEtOIQnXCWgQPl+/H3FaP6aFdCoPN4DC/7vywB6+5T7eOAMe1rKZA0 13uxELDlal1pBwIDAQABo4HSMIHPMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYI KwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0P BAQDAgWgMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au Y2FjZXJ0Lm9yZy8wRwYDVR0RBEAwPoIWc2VjdXJlLnNlY3Rpb256ZXJvLm9yZ6Ak BggrBgEFBQcIBaAYDBZzZWN1cmUuc2VjdGlvbnplcm8ub3JnMA0GCSqGSIb3DQEB BQUAA4ICAQCqd6/9AqAWxGowDZwvMH0PjVGJPyx/5H/CD2l0qTAYhYLdaBgxk5dD cFSjlrprPmuBjdxNvcKE4neh76Z6W/88ahWQEx6cH0lu9GuK52g9y48Lz4B/J7Ns humaPc8Rx4CUdE2tRUt1uuoRyS4gh6KGpvFBz/TUhp3T5y5fIZUtjYFZSfEH2G1F igg6k6xR3V14GcmyE0gYDdvZAOXFO3VsrL2snwrSyI96i04pwiTbBpqB5R3lCnOH zaUQ2VBKCd2q2cfu+bOPO6YUsIcrWgoz29c84Vt8k/nc98tDYENW4HAjlicsN2rg QDhw/ZyA0JIRyuMFioOQ9RLxpeO5RtNvgWwyaR1KP/VksjAvJRog9GVXUEJJeRGA 3+dBUuZJkbMp7YoHmp93HoRyt+8ET3J4DV12cA42zgczm8mEYJR+Bw5FbyAUjwfp /nYwo7lIdGYsq8BFUBU2M0JAZrKGJjgsQ79YVvigS85GbzfX5aTkdccAX4UmCaCu s+Ts+1BxdDKQSHJ7Cy5ilJqoB4+487JqLAfv82oY5/11brKy3yaN841xUFIi3v57 62U2N6Pwqc8bOQGutYyHu+gy9i+rICXhA4WVQmA+7rSdfh5uLc2YBoBZhC/HGT3u qKCfJ1TVPi5WfOebgrY6KLPQb3mFjFbEoNwtrQY8B//ftF+fqbFVIg== -----END CERTIFICATE----- subject=/CN=secure.sectionzero.org issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- No client certificate CA names sent --- SSL handshake has read 2428 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 7724BBAB6D9074BA2A7A792B51227F4865387A20825E3D58AA82B59B52880FE2 Session-ID-ctx: Master-Key: 6EF7DCEB4D201FE3A3A1E34C1F76B27B71D5B5FDCAA2113E91824C4E08C64842D9CC599BB1EC3CC5558838E02B4017BC Key-Arg : None Start Time: 1270037545 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- GET /administrator/ HTTP/1.0 HTTP/1.1 404 Not Found Date: Wed, 31 Mar 2010 12:12:31 GMT Server: Apache Content-Length: 284 Connection: close Content-Type: text/html; charset=iso-8859-1 404 Not Found

Not Found

The requested URL /administrator/ was not found on this server.


Apache Server at secure.sectionzero.org Port 80
Closed --------------------------------------- agent ~ # openssl s_client -connect secure.sectionzero.org:443 CONNECTED(00000003) depth=0 /CN=secure.sectionzero.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=secure.sectionzero.org verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=secure.sectionzero.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=secure.sectionzero.org i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- Server certificate -----BEGIN CERTIFICATE----- MIIFxDCCA6ygAwIBAgICcjkwDQYJKoZIhvcNAQEFBQAwVDEUMBIGA1UEChMLQ0Fj ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UE AxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wOTAyMTYwNTA1MjVaFw0xMTAyMTYw NTA1MjVaMCExHzAdBgNVBAMTFnNlY3VyZS5zZWN0aW9uemVyby5vcmcwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrQdGpgByr2JqIjYa1hjIlLHKf9Ir5 RjikbA3cQ89lAoixbeA65WQ9V12/lurIKYviTyXoJVQtOd9SyOfRaby2Wz8itcCd AfNRAF44y9WBDAL/fY0n3kQbMhOtXMC4f8i5fp5ewfhtMuNNNYMwvcsOGwQA25Gv z22OHUaWL5Pgl0ach3h3ufy5TcQGZR1UQXoON/XdwuiGd4Qj1EQfjCJw8CDcBGq6 2BYV6KId7UJ1YdVaRtG8knt5VnDW6yW3TBOIrCI4643dOo+vYgxygNkS0NSIo4pR vvELMttsPsVDkfVaJvZWmFbKCRx53Ejfj4ebc0z8v4mN2StIO3Efr5NQP/T9KkDE 1K01agr7Kesy/OrhKvuNoX9Z0HpKrx0KtTJJdvQzXBNmaUHJH9tPvFS20SA2nDFS tervLVUIKA6kpGmBS3HTL4Khlj3gULhj8TOy4S5VBhmXWnlwsCD1520A5Ecv3yfK QdFFvWYTqPdMR7sDprc+b/GzwuRq6w68b9zlGzborRghYG1hGhVUKTxJz4spnLFq QmC1iws4M2bg/HQ8jPxkN4nRaOvO8gSXIXDBNut3yznVWqhabQHVYrY5oAlCX18D moZAzrScYXgEtOIQnXCWgQPl+/H3FaP6aFdCoPN4DC/7vywB6+5T7eOAMe1rKZA0 13uxELDlal1pBwIDAQABo4HSMIHPMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYI KwYBBQUHAwIGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0P BAQDAgWgMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au Y2FjZXJ0Lm9yZy8wRwYDVR0RBEAwPoIWc2VjdXJlLnNlY3Rpb256ZXJvLm9yZ6Ak BggrBgEFBQcIBaAYDBZzZWN1cmUuc2VjdGlvbnplcm8ub3JnMA0GCSqGSIb3DQEB BQUAA4ICAQCqd6/9AqAWxGowDZwvMH0PjVGJPyx/5H/CD2l0qTAYhYLdaBgxk5dD cFSjlrprPmuBjdxNvcKE4neh76Z6W/88ahWQEx6cH0lu9GuK52g9y48Lz4B/J7Ns humaPc8Rx4CUdE2tRUt1uuoRyS4gh6KGpvFBz/TUhp3T5y5fIZUtjYFZSfEH2G1F igg6k6xR3V14GcmyE0gYDdvZAOXFO3VsrL2snwrSyI96i04pwiTbBpqB5R3lCnOH zaUQ2VBKCd2q2cfu+bOPO6YUsIcrWgoz29c84Vt8k/nc98tDYENW4HAjlicsN2rg QDhw/ZyA0JIRyuMFioOQ9RLxpeO5RtNvgWwyaR1KP/VksjAvJRog9GVXUEJJeRGA 3+dBUuZJkbMp7YoHmp93HoRyt+8ET3J4DV12cA42zgczm8mEYJR+Bw5FbyAUjwfp /nYwo7lIdGYsq8BFUBU2M0JAZrKGJjgsQ79YVvigS85GbzfX5aTkdccAX4UmCaCu s+Ts+1BxdDKQSHJ7Cy5ilJqoB4+487JqLAfv82oY5/11brKy3yaN841xUFIi3v57 62U2N6Pwqc8bOQGutYyHu+gy9i+rICXhA4WVQmA+7rSdfh5uLc2YBoBZhC/HGT3u qKCfJ1TVPi5WfOebgrY6KLPQb3mFjFbEoNwtrQY8B//ftF+fqbFVIg== -----END CERTIFICATE----- subject=/CN=secure.sectionzero.org issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- No client certificate CA names sent --- SSL handshake has read 2428 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 97A8366B8065D830F7BC2116C2F8584D39402EACF0DF2789DFE0FDD1F4FA3166 Session-ID-ctx: Master-Key: 09F4B9493A31EA9960949253AB8AAF9EC0C4AE1A140C8EC5CF863F5E4797FAC525DFD95DE83F0875FD93F0EB872C676C Key-Arg : None Start Time: 1270037573 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- GET /administrator/ HTTP/1.1 Host: secure.sectionzero.org HTTP/1.1 404 Not Found Date: Wed, 31 Mar 2010 12:13:06 GMT Server: Apache Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 404 Not Found

Not Found

The requested URL /administrator/ was not found on this server.


Apache Server at secure.sectionzero.org Port 80
^C Frank Breedijk, CISSP Mission Critical Engineer, Security Schuberg Philis phone: +31 20 750 65 00 direct: +31 20 750 65 38 mobile: +31 6 438 22 637 email: fbreedijk at schubergphilis.com www.schubergphilis.com? Star Parc Boeing Ave 271 1119 PD Schiphol-Rijk THE NETHERLANDS From FBreedijk at schubergphilis.com Wed Mar 31 12:16:54 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 31 Mar 2010 14:16:54 +0200 Subject: [Nikto-discuss] Bug report - Plugin 001554 In-Reply-To: References: Message-ID: The false positive is also triggered by a redirect. agent ~ # telnet autonessus.com 80 Trying 79.141.36.205... Connected to autonessus.com. Escape character is '^]'. GET /administrator/ HTTP/1.1 Host: autonessus.com HTTP/1.1 301 Moved Permanently Date: Wed, 31 Mar 2010 12:16:05 GMT Server: Apache Location: http://seccubus.com/ Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 301 Moved Permanently

Moved Permanently

The document has moved here.


Apache Server at autonessus.com Port 80
^C^C Connection closed by foreign host. Frank Breedijk ..-. .-. .- -. -.- T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com From csullo at gmail.com Wed Mar 31 12:22:56 2010 From: csullo at gmail.com (Sullo) Date: Wed, 31 Mar 2010 08:22:56 -0400 Subject: [Nikto-discuss] Documentation updates In-Reply-To: References: Message-ID: Updated both in the source, tree, thanks! On Wed, Mar 31, 2010 at 7:22 AM, Frank Breedijk wrote: > http://cirt.net/nikto2-docs/options.html > > -host > > ? ?Host(s) to target. Can be an IP address, hostname or text file of hosts. A single dash (-) maybe used for stdout. Can also parse nmap -oG style output > > Should read: > > -host > > ? ?Host(s) to target. Can be an IP address, hostname or text file of hosts. A single dash (-) maybe used for stdin. Can also parse nmap -oG style output > > -Tuning > > This chapter does not provide the default if this option is not given > > > > Frank > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/ From csullo at gmail.com Wed Mar 31 12:27:42 2010 From: csullo at gmail.com (Sullo) Date: Wed, 31 Mar 2010 08:27:42 -0400 Subject: [Nikto-discuss] Documentation update (Nikto + Nessus) In-Reply-To: References: Message-ID: All the doc changes have been committed to the source tree, thanks for pointing them out. -Sullo On Wed, Mar 31, 2010 at 7:13 AM, Frank Breedijk wrote: > http://cirt.net/nikto2-docs/usage.html states: > > Nessus (http://www.nessus.org/nessus/) can be configured to automatically launch Nikto when it finds a web server. Ensure Nikto works properly, then place the directory containing nikto.pl in root's PATH environment variable. When nessusd starts, it should see the nikto.pl program and enable usage through the GUI. > > However Tennable's article (http://blog.tenablesecurity.com/2008/09/using-nessus-to.html) states that: > Nikto.pl should be in the path > Nikto.nasl should be present > You should run nessusd -R > And restart nessusd > > > Frank Breedijk, CISSP > Mission Critical Engineer, Security > Schuberg Philis > > phone: ? ?+31 20 750 65 00 > direct: ? +31 20 750 65 38 > mobile: ? +31 6 438 22 637 > email: ? ?fbreedijk at schubergphilis.com > > www.schubergphilis.com > > Star Parc > Boeing Ave 271 > 1119 PD Schiphol-Rijk > THE NETHERLANDS > > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/ From FBreedijk at schubergphilis.com Wed Mar 31 12:32:51 2010 From: FBreedijk at schubergphilis.com (Frank Breedijk) Date: Wed, 31 Mar 2010 14:32:51 +0200 Subject: [Nikto-discuss] False positives Message-ID: Encountered a few false positives Test 3120 Query /?pattern=/etc/*&sort=name will return OK even if the system is not vulnerable. Default apache install will return ok and disregard query parameters Maybe we should look if the returned value contains passwd and shadow Test 999972 from nikto_httpoptions.plugin Apache servers will handle the DEBUG normally like an GET or POST (haven't been able to found out which) so it's not vulnerable. seccubus at agent ~ $ telnet seccubus.com 80|head Trying 79.141.36.205... Connected to seccubus.com. Escape character is '^]'. DEBUG / HTTP/1.1 Host: seccubus.com HTTP/1.1 200 OK Date: Wed, 31 Mar 2010 12:28:33 GMT Server: Apache Set-Cookie: 652a57d4ecf6fbbfc14c76b1a9f31619=0541bf502c1a793e28db4cf6a0b9b8a5; path=/ P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Wed, 31 Mar 2010 12:28:37 GMT Frank From csullo at gmail.com Wed Mar 31 12:40:48 2010 From: csullo at gmail.com (Sullo) Date: Wed, 31 Mar 2010 08:40:48 -0400 Subject: [Nikto-discuss] False positives In-Reply-To: References: Message-ID: I added 'hosts' along with 'passwd' as both required matches. Not all *nix systems have /etc/passwd... On Wed, Mar 31, 2010 at 8:32 AM, Frank Breedijk wrote: > Encountered a few false positives > > Test 3120 > Query /?pattern=/etc/*&sort=name will return OK even if the system is not vulnerable. Default apache install will return ok and disregard query parameters > Maybe we should look if the returned value contains passwd and shadow > > Test 999972 from nikto_httpoptions.plugin > Apache servers will handle the DEBUG normally like an GET or POST (haven't been able to found out which) so it's not vulnerable. > seccubus at agent ~ $ telnet seccubus.com 80|head > Trying 79.141.36.205... > Connected to seccubus.com. > Escape character is '^]'. > DEBUG / HTTP/1.1 > Host: seccubus.com > > HTTP/1.1 200 OK > Date: Wed, 31 Mar 2010 12:28:33 GMT > Server: Apache > Set-Cookie: 652a57d4ecf6fbbfc14c76b1a9f31619=0541bf502c1a793e28db4cf6a0b9b8a5; path=/ > P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" > Expires: Mon, 1 Jan 2001 00:00:00 GMT > Last-Modified: Wed, 31 Mar 2010 12:28:37 GMT > > Frank > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/