[Nikto-discuss] Fwd: change @CGIDIRS
deaf.c0t at gmail.com
Thu Mar 18 18:08:05 UTC 2010
I'll continue ask my questions, if you don't contradict :)
2010/3/13 David Lodge <dave at cirt.net>:
> What you can do though is to create a file called plugins/udb_variables and
> put your enhanced @CGIDIRS in there. This is a user database and will
> override any variables in db_variables.
> It looks like I'll need to update the docs on this.
Yes, it works. But my @CGIDIRS doesn't override default values. My
value is added!
So, I have to write in udb_variables :
I had to use SPACE or I got something like that:
Do another variables(@USERS etc) work as above?
And the most important thing. My local apache has /cgi-bin/ directory,
but Nikto didn't report me about it. I added this line:
@HTTPFOUND=200 301 302 401 403 500
to udb_variables. And run:
perl nikto.pl -Display 124V -Cgidirs all -mutate 1 -Tuning 0123b
-Format htm -o webapp- webapp-localhost localhost.htm -host localhost
but when I use browser I get:
You don't have permission to access the requested directory. There is
either no index document or the directory is read-protected.
If you think this is a server error, please contact the webmaster.
Does Nikto inform me about it?
> We could need some help with documentation - neither Sullo or I have had a
> chance to do a proper review of it for readability purposes, so if you do
> notice anything that sounds strange or is plain wrong then please highlight
Okay, I'll try.
Another question. When I started scan local web server with options:
perl nikto.pl -Display 12 -host localhost -Cgidirs all -mutate 123
Nikto ate all RAM.
Some system information:
Suse Linux x64, 2GB RAM, AMD Athlon(tm) 64 X2 Dual Core
total used free shared buffers cached
Mem: 1923368 1908528 14840 0 3276 670412
-/+ buffers/cache: 1234840 688528
Swap: 8393912 2674392 5719520
> perl -v
This is perl, v5.10.0 built for x86_64-linux-thread-multi
Copyright 1987-2007, Larry Wall
top showed ~70% using system's memory.
More information about the Nikto-discuss