From deaf.c0t at gmail.com Sun Nov 14 08:59:04 2010 From: deaf.c0t at gmail.com (John Smith) Date: Sun, 14 Nov 2010 16:59:04 +0200 Subject: [Nikto-discuss] user defined tests only Message-ID: Good day everyone! I've read that we should use 400000 id for user defined tests (udb* files). I created file udb_tests with this line "0","400000","2","/vuln_index.php","GET","200","version","","","","Ye, vuln script!","","" Can I disable any standart base and scan vulnerabilities from my base only? From lists at yehg.net Tue Nov 16 02:17:04 2010 From: lists at yehg.net (YGN Ethical Hacker Group) Date: Tue, 16 Nov 2010 16:17:04 +0800 Subject: [Nikto-discuss] user defined tests only In-Reply-To: References: Message-ID: I think you can't. Nikto scans its own db first and then continues scanning yours. --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd On Sun, Nov 14, 2010 at 10:59 PM, John Smith wrote: > Good day everyone! > I've read that we should use 400000 id for user defined tests (udb* files). > I created file udb_tests with this line > "0","400000","2","/vuln_index.php","GET","200","version","","","","Ye, > vuln script!","","" > Can I disable any standart base and scan vulnerabilities from my base only? > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > From bperry.volatile at gmail.com Tue Nov 16 21:43:10 2010 From: bperry.volatile at gmail.com (Brandon Perry) Date: Tue, 16 Nov 2010 21:43:10 -0600 Subject: [Nikto-discuss] More quiet output (no questions after scan?) Message-ID: Hi, I am currently running nikto v2.1.1, installed from the Ubuntu repositories, automated with a bash script. Is there a way to keep it from asking to submit new information (if found) after a scan? I have found a work around by doing 'echo "y\r" | nikto -h 127.0.0.1 -o blah -Format html' and it does the trick. Awful dirty though... -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website From csullo at gmail.com Tue Nov 16 22:08:36 2010 From: csullo at gmail.com (Sullo) Date: Tue, 16 Nov 2010 23:08:36 -0500 Subject: [Nikto-discuss] More quiet output (no questions after scan?) In-Reply-To: References: Message-ID: Edit nikto.conf and change the UPDATES value. The default is YES... # Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should # send updates because it makes the data better for everyone ;) *NO* server specific information # such as IP or name is sent, just the relevant version information. # UPDATES=yes - ask before each submission if it should send # UPDATES=no - don't ask, don't send # UPDATES=auto - automatically attempt submission *without prompting* On Tue, Nov 16, 2010 at 10:43 PM, Brandon Perry wrote: > Hi, > > I am currently running nikto v2.1.1, installed from the Ubuntu > repositories, automated with a bash script. > > Is there a way to keep it from asking to submit new information (if > found) after a scan? I have found a work around by doing 'echo "y\r" | > nikto -h 127.0.0.1 -o blah -Format html' and it does the trick. Awful > dirty though... > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From bperry.volatile at gmail.com Tue Nov 16 22:21:16 2010 From: bperry.volatile at gmail.com (Brandon Perry) Date: Tue, 16 Nov 2010 22:21:16 -0600 Subject: [Nikto-discuss] More quiet output (no questions after scan?) In-Reply-To: References: Message-ID: Ah, thanks. On Tue, Nov 16, 2010 at 10:08 PM, Sullo wrote: > Edit nikto.conf and change the UPDATES value. The default is YES... > > # Nikto can submit updated version strings to CIRT.net. It won't do this w/o > permission. You should > # send updates because it makes the data better for everyone ;)? *NO* server > specific information > # such as IP or name is sent, just the relevant version information. > # UPDATES=yes?? - ask before each submission if it should send > # UPDATES=no??? - don't ask, don't send > # UPDATES=auto? - automatically attempt submission *without prompting* > > > On Tue, Nov 16, 2010 at 10:43 PM, Brandon Perry > wrote: >> >> Hi, >> >> I am currently running nikto v2.1.1, installed from the Ubuntu >> repositories, automated with a bash script. >> >> Is there a way to keep it from asking to submit new information (if >> found) after a scan? I have found a work around by doing 'echo "y\r" | >> nikto -h 127.0.0.1 -o blah -Format html' and it does the trick. Awful >> dirty though... >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss > > > > -- > > http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website From philippe.vialle at gmail.com Sun Nov 21 17:34:48 2010 From: philippe.vialle at gmail.com (Philippe VIALLE) Date: Mon, 22 Nov 2010 00:34:48 +0100 Subject: [Nikto-discuss] [Nikto] NIDS evasion mode... Message-ID: Hi all, just to say (and probably warn some of you about that) the "IDS evasion" mode triggers dozens of alerts for Proventia equipments. I tried several modes, and it is quite not discreet, as long as there is a team keeping an eye of the appliance's reports. HTH. Cheers, -- Philippe Vialle Computers security consultant -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sun Nov 21 18:51:37 2010 From: csullo at gmail.com (Sullo) Date: Sun, 21 Nov 2010 19:51:37 -0500 Subject: [Nikto-discuss] [Nikto] NIDS evasion mode... In-Reply-To: References: Message-ID: On Sun, Nov 21, 2010 at 6:34 PM, Philippe VIALLE wrote: > Hi all, > > just to say (and probably warn some of you about that) the "IDS evasion" > mode triggers dozens of alerts for Proventia equipments. I tried several > modes, and it is quite not discreet, as long as there is a team keeping an > eye of the appliance's reports. > They should probably be re-labeled as 'encoding techniques' rather than 'IDS evasion.' i'm not sure those methods have been missed by many IDS systems since RFP published them in whisker an eon ago! I'll open a ticket to relabel them, or at least add a disclaimer to the docs. thanks for pointing it out. -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From sullo at cirt.net Tue Nov 23 21:03:15 2010 From: sullo at cirt.net (Sullo) Date: Tue, 23 Nov 2010 22:03:15 -0500 Subject: [Nikto-discuss] HTTPS Everywhere rules - assembla.com / cirt.net Message-ID: Attached are HTTPS Everywhere (Firefox plugin) rules for assembla.com, where the Nikto2 SVN/Trac is hosted, as well as a quick one for cirt.net if you'd like. Note that the cirt.net certficate is generated by CACert.org, so you may not have their authority in your browser. More info on the plugin: https://www.eff.org/https-everywhere Installing the xml files: https://www.eff.org/https-everywhere/rulesets I have submitted the Assembla.xml file to the EFF for possible future inclusion, or availability at their repository at least. Regards Sullo -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cirt.xml Type: text/xml Size: 162 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Assembla.xml Type: text/xml Size: 414 bytes Desc: not available URL: