[Nikto-discuss] Suggestion about scanning selection.
csullo at gmail.com
Sat Oct 2 06:47:08 CDT 2010
This is a good suggestion in theory and would be trivial to implement *if*
we had the data for when a vulnerability was originally published.
For any vulnerability which has an associated OSVDB ID (which is many, but
not all--a quick grep says ~1400 don't have IDs), we could get the data. But
even then, generic entires such as /admin/ would not have an associated
In any case, we could probably work around generic entries if we had the
data. Anyone who wants to match up all those tests w/o OSVDB IDs is very
On Fri, Oct 1, 2010 at 5:30 PM, Matt ~ <aereal at gmail.com> wrote:
> Hello Nikto community, I'm new at this mailist (don't know why I wasn't on
> the mailist before since I always used nikto), so if my suggestion has been
> already made or has been improved on an svn my apologies.
> Sometimes I find myself scanning with nikto to websites I know there are
> not going to be old vulnerabilities, so my suggestion is if it will be
> possible to select a range of years where vulnerabilities where released.
> ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities
> reported between 2005 and 2010]
> ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities
> reported this year]
> I don't know if I made my point, thanks for reading.
> Matías Aereal Aeón
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
http://www.cirt.net | http://www.osvdb.org/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nikto-discuss