[Nikto-discuss] Suggestion about scanning selection.
aereal at gmail.com
Sat Oct 2 17:22:31 CDT 2010
In that case, the user will be able to match the ones that have an
associated OSVDB ID and the rest (1400 w/o IDs) will always get tested too
until they get their original OSVDB ID.
On Sat, Oct 2, 2010 at 8:47 AM, Sullo <csullo at gmail.com> wrote:
> This is a good suggestion in theory and would be trivial to implement *if*
> we had the data for when a vulnerability was originally published.
> For any vulnerability which has an associated OSVDB ID (which is many, but
> not all--a quick grep says ~1400 don't have IDs), we could get the data. But
> even then, generic entires such as /admin/ would not have an associated
> In any case, we could probably work around generic entries if we had the
> data. Anyone who wants to match up all those tests w/o OSVDB IDs is very
> welcome to!
> On Fri, Oct 1, 2010 at 5:30 PM, Matt ~ <aereal at gmail.com> wrote:
>> Hello Nikto community, I'm new at this mailist (don't know why I wasn't on
>> the mailist before since I always used nikto), so if my suggestion has been
>> already made or has been improved on an svn my apologies.
>> Sometimes I find myself scanning with nikto to websites I know there are
>> not going to be old vulnerabilities, so my suggestion is if it will be
>> possible to select a range of years where vulnerabilities where released.
>> ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities
>> reported between 2005 and 2010]
>> ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities
>> reported this year]
>> I don't know if I made my point, thanks for reading.
>> Matías Aereal Aeón
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
> http://www.cirt.net | http://www.osvdb.org/
Matías Aereal Aeón
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nikto-discuss