[Nikto-discuss] OWASP favicon and nikto

Vlatko Kosturjak kost at linux.hr
Wed Jun 15 16:43:32 CDT 2011

On Fri, Jun 10, 2011 at 09:54:37AM -0400, dave at cirt.net wrote:
> If there's a problem with the licence, then we could always implement it 
> like we did the directories list from DirBuster - i.e. add support for 
> the file format to the plugin and allow the user to use it, but they need 
> to source the list themselves.

Again, let's talk about the license!

> Updating directly from OWASP instead of cirt.net also would mean that  
> we're dependent on an external site that isn't controlled by cirt.net.
> The above can be worked around, if necessary by an import script, but it 
> needs to be though about for a bit. (i.e. do we want our users to run two 
> scripts, or are we happy that OWASP won't change the URL of the database 
> etc.).

I guess, having cron script on Nikto update server side and sync(with additional checks) on some regular base sounds reasonable. Database is not big and you will be less dependant on external stuff and you don't have to update nikto if OWASP (for some reason) changes URL.  You only need to change sync script on the server.

I'm also attaching the script which I used for converting from OWASP database 
to Nikto db style if it will help. Don't ask me for the license, it's public
domain! ;)
Vlatko Kosturjak - KoSt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owaspfavicon2nikto.pl
Type: text/x-perl
Size: 271 bytes
Desc: not available
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20110615/08f7a8c9/attachment.bin>

More information about the Nikto-discuss mailing list