[Nikto-discuss] Nikto tuning : passwords
subs at qcontinuum.plus.com
Fri May 4 06:52:01 CDT 2012
I'm looking at the Nikto tuning options and I came across this mutate
2. Guess for password file names. Takes a list of common password file
names (such as "passwd", "pass", "password") and file extensions ("txt",
"pwd", "bak", etc.) and builds a list of files to check for.
So presumably this searches for know password file names accessible for
the web server. I tried running a scan with it on and it ran for a very
long time (over 20mins). I had to kill it eventually. Is it supposed to
take this long?
Is there also an option that can search for passwords embedded in config
More information about the Nikto-discuss