[Nikto-discuss] Nikto tuning : passwords

Subscriptions subs at qcontinuum.plus.com
Fri May 4 06:52:01 CDT 2012

I'm looking at the Nikto tuning options and I came across this mutate 

2. Guess for password file names. Takes a list of common password file 
names (such as "passwd", "pass", "password") and file extensions ("txt", 
"pwd", "bak", etc.) and builds a list of files to check for.

So presumably this searches for know password file names accessible for 
the web server. I tried running a scan with it on and it ran for a very 
long time (over 20mins). I had to kill it eventually. Is it supposed to 
take this long?

Is there also an option that can search for passwords embedded in config 

More information about the Nikto-discuss mailing list