From jswbae at gmail.com Tue Dec 3 15:57:20 2013 From: jswbae at gmail.com (Jeremy Bae) Date: Wed, 4 Dec 2013 06:57:20 +0900 Subject: [Nikto-discuss] How to commit? Message-ID: Hello, If I want to commit, I have to be a commiter? My PR is pending about 2 weeks. https://github.com/sullo/nikto/pull/98 Yes, because I don't know much about the git, I made a small mistake (rebase upstream related). Sorry. Could you please merge my commit? especially, Zend framework check. https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Tue Dec 3 16:01:18 2013 From: csullo at gmail.com (Sullo) Date: Tue, 3 Dec 2013 17:01:18 -0500 Subject: [Nikto-discuss] How to commit? In-Reply-To: References: Message-ID: Funny you should ask as I was looking at this over the weekend a bit but haven't had time since, sorry. I'm pretty new to git as well, so since github's easy "automatically merge" couldn't be done I was stuck RTFM'ing about git and how to do this. Still learning! I think I sorted it out and will try to merge this this evening. Thanks for the pull req and kicking into action. Much appreciated. -Sullo On Tue, Dec 3, 2013 at 4:57 PM, Jeremy Bae wrote: > Hello, > > If I want to commit, I have to be a commiter? > > My PR is pending about 2 weeks. > > https://github.com/sullo/nikto/pull/98 > > Yes, because I don't know much about the git, > I made a small mistake (rebase upstream related). > Sorry. > > Could you please merge my commit? > especially, Zend framework check. > > https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a > > > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian.heinrich at cmlh.id.au Tue Dec 3 17:08:03 2013 From: christian.heinrich at cmlh.id.au (Christian Heinrich) Date: Wed, 4 Dec 2013 10:08:03 +1100 Subject: [Nikto-discuss] How to commit? In-Reply-To: References: Message-ID: Sullo, You may want to consider either http://nvie.com/posts/a-successful-git-branching-model/ or http://scottchacon.com/2011/08/31/github-flow.html. Also http://git-scm.com/book/en/distributed-git-contributing-to-a-project has some valuable advice too. On Wed, Dec 4, 2013 at 9:01 AM, Sullo wrote: > Funny you should ask as I was looking at this over the weekend a bit but > haven't had time since, sorry. > > I'm pretty new to git as well, so since github's easy "automatically merge" > couldn't be done I was stuck RTFM'ing about git and how to do this. Still > learning! I think I sorted it out and will try to merge this this evening. > > Thanks for the pull req and kicking into action. Much appreciated. > > -Sullo > > > On Tue, Dec 3, 2013 at 4:57 PM, Jeremy Bae wrote: >> >> Hello, >> >> If I want to commit, I have to be a commiter? >> >> My PR is pending about 2 weeks. >> >> https://github.com/sullo/nikto/pull/98 >> >> Yes, because I don't know much about the git, >> I made a small mistake (rebase upstream related). >> Sorry. >> >> Could you please merge my commit? >> especially, Zend framework check. >> >> https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a >> >> >> >> >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss >> > > > > -- > > http://www.cirt.net | http://richsec.com/ > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- Regards, Christian Heinrich http://cmlh.id.au/contact From aereal at gmail.com Wed Dec 4 07:40:21 2013 From: aereal at gmail.com (Matt ~) Date: Wed, 4 Dec 2013 11:40:21 -0200 Subject: [Nikto-discuss] How to commit? In-Reply-To: References: Message-ID: You don't need to be a committer. You can use the "pull request" option. https://help.github.com/articles/using-pull-requests On Tue, Dec 3, 2013 at 8:08 PM, Christian Heinrich < christian.heinrich at cmlh.id.au> wrote: > Sullo, > > You may want to consider either > http://nvie.com/posts/a-successful-git-branching-model/ or > http://scottchacon.com/2011/08/31/github-flow.html. > > Also http://git-scm.com/book/en/distributed-git-contributing-to-a-project > has some valuable advice too. > > On Wed, Dec 4, 2013 at 9:01 AM, Sullo wrote: > > Funny you should ask as I was looking at this over the weekend a bit but > > haven't had time since, sorry. > > > > I'm pretty new to git as well, so since github's easy "automatically > merge" > > couldn't be done I was stuck RTFM'ing about git and how to do this. Still > > learning! I think I sorted it out and will try to merge this this > evening. > > > > Thanks for the pull req and kicking into action. Much appreciated. > > > > -Sullo > > > > > > On Tue, Dec 3, 2013 at 4:57 PM, Jeremy Bae wrote: > >> > >> Hello, > >> > >> If I want to commit, I have to be a commiter? > >> > >> My PR is pending about 2 weeks. > >> > >> https://github.com/sullo/nikto/pull/98 > >> > >> Yes, because I don't know much about the git, > >> I made a small mistake (rebase upstream related). > >> Sorry. > >> > >> Could you please merge my commit? > >> especially, Zend framework check. > >> > >> > https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a > >> > >> > >> > >> > >> _______________________________________________ > >> Nikto-discuss mailing list > >> Nikto-discuss at attrition.org > >> https://attrition.org/mailman/listinfo/nikto-discuss > >> > > > > > > > > -- > > > > http://www.cirt.net | http://richsec.com/ > > > > _______________________________________________ > > Nikto-discuss mailing list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > > > -- > Regards, > Christian Heinrich > > http://cmlh.id.au/contact > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- Atte: Mat?as Aereal Ae?n -------------- next part -------------- An HTML attachment was scrubbed... URL: From christian.heinrich at cmlh.id.au Wed Dec 4 18:50:05 2013 From: christian.heinrich at cmlh.id.au (Christian Heinrich) Date: Thu, 5 Dec 2013 11:50:05 +1100 Subject: [Nikto-discuss] How to commit? In-Reply-To: References: Message-ID: Matt, Pull Request aren't specific to GitHub, rather they are a feature of git too i.e. "git request-pull origin/master fork" On Thu, Dec 5, 2013 at 12:40 AM, Matt ~ wrote: > You don't need to be a committer. You can use the "pull request" option. > > https://help.github.com/articles/using-pull-requests > > > On Tue, Dec 3, 2013 at 8:08 PM, Christian Heinrich > wrote: >> >> Sullo, >> >> You may want to consider either >> http://nvie.com/posts/a-successful-git-branching-model/ or >> http://scottchacon.com/2011/08/31/github-flow.html. >> >> Also http://git-scm.com/book/en/distributed-git-contributing-to-a-project >> has some valuable advice too. >> >> On Wed, Dec 4, 2013 at 9:01 AM, Sullo wrote: >> > Funny you should ask as I was looking at this over the weekend a bit but >> > haven't had time since, sorry. >> > >> > I'm pretty new to git as well, so since github's easy "automatically >> > merge" >> > couldn't be done I was stuck RTFM'ing about git and how to do this. >> > Still >> > learning! I think I sorted it out and will try to merge this this >> > evening. >> > >> > Thanks for the pull req and kicking into action. Much appreciated. >> > >> > -Sullo >> > >> > >> > On Tue, Dec 3, 2013 at 4:57 PM, Jeremy Bae wrote: >> >> >> >> Hello, >> >> >> >> If I want to commit, I have to be a commiter? >> >> >> >> My PR is pending about 2 weeks. >> >> >> >> https://github.com/sullo/nikto/pull/98 >> >> >> >> Yes, because I don't know much about the git, >> >> I made a small mistake (rebase upstream related). >> >> Sorry. >> >> >> >> Could you please merge my commit? >> >> especially, Zend framework check. >> >> >> >> >> >> https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> Nikto-discuss mailing list >> >> Nikto-discuss at attrition.org >> >> https://attrition.org/mailman/listinfo/nikto-discuss >> >> >> > >> > >> > >> > -- >> > >> > http://www.cirt.net | http://richsec.com/ >> > >> > _______________________________________________ >> > Nikto-discuss mailing list >> > Nikto-discuss at attrition.org >> > https://attrition.org/mailman/listinfo/nikto-discuss >> > >> >> >> >> -- >> Regards, >> Christian Heinrich >> >> http://cmlh.id.au/contact >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss > > > > > -- > Atte: > Mat?as Aereal Ae?n -- Regards, Christian Heinrich http://cmlh.id.au/contact From aereal at gmail.com Wed Dec 4 19:06:11 2013 From: aereal at gmail.com (Matt ~) Date: Wed, 4 Dec 2013 23:06:11 -0200 Subject: [Nikto-discuss] How to commit? In-Reply-To: References: Message-ID: Yeah Christian, I know, maybe I should've clarified that not to confuse people. I pasted that link because they were speaking about github :), and it has a nice GUI where you can check them and approve. Thanks for the clarification btw! On Wed, Dec 4, 2013 at 9:50 PM, Christian Heinrich < christian.heinrich at cmlh.id.au> wrote: > Matt, > > Pull Request aren't specific to GitHub, rather they are a feature of > git too i.e. "git request-pull origin/master fork" > > On Thu, Dec 5, 2013 at 12:40 AM, Matt ~ wrote: > > You don't need to be a committer. You can use the "pull request" option. > > > > https://help.github.com/articles/using-pull-requests > > > > > > On Tue, Dec 3, 2013 at 8:08 PM, Christian Heinrich > > wrote: > >> > >> Sullo, > >> > >> You may want to consider either > >> http://nvie.com/posts/a-successful-git-branching-model/ or > >> http://scottchacon.com/2011/08/31/github-flow.html. > >> > >> Also > http://git-scm.com/book/en/distributed-git-contributing-to-a-project > >> has some valuable advice too. > >> > >> On Wed, Dec 4, 2013 at 9:01 AM, Sullo wrote: > >> > Funny you should ask as I was looking at this over the weekend a bit > but > >> > haven't had time since, sorry. > >> > > >> > I'm pretty new to git as well, so since github's easy "automatically > >> > merge" > >> > couldn't be done I was stuck RTFM'ing about git and how to do this. > >> > Still > >> > learning! I think I sorted it out and will try to merge this this > >> > evening. > >> > > >> > Thanks for the pull req and kicking into action. Much appreciated. > >> > > >> > -Sullo > >> > > >> > > >> > On Tue, Dec 3, 2013 at 4:57 PM, Jeremy Bae wrote: > >> >> > >> >> Hello, > >> >> > >> >> If I want to commit, I have to be a commiter? > >> >> > >> >> My PR is pending about 2 weeks. > >> >> > >> >> https://github.com/sullo/nikto/pull/98 > >> >> > >> >> Yes, because I don't know much about the git, > >> >> I made a small mistake (rebase upstream related). > >> >> Sorry. > >> >> > >> >> Could you please merge my commit? > >> >> especially, Zend framework check. > >> >> > >> >> > >> >> > https://github.com/opt9/nikto/commit/1c55c69dd0db9e1a0ac54a71ce5204c78137bc4a > >> >> > >> >> > >> >> > >> >> > >> >> _______________________________________________ > >> >> Nikto-discuss mailing list > >> >> Nikto-discuss at attrition.org > >> >> https://attrition.org/mailman/listinfo/nikto-discuss > >> >> > >> > > >> > > >> > > >> > -- > >> > > >> > http://www.cirt.net | http://richsec.com/ > >> > > >> > _______________________________________________ > >> > Nikto-discuss mailing list > >> > Nikto-discuss at attrition.org > >> > https://attrition.org/mailman/listinfo/nikto-discuss > >> > > >> > >> > >> > >> -- > >> Regards, > >> Christian Heinrich > >> > >> http://cmlh.id.au/contact > >> _______________________________________________ > >> Nikto-discuss mailing list > >> Nikto-discuss at attrition.org > >> https://attrition.org/mailman/listinfo/nikto-discuss > > > > > > > > > > -- > > Atte: > > Mat?as Aereal Ae?n > > > > -- > Regards, > Christian Heinrich > > http://cmlh.id.au/contact > -- Atte: Mat?as Aereal Ae?n -------------- next part -------------- An HTML attachment was scrubbed... URL: From mattyjimjam at gmail.com Sat Dec 7 02:51:35 2013 From: mattyjimjam at gmail.com (Matt James) Date: Sat, 7 Dec 2013 19:51:35 +1100 Subject: [Nikto-discuss] Encoding (evasion) options not visible in packet captures or server logs Message-ID: Hello All, I've been testing with Nikto version 2.1.5 on Backtrack 5r3 and I can't see the encoding options going across the wire or in the target server's logs. I'm assuming the Nikto testing URI are encoded by the LM2.pm module then sent over the wire to the target? I pulled down the current version of Nikto from the site and running it from a Fedora system and still have the same issue. Command: -h targetexample.com -evasion 12345678 Nikto displays the evasion options in the banner, the User Agent show which options I'm using, but no encoding of the URI is visible in Wireshark captures or in the target server's logs. Everything looks in order and LW2.pm (which I take to be the worker to do the encoding) is in the right place. Any clues on what I'm missing? Thanks MattyJ -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Mon Dec 9 23:43:40 2013 From: csullo at gmail.com (Sullo) Date: Tue, 10 Dec 2013 00:43:40 -0500 Subject: [Nikto-discuss] Encoding (evasion) options not visible in packet captures or server logs In-Reply-To: References: Message-ID: Thanks for the report. I just committed a change which fixes the encoding issue. I also opened ticket #102 for printing. Even now, nikto will print out the original (unmodified) URI rather than what was actually requested because LibWhisker changes it after we've handed it off. This is a bit more complicated fix as we have to change which value we print for every URI (normal, debug and verbose). So just be aware that for now it will not *look* like it requests it with encoding, but if you check the request on the wire it'll have it. Regards, Sullo On Sat, Dec 7, 2013 at 3:51 AM, Matt James wrote: > Hello All, > > I've been testing with Nikto version 2.1.5 on Backtrack 5r3 and I can't > see the encoding options going across the wire or in the target server's > logs. I'm assuming the Nikto testing URI are encoded by the LM2.pm module > then sent over the wire to the target? > > I pulled down the current version of Nikto from the site and running it > from a Fedora system and still have the same issue. > > Command: -h targetexample.com -evasion 12345678 > > Nikto displays the evasion options in the banner, the User Agent show > which options I'm using, but no encoding of the URI is visible in Wireshark > captures or in the target server's logs. > > Everything looks in order and LW2.pm (which I take to be the worker to do > the encoding) is in the right place. > > Any clues on what I'm missing? > > Thanks > > MattyJ > > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From sultanov2007 at gmail.com Sun Dec 15 22:53:01 2013 From: sultanov2007 at gmail.com (Timur Sultanov) Date: Mon, 16 Dec 2013 04:53:01 +0000 (UTC) Subject: [Nikto-discuss] Invitation to connect on LinkedIn Message-ID: <986870033.33251965.1387169582001.JavaMail.app@ela4-app0086.prod> LinkedIn ------------ I'd like to add you to my professional network on LinkedIn. - Timur Timur Sultanov MTS Tashkent at Uzbekistan Uzbekistan Confirm that you know Timur Sultanov: https://www.linkedin.com/e/wnn6v4-hp98ybo0-3y/isd/18704112482/Yr8ltref/?hs=false&tok=3h27JSppi5NC01 -- You are receiving Invitation to Connect emails. Click to unsubscribe: http://www.linkedin.com/e/wnn6v4-hp98ybo0-3y/XDTwb92_Nt1-fxojWcXfkS6moXWBXiHtWMhcgkL_wV/goo/nikto-discuss%40attrition%2Eorg/20061/I6098510702_1/?hs=false&tok=137-VmWDq5NC01 (c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA. -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sun Dec 15 23:05:21 2013 From: csullo at gmail.com (Sullo) Date: Mon, 16 Dec 2013 00:05:21 -0500 Subject: [Nikto-discuss] Invitation to connect on LinkedIn In-Reply-To: <986870033.33251965.1387169582001.JavaMail.app@ela4-app0086.prod> References: <986870033.33251965.1387169582001.JavaMail.app@ela4-app0086.prod> Message-ID: Sorry everyone, the sender has been moderated now and linkedin invites from anyone hopefully won't make it onto the list again. Regards, Sullo -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From raymond_pluto at hotmail.com Tue Dec 17 06:48:22 2013 From: raymond_pluto at hotmail.com (raymond lukanta) Date: Tue, 17 Dec 2013 19:48:22 +0700 Subject: [Nikto-discuss] Nikto Internal Architecture Message-ID: Hello, Is anybody know the internal architecture of Nikto? I need it for my final project. Thanks. --Raymond -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Tue Dec 17 07:17:02 2013 From: csullo at gmail.com (csullo at gmail.com) Date: Tue, 17 Dec 2013 08:17:02 -0500 Subject: [Nikto-discuss] Nikto Internal Architecture In-Reply-To: References: Message-ID: <451CC676-4C5C-454C-9E00-3025DAC61C56@gmail.com> That's a pretty vague question. Is there something specific you'd like to know? > On Dec 17, 2013, at 7:48 AM, raymond lukanta wrote: > > Hello, > > Is anybody know the internal architecture of Nikto? > > I need it for my final project. > > Thanks. > > -- > Raymond > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From raymond_pluto at hotmail.com Sun Dec 22 02:55:48 2013 From: raymond_pluto at hotmail.com (raymond lukanta) Date: Sun, 22 Dec 2013 15:55:48 +0700 Subject: [Nikto-discuss] Nikto Internal Architecture In-Reply-To: References: <451CC676-4C5C-454C-9E00-3025DAC61C56@gmail.com>, , Message-ID: Hmm... Actually, I've checked the documentation before asking to the mailing list. Probably, is there any other resources that would be useful for me? Thanks. --Raymond From: csullo at gmail.com Date: Sat, 21 Dec 2013 08:17:11 -0500 Subject: Re: [Nikto-discuss] Nikto Internal Architecture To: raymond_pluto at hotmail.com Hopefully you can find what you need here: http://cirt.net/nikto2-docs/ On Fri, Dec 20, 2013 at 1:00 AM, raymond lukanta wrote: Sorry if I didn't explain it clearly. What I need is the building blocks of Nikto.. For example, maybe there's a crawler component, attacker component, or else. Where can I find the explanation about that? Thanks. -- Raymond Subject: Re: [Nikto-discuss] Nikto Internal Architecture From: csullo at gmail.com Date: Tue, 17 Dec 2013 08:17:02 -0500 CC: nikto-discuss at attrition.org To: raymond_pluto at hotmail.com That's a pretty vague question. Is there something specific you'd like to know? On Dec 17, 2013, at 7:48 AM, raymond lukanta wrote: Hello, Is anybody know the internal architecture of Nikto? I need it for my final project. Thanks. -- Raymond _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sun Dec 22 12:54:47 2013 From: csullo at gmail.com (Sullo) Date: Sun, 22 Dec 2013 13:54:47 -0500 Subject: [Nikto-discuss] Nikto Internal Architecture In-Reply-To: References: <451CC676-4C5C-454C-9E00-3025DAC61C56@gmail.com> Message-ID: The source code would be your best bet--there are the plugins listed in the -H output as well as in the plugins directory. Running it will give you an idea of how it works and what it does... and of course looking at the source code. On Sun, Dec 22, 2013 at 3:55 AM, raymond lukanta wrote: > Hmm... > Actually, I've checked the documentation before asking to the mailing list. > > Probably, is there any other resources that would be useful for me? > > Thanks. > > -- > Raymond > > ------------------------------ > From: csullo at gmail.com > Date: Sat, 21 Dec 2013 08:17:11 -0500 > > Subject: Re: [Nikto-discuss] Nikto Internal Architecture > To: raymond_pluto at hotmail.com > > > Hopefully you can find what you need here: http://cirt.net/nikto2-docs/ > > > On Fri, Dec 20, 2013 at 1:00 AM, raymond lukanta < > raymond_pluto at hotmail.com> wrote: > > Sorry if I didn't explain it clearly. > > What I need is the building blocks of Nikto.. > For example, maybe there's a crawler component, attacker component, or > else. > > Where can I find the explanation about that? > > > Thanks. > -- > Raymond > ------------------------------ > Subject: Re: [Nikto-discuss] Nikto Internal Architecture > From: csullo at gmail.com > Date: Tue, 17 Dec 2013 08:17:02 -0500 > CC: nikto-discuss at attrition.org > To: raymond_pluto at hotmail.com > > > That's a pretty vague question. Is there something specific you'd like to > know? > > On Dec 17, 2013, at 7:48 AM, raymond lukanta > wrote: > > Hello, > > Is anybody know the internal architecture of Nikto? > > I need it for my final project. > > Thanks. > > -- > Raymond > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > > > > -- > > http://www.cirt.net | http://richsec.com/ > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: