[Nikto-discuss] (no subject)

Thiébaut Devergranne t.devergranne at gmail.com
Mon Sep 2 03:02:33 CDT 2013 

Thanks for the feedback. If I uses theses options Nikto doesn't tell me about any problems any more ; here's a test : 

hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h http://www.domain.com
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          bla.bla.
+ Target Hostname:    www.domain.com
+ Target Port:        80
+ Start Time:         2013-09-02 09:58:56 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
+ 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
+ End Time:           2013-09-02 09:58:56 (GMT2) (0 seconds)
---------------------------------------------------------------------------

So the server runs a vulnerable version of php but Nikto doesn't give me any information about it. Is there something i'm missing ?

Thanks !
TD


Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :

> I am not near a computer, sorry, but you want to use the -no404 option combined with -Plugins. 
> 
> It should be like:  -Plugins "@@none;nikto_outdated;nikto_versions"
> 
> Those are from memory so check output of -list-plugins to be sure those are correct. 
> 
> Also see:
> http://cirt.net/nikto2-docs/options.html#id2741238
> 
> I'm not sure it will be one request but probably 2-3 if you set the options right, since it tests ssl and possibly more than one method. You can use -ssl and -nossl to save a request if you know ahead of time or don't mind guessing based on port. 
> 
> Let us know how it turns out!
> 
> -Sullo
> 
> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <t.devergranne at gmail.com> wrote:
> 
>> Hi guys, 
>> 
>> I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one. 
>> 
>> I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.
>> 
>> Anyone could help to put me on the right track ? 
>> Thanks
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130902/b4bdeef1/attachment-0001.html>

More information about the Nikto-discuss mailing list