[Nikto-discuss] (no subject)

Sullo csullo at gmail.com
Thu Sep 12 08:18:03 CDT 2013 

I've opened a ticket for this one--good call.

-Sullo


On Thu, Sep 12, 2013 at 3:00 AM, Robin Wood <robin at digininja.org> wrote:

>
> On 12 Sep 2013 00:41, "a" <resident.deity at gmail.com> wrote:
> >
> > I see the problem: the plugin names are wrong, it should usually be
> without the nikto_. You can see the full list of plugins and their names by
> doing a:
> >   nikto -list-plugins
> >
> > Although the plugin name is usually nikto_plugin it doesn't have to be.
> In case of doubt always use the name shown when doing a -list-plugins.
> >
> > The command line you're looking for is:
> >   nikto -Plugins 'outdated' -no404 -host http://www.domain.com
> >
> > Be warned: reporting is done by a plugin as well, so if you want to save
> the result to a file, you'll need to include the reporting plugin as well:
> >   nikto -Plugins 'outdated,report_xml' -no404 -host
> http://www.domain.com -output domain.xml
> >
>
> Couldn't you automatically bring the appropriate report plugin in as
> required? It sounds like the kind of thing that someone could waste a lot
> of time on trying to work out reporting is failing.
>
> Robin
>
> >
> > On 2 September 2013 09:02, Thiébaut Devergranne <t.devergranne at gmail.com>
> wrote:
> >>
> >> Thanks for the feedback. If I uses theses options Nikto doesn't tell me
> about any problems any more ; here's a test :
> >>
> >> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h
> http://www.domain.com
> >> - Nikto v2.1.5
> >>
> ---------------------------------------------------------------------------
> >> + Target IP:          bla.bla.
> >> + Target Hostname:    www.domain.com
> >> + Target Port:        80
> >> + Start Time:         2013-09-02 09:58:56 (GMT2)
> >>
> ---------------------------------------------------------------------------
> >> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
> >> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
> >> + End Time:           2013-09-02 09:58:56 (GMT2) (0 seconds)
> >>
> ---------------------------------------------------------------------------
> >>
> >> So the server runs a vulnerable version of php but Nikto doesn't give
> me any information about it. Is there something i'm missing ?
> >>
> >> Thanks !
> >> TD
> >>
> >>
> >> Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :
> >>
> >>> I am not near a computer, sorry, but you want to use the -no404 option
> combined with -Plugins.
> >>>
> >>> It should be like:  -Plugins "@@none;nikto_outdated;nikto_versions"
> >>>
> >>> Those are from memory so check output of -list-plugins to be sure
> those are correct.
> >>>
> >>> Also see:
> >>> http://cirt.net/nikto2-docs/options.html#id2741238
> >>>
> >>> I'm not sure it will be one request but probably 2-3 if you set the
> options right, since it tests ssl and possibly more than one method. You
> can use -ssl and -nossl to save a request if you know ahead of time or
> don't mind guessing based on port.
> >>>
> >>> Let us know how it turns out!
> >>>
> >>> -Sullo
> >>>
> >>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <
> t.devergranne at gmail.com> wrote:
> >>>
> >>>> Hi guys,
> >>>>
> >>>> I'm very new to Nikto and I'm trying to find out how to conduct a
> server version tests (like php, asp) sending the minimal number of
> requests, ideally one.
> >>>>
> >>>> I understand it's possible to do that using the -Plugin parameter but
> i'm kind of lost after that.
> >>>>
> >>>> Anyone could help to put me on the right track ?
> >>>> Thanks
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Nikto-discuss mailing list
> >>>> Nikto-discuss at attrition.org
> >>>> https://attrition.org/mailman/listinfo/nikto-discuss
> >>
> >>
> >>
> >> _______________________________________________
> >> Nikto-discuss mailing list
> >> Nikto-discuss at attrition.org
> >> https://attrition.org/mailman/listinfo/nikto-discuss
> >>
> >
> >
> > _______________________________________________
> > Nikto-discuss mailing list
> > Nikto-discuss at attrition.org
> > https://attrition.org/mailman/listinfo/nikto-discuss
> >
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130912/0c3a2d0a/attachment-0001.html>

More information about the Nikto-discuss mailing list