From resident.deity at gmail.com Wed Feb 5 14:11:07 2014 From: resident.deity at gmail.com (a) Date: Wed, 5 Feb 2014 20:11:07 +0000 Subject: [Nikto-discuss] Nikto Dictionary Plugin In-Reply-To: References: Message-ID: You need to add it as a plugin string, e.g -Plugin "+; dictionary (dictionary:/path/to/dictionary)". The dictionary file should be a list of pathnames without the /s e.g. admin manager To be honest I normally use dirbuster. On 25 Jan 2014 05:13, "raymond lukanta" wrote: > Hi, > > I want to know how to use the dictionary plugin. I've been googling for > the tutorial, but I couldn't find how to use it. > > Thanks. > -- > Raymond > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From raymond_pluto at hotmail.com Sat Feb 8 01:51:08 2014 From: raymond_pluto at hotmail.com (raymond lukanta) Date: Sat, 8 Feb 2014 14:51:08 +0700 Subject: [Nikto-discuss] Nikto Session Management Vulnerabilities Message-ID: Hi, As I read on http://cirt.net/nikto2-docs/options.html, I don't find any session management vulnerabilities that can be detected by Nikto.Am I right? Because for my final project, I want to extend Nikto so Nikto can detect session management vulnerabilities. I'm looking forward for the response.Thanks. --Raymond -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sat Feb 8 07:01:03 2014 From: csullo at gmail.com (csullo at gmail.com) Date: Sat, 8 Feb 2014 08:01:03 -0500 Subject: [Nikto-discuss] Nikto Session Management Vulnerabilities In-Reply-To: References: Message-ID: <1E0582F8-254E-467F-9C07-B4C5223079F2@gmail.com> Correct--there are no generic session management issues tested by Nikto. Regards, Sullo > On Feb 8, 2014, at 2:51 AM, raymond lukanta wrote: > > Hi, > > As I read on http://cirt.net/nikto2-docs/options.html, I don't find any session management vulnerabilities that can be detected by Nikto. > Am I right? Because for my final project, I want to extend Nikto so Nikto can detect session management vulnerabilities. > > I'm looking forward for the response. > Thanks. > > -- > Raymond > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From raymond_pluto at hotmail.com Sun Feb 9 02:44:22 2014 From: raymond_pluto at hotmail.com (raymond lukanta) Date: Sun, 9 Feb 2014 15:44:22 +0700 Subject: [Nikto-discuss] Nikto Session Management Vulnerabilities In-Reply-To: <1E0582F8-254E-467F-9C07-B4C5223079F2@gmail.com> References: , <1E0582F8-254E-467F-9C07-B4C5223079F2@gmail.com> Message-ID: What do you mean with "generic"? --Raymond Lukanta Subject: Re: [Nikto-discuss] Nikto Session Management Vulnerabilities From: csullo at gmail.com Date: Sat, 8 Feb 2014 08:01:03 -0500 CC: nikto-discuss at attrition.org To: raymond_pluto at hotmail.com Correct--there are no generic session management issues tested by Nikto. Regards,Sullo On Feb 8, 2014, at 2:51 AM, raymond lukanta wrote: Hi, As I read on http://cirt.net/nikto2-docs/options.html, I don't find any session management vulnerabilities that can be detected by Nikto.Am I right? Because for my final project, I want to extend Nikto so Nikto can detect session management vulnerabilities. I'm looking forward for the response.Thanks. --Raymond _______________________________________________ Nikto-discuss mailing list Nikto-discuss at attrition.org https://attrition.org/mailman/listinfo/nikto-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sun Feb 9 07:18:56 2014 From: csullo at gmail.com (Chris Sullo) Date: Sun, 9 Feb 2014 08:18:56 -0500 Subject: [Nikto-discuss] Nikto Session Management Vulnerabilities In-Reply-To: References: <1E0582F8-254E-467F-9C07-B4C5223079F2@gmail.com> Message-ID: Meaning there may be very specific product checks in db_tests but nothing generic in terms of sessions. > On Feb 9, 2014, at 3:44 AM, raymond lukanta wrote: > > What do you mean with "generic"? > > -- > Raymond Lukanta > > Subject: Re: [Nikto-discuss] Nikto Session Management Vulnerabilities > From: csullo at gmail.com > Date: Sat, 8 Feb 2014 08:01:03 -0500 > CC: nikto-discuss at attrition.org > To: raymond_pluto at hotmail.com > > Correct--there are no generic session management issues tested by Nikto. > > Regards, > Sullo > > On Feb 8, 2014, at 2:51 AM, raymond lukanta wrote: > > Hi, > > As I read on http://cirt.net/nikto2-docs/options.html, I don't find any session management vulnerabilities that can be detected by Nikto. > Am I right? Because for my final project, I want to extend Nikto so Nikto can detect session management vulnerabilities. > > I'm looking forward for the response. > Thanks. > > -- > Raymond > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: