Thomas-<br>
<br>
I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did
this so I could run multiple checks per directory, i.e. does it exist?,
is it indexable?, etc.<br>
<br><br><br><br><div class="gmail_quote">On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <span dir="ltr"><<a href="mailto:traef@ebasedsecurity.com">traef@ebasedsecurity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Next question, where would I put this list. I would probably parse it<br>
down to reduce the number of requests, but where would I put such a<br>
list?<br>
<br>
Would config.txt allow me to specify a file to check?<br>
<br>
Thank you for your guidance.<br>
<div><div></div><div class="Wj3C7c"><br>
> -----Original Message-----<br>
> From: security curmudgeon [mailto:<a href="mailto:jericho@attrition.org">jericho@attrition.org</a>]<br>
> Sent: Friday, December 19, 2008 3:13 PM<br>
> To: Thomas Raef<br>
> Cc: <a href="mailto:nikto-discuss@attrition.org">nikto-discuss@attrition.org</a><br>
> Subject: Re: [Nikto-discuss] Using DirBuster lists<br>
><br>
><br>
> : I was looking at including the list of directory names to check by<br>
> : including the lists from OWASP's DirBuster project.<br>
> :<br>
> : I'd like to hear reasons for and against doing such a thing.<br>
><br>
> for: thorough lists, can find some good directories<br>
><br>
> against: even their short list is pretty hefty, and generates a ton of<br>
> requests. the long list? takes way too long to run against a single<br>
> host.<br>
<br>
_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
</div></div></blockquote></div><br>