<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What did your udb_tests file look like? How was it formatted to
allow the tests?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Was it successful? Did it slow down the scan too much?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>How was it implemented?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thank you.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Jason Leyrer
[mailto:jleyrer@gmail.com] <br>
<b>Sent:</b> Friday, December 19, 2008 4:32 PM<br>
<b>To:</b> Thomas Raef<br>
<b>Cc:</b> security curmudgeon; nikto-discuss@attrition.org<br>
<b>Subject:</b> Re: [Nikto-discuss] Using DirBuster lists<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Thomas-<br>
<br>
I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did this so I
could run multiple checks per directory, i.e. does it exist?, is it indexable?,
etc.<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <<a
href="mailto:traef@ebasedsecurity.com">traef@ebasedsecurity.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Next question, where would I put this list. I would probably
parse it<br>
down to reduce the number of requests, but where would I put such a<br>
list?<br>
<br>
Would config.txt allow me to specify a file to check?<br>
<br>
Thank you for your guidance.<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal><br>
> -----Original Message-----<br>
> From: security curmudgeon [mailto:<a href="mailto:jericho@attrition.org">jericho@attrition.org</a>]<br>
> Sent: Friday, December 19, 2008 3:13 PM<br>
> To: Thomas Raef<br>
> Cc: <a href="mailto:nikto-discuss@attrition.org">nikto-discuss@attrition.org</a><br>
> Subject: Re: [Nikto-discuss] Using DirBuster lists<br>
><br>
><br>
> : I was looking at including the list of directory names to check by<br>
> : including the lists from OWASP's DirBuster project.<br>
> :<br>
> : I'd like to hear reasons for and against doing such a thing.<br>
><br>
> for: thorough lists, can find some good directories<br>
><br>
> against: even their short list is pretty hefty, and generates a ton of<br>
> requests. the long list? takes way too long to run against a single<br>
> host.<br>
<br>
_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>