Hi Dave and Al,<br><br>Dave, I had not made the link between your morning's email and that cause in my previous message to you, the directories where indeed present on the server (that was the Nikto message I did not understand)<br>
The difference is that here, none of the directory (or files) metionned in my message are present on the server..<br>Thus I thought this was a different "issue" but seems to be the same, right ?<br><br>BR,<br>Nick<br>
<br><div class="gmail_quote">
2009/5/11 David Lodge <span dir="ltr"><<a href="mailto:dave@cirt.net" target="_blank">dave@cirt.net</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Nick, I sent you an email about this this morning.<br>
<br>
On Mon, 11 May 2009 14:51:30 +0100, Thomas Raef <<a href="mailto:traef@ebasedsecurity.com" target="_blank">traef@ebasedsecurity.com</a>><br>
wrote:<br>
<div>> I've noticed these false positives as well.<br>
> If you have a default 404 page, you'll see these false positives as the<br>
> URL issued with the GET command does return a page - your default 404<br>
> page so it assumes that since it issued a command and received a result<br>
> the command must have worked.<br>
> That's been my findings anyway. Anyone have more information?<br>
<br>
</div>In my experience it tends to happen when the web server returns a 200 and<br>
then returns a reader friendly page to say "file not found". Nikto does<br>
perform some checks to attempt to work out non-404 404 pages, but it can't<br>
always get them.<br>
<br>
If you can send me any examples of pages (either the output from a<br>
nikto.pl -D d or the page itself) then I can use this to improve the<br>
matching algorithms.<br>
<br>
Thanks<br>
<br>
dave<br>
<div><div></div><div>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
</div></div></blockquote></div><br>