There was actually a bug in the auth guessing stuff that may have caused the high number of attempts--I just fixed it a few nights ago in the trunk version. It should be ~300 per directory (or per realm in the trunk version). <br>
<br>You can disable plugins using -Plugins, such as:<br>-Plugins "@@DEFAULT;-auth"<br><br>That should run all the default ones except the auth testing.<br><br>See this page for more info: <a href="https://cirt.net/nikto2-docs/options.html">https://cirt.net/nikto2-docs/options.html</a><br>
<br>-Sullo<br><br><div class="gmail_quote">On Wed, Dec 8, 2010 at 4:50 AM, Chris Thomas <span dir="ltr"><<a href="mailto:chris@mediumcool.net">chris@mediumcool.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Hi,<br>
<br>
I'm using Nikto 2.1.3 on Windows XP.<br>
<br>
When Nikto attempts to GET the page /bandwidth/index.cgi on the server I'm testing it recieves the response '401 Requires Authorization'. Nikto then appears to enter a loop repeatledly GETing /bandwidth/index.cgi which quickly trips my client's IDS and gets me blacklisted.<br>
<br>
I've done some test on my own web server using Nikto debugging and it appears Nikto is trying to brute-force authentication, making around 700 request for /bandwidth/index.cgi with various credentials before it moves on to the next test.<br>
<br>
The command I'm running is:<br>
<a href="http://nikto.pl" target="_blank">nikto.pl</a> -h 172.16.20.17 -T 1 -D D > debug.txt<br>
<br>
I could get myself whitelisted, but I really don't want to be trying to brute-force authentication.<br>
<br>
I see there are various options for controlling plugins and tests but I've had a look at the code, db_tests etc., but it's hard to get a handle on what's actually being run.<br>
<br>
Any suggestions?<br>
<br>
Thanks.<br>
<br>
Chris<br>
_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><br><a href="http://www.cirt.net">http://www.cirt.net</a> | <a href="http://www.osvdb.org/">http://www.osvdb.org/</a><br>