Sorry for the delay.<div><br></div><div>You can put strings into a file called db_404_strings in the databases directory, and it should discount those as positive results. You'd want to put something in from the known-404 page. More info on the udb files is here: <a href="http://cirt.net/nikto2-docs/">http://cirt.net/nikto2-docs/</a></div>
<div><br></div><div>With cpanel, if it's a unique string that we can use I can also add it to the main database, as well as create a check to identify cpanel.</div><div><br></div><div>Regards,</div><div>Sullo</div><div>
<br><div class="gmail_quote">On Wed, Jun 20, 2012 at 7:03 PM, aaron bishop <span dir="ltr"><<a href="mailto:firstname.lastname@example.org" target="_blank">email@example.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello All. I've bene using nikto for a few months now and I absolutely love it. I have come across an issue when I scan a site that has cpanel installed. When I scan port 2095, which is a cpanel webmail login page, it gets dozens of false positives reported because everything on 2095 gets redirected to the login page and the URI sent is included in the body, or in the case of plugin 000294 which looks for <a href="http://www.example.com/sips/sipssys/users/a/admin/user" target="_blank">www.example.com/sips/sipssys/users/a/admin/user</a> and falis if Password is returned it fails because it's a login page and it has Password as one of the fields for the login. Is there a good way to handle this without modifying db_tests to require 200 ok for everything which I don't think is the best solution.
Nikto-discuss mailing list<br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><br><a href="http://cirt.net" target="_blank">http://cirt.net</a> | <a href="http://richsec.com/" target="_blank">http://richsec.com/</a><br>