<div dir="ltr">I've opened a ticket for this one--good call.<div><br></div><div>-Sullo</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Sep 12, 2013 at 3:00 AM, Robin Wood <span dir="ltr"><<a href="mailto:robin@digininja.org" target="_blank">robin@digininja.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><p dir="ltr"><br>
On 12 Sep 2013 00:41, "a" <<a href="mailto:resident.deity@gmail.com" target="_blank">resident.deity@gmail.com</a>> wrote:<br>
><br>
> I see the problem: the plugin names are wrong, it should usually be without the nikto_. You can see the full list of plugins and their names by doing a:<br>
> nikto -list-plugins<br>
><br>
> Although the plugin name is usually nikto_plugin it doesn't have to be. In case of doubt always use the name shown when doing a -list-plugins.<br>
><br>
> The command line you're looking for is:<br>
> nikto -Plugins 'outdated' -no404 -host <a href="http://www.domain.com" target="_blank">http://www.domain.com</a><br>
><br>
> Be warned: reporting is done by a plugin as well, so if you want to save the result to a file, you'll need to include the reporting plugin as well:<br>
> nikto -Plugins 'outdated,report_xml' -no404 -host <a href="http://www.domain.com" target="_blank">http://www.domain.com</a> -output domain.xml<br>
></p>
</div><p dir="ltr">Couldn't you automatically bring the appropriate report plugin in as required? It sounds like the kind of thing that someone could waste a lot of time on trying to work out reporting is failing.</p>
<span class="HOEnZb"><font color="#888888">
<p dir="ltr">Robin</p></font></span><div class="HOEnZb"><div class="h5">
<p dir="ltr">><br>
> On 2 September 2013 09:02, Thiébaut Devergranne <<a href="mailto:t.devergranne@gmail.com" target="_blank">t.devergranne@gmail.com</a>> wrote:<br>
>><br>
>> Thanks for the feedback. If I uses theses options Nikto doesn't tell me about any problems any more ; here's a test : <br>
>><br>
>> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h <a href="http://www.domain.com" target="_blank">http://www.domain.com</a><br>
>> - Nikto v2.1.5<br>
>> ---------------------------------------------------------------------------<br>
>> + Target IP: bla.bla.<br>
>> + Target Hostname: <a href="http://www.domain.com" target="_blank">www.domain.com</a><br>
>> + Target Port: 80<br>
>> + Start Time: 2013-09-02 09:58:56 (GMT2)<br>
>> ---------------------------------------------------------------------------<br>
>> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g<br>
>> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host<br>
>> + End Time: 2013-09-02 09:58:56 (GMT2) (0 seconds)<br>
>> ---------------------------------------------------------------------------<br>
>><br>
>> So the server runs a vulnerable version of php but Nikto doesn't give me any information about it. Is there something i'm missing ?<br>
>><br>
>> Thanks !<br>
>> TD<br>
>><br>
>><br>
>> Le 1 sept. 2013 à 15:28, <a href="mailto:csullo@gmail.com" target="_blank">csullo@gmail.com</a> a écrit :<br>
>><br>
>>> I am not near a computer, sorry, but you want to use the -no404 option combined with -Plugins. <br>
>>><br>
>>> It should be like: -Plugins "@@none;nikto_outdated;nikto_versions"<br>
>>><br>
>>> Those are from memory so check output of -list-plugins to be sure those are correct. <br>
>>><br>
>>> Also see:<br>
>>> <a href="http://cirt.net/nikto2-docs/options.html#id2741238" target="_blank">http://cirt.net/nikto2-docs/options.html#id2741238</a><br>
>>><br>
>>> I'm not sure it will be one request but probably 2-3 if you set the options right, since it tests ssl and possibly more than one method. You can use -ssl and -nossl to save a request if you know ahead of time or don't mind guessing based on port. <br>
>>><br>
>>> Let us know how it turns out!<br>
>>><br>
>>> -Sullo<br>
>>><br>
>>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <<a href="mailto:t.devergranne@gmail.com" target="_blank">t.devergranne@gmail.com</a>> wrote:<br>
>>><br>
>>>> Hi guys, <br>
>>>><br>
>>>> I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one. <br>
>>>><br>
>>>> I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.<br>
>>>><br>
>>>> Anyone could help to put me on the right track ? <br>
>>>> Thanks<br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> Nikto-discuss mailing list<br>
>>>> <a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
>>>> <a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Nikto-discuss mailing list<br>
>> <a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
>> <a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Nikto-discuss mailing list<br>
> <a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
> <a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
><br>
</p>
</div></div><br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><br><a href="http://www.cirt.net" target="_blank">http://www.cirt.net</a> | <a href="http://richsec.com/" target="_blank">http://richsec.com/</a>
</div>