<p dir="ltr"><br>
On 12 Sep 2013 00:41, "a" <<a href="mailto:resident.deity@gmail.com">resident.deity@gmail.com</a>> wrote:<br>
><br>
> I see the problem: the plugin names are wrong, it should usually be without the nikto_. You can see the full list of plugins and their names by doing a:<br>
> nikto -list-plugins<br>
><br>
> Although the plugin name is usually nikto_plugin it doesn't have to be. In case of doubt always use the name shown when doing a -list-plugins.<br>
><br>
> The command line you're looking for is:<br>
> nikto -Plugins 'outdated' -no404 -host <a href="http://www.domain.com">http://www.domain.com</a><br>
><br>
> Be warned: reporting is done by a plugin as well, so if you want to save the result to a file, you'll need to include the reporting plugin as well:<br>
> nikto -Plugins 'outdated,report_xml' -no404 -host <a href="http://www.domain.com">http://www.domain.com</a> -output domain.xml<br>
></p>
<p dir="ltr">Couldn't you automatically bring the appropriate report plugin in as required? It sounds like the kind of thing that someone could waste a lot of time on trying to work out reporting is failing.</p>
<p dir="ltr">Robin</p>
<p dir="ltr">><br>
> On 2 September 2013 09:02, Thiébaut Devergranne <<a href="mailto:t.devergranne@gmail.com">t.devergranne@gmail.com</a>> wrote:<br>
>><br>
>> Thanks for the feedback. If I uses theses options Nikto doesn't tell me about any problems any more ; here's a test : <br>
>><br>
>> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h <a href="http://www.domain.com">http://www.domain.com</a><br>
>> - Nikto v2.1.5<br>
>> ---------------------------------------------------------------------------<br>
>> + Target IP: bla.bla.<br>
>> + Target Hostname: <a href="http://www.domain.com">www.domain.com</a><br>
>> + Target Port: 80<br>
>> + Start Time: 2013-09-02 09:58:56 (GMT2)<br>
>> ---------------------------------------------------------------------------<br>
>> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g<br>
>> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host<br>
>> + End Time: 2013-09-02 09:58:56 (GMT2) (0 seconds)<br>
>> ---------------------------------------------------------------------------<br>
>><br>
>> So the server runs a vulnerable version of php but Nikto doesn't give me any information about it. Is there something i'm missing ?<br>
>><br>
>> Thanks !<br>
>> TD<br>
>><br>
>><br>
>> Le 1 sept. 2013 à 15:28, <a href="mailto:csullo@gmail.com">csullo@gmail.com</a> a écrit :<br>
>><br>
>>> I am not near a computer, sorry, but you want to use the -no404 option combined with -Plugins. <br>
>>><br>
>>> It should be like: -Plugins "@@none;nikto_outdated;nikto_versions"<br>
>>><br>
>>> Those are from memory so check output of -list-plugins to be sure those are correct. <br>
>>><br>
>>> Also see:<br>
>>> <a href="http://cirt.net/nikto2-docs/options.html#id2741238">http://cirt.net/nikto2-docs/options.html#id2741238</a><br>
>>><br>
>>> I'm not sure it will be one request but probably 2-3 if you set the options right, since it tests ssl and possibly more than one method. You can use -ssl and -nossl to save a request if you know ahead of time or don't mind guessing based on port. <br>
>>><br>
>>> Let us know how it turns out!<br>
>>><br>
>>> -Sullo<br>
>>><br>
>>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <<a href="mailto:t.devergranne@gmail.com">t.devergranne@gmail.com</a>> wrote:<br>
>>><br>
>>>> Hi guys, <br>
>>>><br>
>>>> I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one. <br>
>>>><br>
>>>> I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.<br>
>>>><br>
>>>> Anyone could help to put me on the right track ? <br>
>>>> Thanks<br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> Nikto-discuss mailing list<br>
>>>> <a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
>>>> <a href="https://attrition.org/mailman/listinfo/nikto-discuss">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Nikto-discuss mailing list<br>
>> <a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
>> <a href="https://attrition.org/mailman/listinfo/nikto-discuss">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Nikto-discuss mailing list<br>
> <a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
> <a href="https://attrition.org/mailman/listinfo/nikto-discuss">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
><br>
</p>