<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Hmm..</div><div dir="ltr"><br></div><div dir="ltr">Would you please give me further explanation about "Nikto will only check for what it knows"?</div><div dir="ltr">As long as I understand, a web application scanner is also checking what it knows (by using plugins or databases).</div><div dir="ltr"><br></div><div dir="ltr">Thanks,<br><font size="2"><span style="color:rgb(79, 129, 189);font-family:Arial, sans-serif;line-height:17px;background-color:rgb(255, 255, 255);">--</span><br style="line-height:17px;color:rgb(79, 129, 189);font-family:Arial, sans-serif;"><span style="color:rgb(79, 129, 189);font-family:Arial, sans-serif;line-height:17px;background-color:rgb(255, 255, 255);">Raymond</span></font><br><br><div><hr id="stopSpelling">Date: Sun, 5 Jan 2014 09:34:59 +0000<br>Subject: Re: [Nikto-discuss] Nikto Capabilities<br>From: resident.deity@gmail.com<br>To: raymond_pluto@hotmail.com<br>CC: nikto-discuss@attrition.org<br><br><p dir="ltr">Nikto performs a set of tests for pages on the web server and the configuration of its responses. The tuning option allows these the number of tests to be cut down, e.g. to known pages that have SQL injection.</p>
<p dir="ltr">Where this differs from a web application scanner is that Nikto will only check for what it knows.</p>
<p dir="ltr">To be honest web server scanner is a pointless label anyway. It's a tool that should be run as part of a set of tools (e.g. nmap, sslscan, sqlmap, burp) used during a test. It's not mutually exclusive with other tools.<br>
</p>
<div class="ecxgmail_quote">On 4 Jan 2014 17:00, "raymond lukanta" <<a href="mailto:raymond_pluto@hotmail.com">raymond_pluto@hotmail.com</a>> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr">I have a question about Nikto capabilities. <div>In the Nikto description, it is said that Nikto is a web server scanner. But, in the -Tuning option (<a href="http://cirt.net/nikto2-docs/options.html#id2741238" style="font-size:12pt;" target="_blank">http://cirt.net/nikto2-docs/options.html#id2741238</a><span style="font-size:12pt;">), there're a test for SQL injection and XSS. Actually, it makes me confused.</span></div>
<div><span style="font-size:12pt;"><br></span></div><div>I need explanation why Nikto do the test for SQL injection and XSS. Because <span style="font-size:12pt;">I think, injection and XSS is web application related (CMIIW).</span></div>
<div><br></div><div><br></div><div>Thanks.</div><div><br><span style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif;">--</span><br style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif;">
<span style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif;">Raymond</span></div> </div></div>
<br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div></div></div>
</div></body>
</html>