[Nikto-discuss] Using DirBuster lists

Sullo csullo at gmail.com
Sat Dec 20 00:02:24 UTC 2008


Check out the documentation, as it will give you some information on
how to set up a user-defined test database, and Nikto will
automatically load and use it when it is scanning.

http://cirt.net/nikto2-docs/ch07.html
Specifically, section 2.

-Sullo

On Fri, Dec 19, 2008 at 5:15 PM, Thomas Raef <traef at ebasedsecurity.com> wrote:
> Next question, where would I put this list. I would probably parse it
> down to reduce the number of requests, but where would I put such a
> list?
>
> Would config.txt allow me to specify a file to check?
>
> Thank you for your guidance.
>
>> -----Original Message-----
>> From: security curmudgeon [mailto:jericho at attrition.org]
>> Sent: Friday, December 19, 2008 3:13 PM
>> To: Thomas Raef
>> Cc: nikto-discuss at attrition.org
>> Subject: Re: [Nikto-discuss] Using DirBuster lists
>>
>>
>> : I was looking at including the list of directory names to check by
>> : including the lists from OWASP's DirBuster project.
>> :
>> : I'd like to hear reasons for and against doing such a thing.
>>
>> for: thorough lists, can find some good directories
>>
>> against: even their short list is pretty hefty, and generates a ton of
>> requests. the long list? takes way too long to run against a single
>> host.
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://www.cirt.net     |      http://www.osvdb.org/


More information about the Nikto-discuss mailing list