[Nikto-discuss] Using DirBuster lists

[Thomas Raef]

What did your udb_tests file look like? How was it formatted to allow
the tests?

 

Was it successful? Did it slow down the scan too much?

 

How was it implemented?

 

Thank you.

 

From: Jason Leyrer [mailto:jleyrer at gmail.com] 
Sent: Friday, December 19, 2008 4:32 PM
To: Thomas Raef
Cc: security curmudgeon; nikto-discuss at attrition.org
Subject: Re: [Nikto-discuss] Using DirBuster lists

 

Thomas-

I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did
this so I could run multiple checks per directory, i.e. does it exist?,
is it indexable?, etc.





On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <traef at ebasedsecurity.com>
wrote:

Next question, where would I put this list. I would probably parse it
down to reduce the number of requests, but where would I put such a
list?

Would config.txt allow me to specify a file to check?

Thank you for your guidance.


> -----Original Message-----
> From: security curmudgeon [mailto:jericho at attrition.org]
> Sent: Friday, December 19, 2008 3:13 PM
> To: Thomas Raef
> Cc: nikto-discuss at attrition.org
> Subject: Re: [Nikto-discuss] Using DirBuster lists
>
>
> : I was looking at including the list of directory names to check by
> : including the lists from OWASP's DirBuster project.
> :
> : I'd like to hear reasons for and against doing such a thing.
>
> for: thorough lists, can find some good directories
>
> against: even their short list is pretty hefty, and generates a ton of
> requests. the long list? takes way too long to run against a single
> host.

_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org
https://attrition.org/mailman/listinfo/nikto-discuss

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20081220/ec6b72e0/attachment.html