[Nikto-discuss] Using DirBuster lists

Jason Leyrer jleyrer at gmail.com
Fri Dec 19 22:32:24 UTC 2008


Thomas-

I've done something similar to this in the past, in which I generated a
udb_tests file from a list of directories I wanted to look for. I did this
so I could run multiple checks per directory, i.e. does it exist?, is it
indexable?, etc.




On Fri, Dec 19, 2008 at 4:15 PM, Thomas Raef <traef at ebasedsecurity.com>wrote:

> Next question, where would I put this list. I would probably parse it
> down to reduce the number of requests, but where would I put such a
> list?
>
> Would config.txt allow me to specify a file to check?
>
> Thank you for your guidance.
>
> > -----Original Message-----
> > From: security curmudgeon [mailto:jericho at attrition.org]
> > Sent: Friday, December 19, 2008 3:13 PM
> > To: Thomas Raef
> > Cc: nikto-discuss at attrition.org
> > Subject: Re: [Nikto-discuss] Using DirBuster lists
> >
> >
> > : I was looking at including the list of directory names to check by
> > : including the lists from OWASP's DirBuster project.
> > :
> > : I'd like to hear reasons for and against doing such a thing.
> >
> > for: thorough lists, can find some good directories
> >
> > against: even their short list is pretty hefty, and generates a ton of
> > requests. the long list? takes way too long to run against a single
> > host.
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20081219/1315ed9f/attachment-0001.html 


More information about the Nikto-discuss mailing list