From jabra at spl0it.org  Mon May  5 23:50:39 2008
From: jabra at spl0it.org (Jabra)
Date: Mon, 5 May 2008 19:50:39 -0400
Subject: [Nikto-discuss] Code style / perltidy
Message-ID: <20080505235039.GA5922@navi.v2s.org>

Hey guys,

I have been looking at many parts of the Nikto codebase and much
of the code styles are inconsistent. I'm curious if anyone would
object to me running perltidy with the .perltidyrc from the Perl
Best Practices book.

This would make the code consistent with a standard way that code
should look. I have attached the .perltidyrc if anyone doesn't
already have it. 

Regards,
Jabra
-- 
Jabra < jabra at spl0it.org >
http://www.spl0it.org
-------------- next part --------------
--quiet

-l=78   
# Max line width is 78 cols

-i=4    
# Indent level is 4 cols

-ci=4   
# Continuation indent is 4 cols

-st     
# Output to STDOUT

-se     
# Errors to STDERR

-vt=2   
# Maximal vertical tightness

-cti=0  
# No extra indentation for closing brackets

-pt=1   
# Medium parenthesis tightness

-bt=1   
# Medium brace tightness

-sbt=1  
# Medium square bracket tightness

-bbt=1  
# Medium block brace tightness

-nsfs   
# No space before semicolons

-nolq   
# Don't outdent long quoted strings

-wbb="% + - * / x != == >= <= =~ !~ < > | & >= < = **= += *= &= <<= &&= -= /= |= >>= ||= .= %= ^= x="
# Break before all operators

From dave at cirt.net  Tue May  6 11:47:38 2008
From: dave at cirt.net (David Lodge)
Date: Tue,  6 May 2008 07:47:38 -0400
Subject: [Nikto-discuss] Code style / perltidy
In-Reply-To: <20080505235039.GA5922@navi.v2s.org>
References: <20080505235039.GA5922@navi.v2s.org>
Message-ID: <20080506074738.e042ls41wkw08k0w@webmail.sullo.com>

Quoting Jabra <jabra at spl0it.org>:
> I have been looking at many parts of the Nikto codebase and much
> of the code styles are inconsistent. I'm curious if anyone would
> object to me running perltidy with the .perltidyrc from the Perl
> Best Practices book.

I've got no problems with this, one of the problems with Nikto's  
codebase is that evolved over time with Sullo being the only  
maintainer. This was fine when it was just him, but probably isn't  
appropriate any more.

The only concerns I have with things like lint and perltidy etc is to  
ensure that an appropriate test plan is ready for afterwards, just to  
ensure that nowt has changed in the input and output.

Though if this means that the code ends up in the K&R indentation  
style, then I reserve the right to whinge.

dave

From kingthorin at gmail.com  Thu May  8 12:42:27 2008
From: kingthorin at gmail.com (Thorin Oakenshield)
Date: Thu, 8 May 2008 08:42:27 -0400
Subject: [Nikto-discuss] Port Range Scanning Broken?
In-Reply-To: <cea583440804081205o61c7b56fjbea8119b1209af1c@mail.gmail.com>
References: <cea583440804081205o61c7b56fjbea8119b1209af1c@mail.gmail.com>
Message-ID: <cea583440805080542r2f8cdc35h16e2aba8c254a482@mail.gmail.com>

Thanks for the update Sullo.

Sullo wrote:

> Since most of you aren't members of Assembla, and the update is going to
> require a new packaging of Nikto (since it's in a place that the
> auto-updater can't currently handle), I wanted to let you know that a
> patch from deity is available if this functionality is critical and not
> working for you:
>
> Trac bug info: https://trac2.assembla.com/Nikto_2/ticket/23
> Patch info: https://trac2.assembla.com/Nikto_2/changeset/29
>
> Much thanks to Thorin for reporting & deity for fixing.
> -Sullo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080508/47a4dbe9/attachment.html 

From jleyrer at gmail.com  Tue May 13 12:51:06 2008
From: jleyrer at gmail.com (Jason Leyrer)
Date: Tue, 13 May 2008 07:51:06 -0500
Subject: [Nikto-discuss] Scan Database Field Documentation Error
Message-ID: <bc22a1a0805130551m2c797ac7o1e44454019e6a632@mail.gmail.com>

I came across an inaccuracy in Nikto 2's documentation that makes
writing/modifying tests pretty confusing. In the documentation, the "Match 1
(AND)" and "Match 1 (OR)" scan db fields follow the "Match 1" field, in that
order. However, the set_scan_items subroutine that loads the checks uses
them in the opposite order. In other words, in my user-defined tests I was
trying to match responses for either of two strings but was instead
searching for both, causing my checks to fail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080513/c63f9dfc/attachment.html 

From jaipal_201 at yahoo.com  Fri May 23 06:08:04 2008
From: jaipal_201 at yahoo.com (pendiala jaipal)
Date: Thu, 22 May 2008 23:08:04 -0700 (PDT)
Subject: [Nikto-discuss] missing man page for Nikto-2.02
Message-ID: <469201.96347.qm@web56809.mail.re3.yahoo.com>

Hi All,

I am trying to package Nikto-2.02 on HPUX . This source code does not contain the  man page( nikto-2.02.man)  for nikto-2.02. Can you please tell where can i get the man page for Nikto-2.02.

Thanks in Advance,
Jaipal Reddy.

       
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080523/b9fe6838/attachment.html 

From jabra at spl0it.org  Fri May 23 06:40:58 2008
From: jabra at spl0it.org (Jabra)
Date: Fri, 23 May 2008 02:40:58 -0400
Subject: [Nikto-discuss] missing man page for Nikto-2.02
In-Reply-To: <469201.96347.qm@web56809.mail.re3.yahoo.com>
References: <469201.96347.qm@web56809.mail.re3.yahoo.com>
Message-ID: <20080523064058.GA22444@navi.v2s.org>

Currently, there is no man page. 

The documentation for Nikto can be found at:
http://cirt.net/nikto2-docs/

The docbook XML can be found at:
http://svn2.assembla.com/svn/Nikto_2/documentation/doc.xml

Regards,
Jabra

On 22.May.2008 11:08PM -0700, pendiala jaipal wrote:
> Hi All,
> 
> I am trying to package Nikto-2.02 on HPUX . This source code does not contain the  man page( nikto-2.02.man)  for nikto-2.02. Can you please tell where can i get the man page for Nikto-2.02.
> 
> Thanks in Advance,
> Jaipal Reddy.
> 
>        
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss


-- 
Jabra < jabra at spl0it.org >
http://www.spl0it.org

From fenix_m4a1 at hotmail.com  Thu May 29 01:44:40 2008
From: fenix_m4a1 at hotmail.com (ale garcia)
Date: Wed, 28 May 2008 22:44:40 -0300
Subject: [Nikto-discuss] Nikto proxy support
Message-ID: <BLU143-W4BB1A688F41DDBCABB7E9E5BF0@phx.gbl>

Hey, I was wondering what happens in the scanning process when the configured proxy is unreached (for example, because it is down at the moment)? I believe the correct procedure of work would be stop the scan before it starts, but I have tested with fake proxy data and it seems to scan even when the proxy doesn't exists.
This is what i'm doing:


config.txt:

# PROXY STUFF
###############
PROXYHOST=196.40.20.82
PROXYPORT=80
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword


commandline:

$ perl nikto.pl -h xxx.xxx.xxx.xxx -u

(Obviously where xxx.xxx.xxx.xxx is the IP address I want to scan.)


Thanks a lot.
caminante.

_________________________________________________________________
?Aburrido? Ingres? ya y divertite como nunca en MSN Juegos.
http://juegos.ar.msn.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/nikto-discuss/attachments/20080528/c564abee/attachment.html