[Nikto-discuss] Conditional execution of plugins
David Lodge
dave at cirt.net
Thu Sep 18 18:15:59 UTC 2008
Just trying to get some feelers out.
I'm going to be working on the plugin architecture over the next couple of
weekends. Whilst planning this it occured to me that it may be beneficial
to allow a plugin to be executed conditionally, e.g. if server != Apache
then don't run nikto_apacheusers.plugin.
The advantage to this is that we cut down the amount of time spent running
and potentially cut down on false positives. The disadvantage is that we
may have some false negatives if a web server is vulnerable to another web
server's faults.
Or, we could compromise and run the plugins, but comment that it may be a
false positive.
Personally, I'd rather have false positives and be notified about them
than miss items that may compromise a server.
Thoughts? Opinions?
dave
More information about the Nikto-discuss
mailing list