[Nikto-discuss] Conditional execution of plugins

Frank Breedijk FBreedijk at schubergphilis.com
Fri Sep 19 08:48:51 UTC 2008


I indeed also rather have false positives marked then filtered out or have this behavior selectable.

In the output this would be a criteria to group on, e.g. first have the real sure ones then the potential false positives.

Frank Breedijk
..-. .-. .- -. -.-
T: +31 (0)20-7506500 E: fbreedijk at schubergphilis.com W: www.schubergphilis.com

> -----Original Message-----
> From: nikto-discuss-bounces at attrition.org [mailto:nikto-discuss-
> bounces at attrition.org] On Behalf Of David Lodge
> Sent: 18 September 2008 20:16
> To: nikto-discuss at attrition.org
> Subject: [Nikto-discuss] Conditional execution of plugins
>
> Just trying to get some feelers out.
>
> I'm going to be working on the plugin architecture over the next couple
> of
> weekends. Whilst planning this it occured to me that it may be
> beneficial
> to allow a plugin to be executed conditionally, e.g. if server !=
> Apache
> then don't run nikto_apacheusers.plugin.
>
> The advantage to this is that we cut down the amount of time spent
> running
> and potentially cut down on false positives. The disadvantage is that
> we
> may have some false negatives if a web server is vulnerable to another
> web
> server's faults.
>
> Or, we could compromise and run the plugins, but comment that it may be
> a
> false positive.
>
> Personally, I'd rather have false positives and be notified about them
> than miss items that may compromise a server.
>
> Thoughts? Opinions?
>
> dave
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss


More information about the Nikto-discuss mailing list