[Nikto-discuss] Recent changes in trunk
David Lodge
dave at cirt.net
Mon Aug 3 17:16:36 UTC 2009
On Mon, 03 Aug 2009 17:16:39 +0100, Sullo <csullo at gmail.com> wrote:
> Regarding the ports, what will happen if someone puts in "8000-9000" as
> ports--will it error, or it will it assign all of them as 'marks' and
> simply
> try them (which would likely be slow as hell)? I ask only because of
> backward compatibility issues, and it may be worth noting this in the
> docs
> (outside the changelog).
Good point, originally it'd have barfed on it. I've just added a basic
patch to allow port ranges (e.g. -80, 80-90 65530-) But no warnings for
stupidity, e.g. - will check all 65536 ports! I may put a quick warning
in, e.g. if more that 100 ports, tell them that they may want to use a
port scanner first!
> Regarding reporting:
>> Though, it will not write host and file closing statements on HTML or
>> XML
>> types.
> This is why it was originally queued, though I didn't much like it
> (version
> 1.x of nikto did it in "real time," but 2.0 introduced the templates).
> This
> is probably better--good call.
I've just put in a basic signal handler for SIGINT (CTRL+C) that'll close
reporting nicely.
I put this in as I was on a test, testing lots of dodgy IIS web servers
and getting annoyed that I couldn't break out nikto and keep my output at
the same time without messing around with stdout (which then meant I
couldn't see the results until after the scan had finished).
dave
More information about the Nikto-discuss
mailing list