[Nikto-discuss] Nikto Not Finding Webserver
David Lodge
dave at cirt.net
Thu Jan 15 09:43:33 UTC 2009
On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com
<maddaemon at gmail.com> wrote:
[results from a direct connection]
>> Headers show the following (using both 80 & 443)
>>
>> HTTP/1.1 301 Moved Permanently
>> Date: Wed, 14 Jan 2009 21:16:02 GMT
>> Server: Apache
>> Location: https://tracker.mydomain.tld
>> Connection: close
>> Content-Type: text/html; charset=iso-8859-1
And that'll be the problem; the code from nikto does:
if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'}
=~ /speaking plain HTTP to an SSL/)
Of course, the 301 doesn't return any data so it doesn't think that it's a
valid port. Looks like we have a bug, but I'm not 100% certain of how to
fix it; maybe we should check for error code, then check the appropriate
header (e.g. in this case Location).
Could you do me a favour and got to
http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so
that I don't lose track of what I'm doing (you don't need an assembla
account to raise a ticket, though you won't be able to track it
automagically if you don't).
dave
More information about the Nikto-discuss
mailing list