[Nikto-discuss] Nikto Not Finding Webserver

Thu Jan 15 18:23:31 UTC 2009

On Thu, Jan 15, 2009 at 9:05 AM, maddaemon at gmail.com
<maddaemon at gmail.com> wrote:
> On Thu, Jan 15, 2009 at 4:43 AM, David Lodge <dave at cirt.net> wrote:
>> On Wed, 14 Jan 2009 21:25:46 -0000, maddaemon at gmail.com
>> <maddaemon at gmail.com> wrote:
>> [results from a direct connection]
>>>> Headers show the following (using both 80 & 443)
>>>>
>>>> HTTP/1.1 301 Moved Permanently
>>>> Date: Wed, 14 Jan 2009 21:16:02 GMT
>>>> Server: Apache
>>>> Location: https://tracker.mydomain.tld
>>>> Connection: close
>>>> Content-Type: text/html; charset=iso-8859-1
>>
>> And that'll be the problem; the code from nikto does:
>>     if (defined $result{'whisker'}{'data'} && $result{'whisker'}->{'data'}
>> =~ /speaking plain HTTP to an SSL/)
>>
>> Of course, the 301 doesn't return any data so it doesn't think that it's a
>> valid port. Looks like we have a bug, but I'm not 100% certain of how to
>> fix it; maybe we should check for error code, then check the appropriate
>> header (e.g. in this case Location).
>>
>> Could you do me a favour and got to
>> http://trac2.assembla.com/Nikto_2/newticket and raise a ticket for me so
>> that I don't lose track of what I'm doing (you don't need an assembla
>> account to raise a ticket, though you won't be able to track it
>> automagically if you don't).
>
> I'll do that as soon as I get to work.  Should I let you know what the
> ticket number (if any) is?
>

Just a quick follow-up on this, I tried doing a scan on some public
sites, and I keep getting the same error:

MadDaemon at darkhorse [~]# nikto -h www.microsoft.com -D d
- Nikto v2.03/2.04
---------------------------------------------------------------------------
D:Thu Jan 15 12:48:25 2009 - Target
id:1:ident:www.microsoft.com:ports_in:80:vhost:=:
D:Thu Jan 15 12:48:25 2009 - Target id:1:ident:www.microsoft.com:ports_in:80:
+ No web server found on 207.46.193.254:80
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -h www.microsoft.com -D d
---------------------------------------------------------------------------
D:Thu Jan 15 12:48:26 2009 T:Thu Jan 15 12:48:26 2009: Ending
MadDaemon at darkhorse [~]# nikto -h www.oracle.com -D d
- Nikto v2.03/2.04
---------------------------------------------------------------------------
D:Thu Jan 15 12:51:06 2009 - Target
id:1:ident:www.oracle.com:ports_in:80:vhost:=:
D:Thu Jan 15 12:51:06 2009 - Target id:1:ident:www.oracle.com:ports_in:80:
+ No web server found on 141.146.8.66:80
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -h www.oracle.com -D d
---------------------------------------------------------------------------
D:Thu Jan 15 12:51:07 2009 T:Thu Jan 15 12:51:07 2009: Ending
MadDaemon at darkhorse [~]# nikto -h www.freebsd.org -D d
- Nikto v2.03/2.04
---------------------------------------------------------------------------
D:Thu Jan 15 12:51:59 2009 - Target
id:1:ident:www.freebsd.org:ports_in:80:vhost:=:
D:Thu Jan 15 12:51:59 2009 - Target id:1:ident:www.freebsd.org:ports_in:80:
+ No web server found on 69.147.83.33:80
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -h www.freebsd.org -D d
---------------------------------------------------------------------------
D:Thu Jan 15 12:51:59 2009 T:Thu Jan 15 12:51:59 2009: Ending