[Nikto-discuss] Unwanted authentication brute-force

[Sullo]

There was actually a bug in the auth guessing stuff that may have caused the
high number of attempts--I just fixed it a few nights ago in the trunk
version. It should be ~300 per directory (or per realm in the trunk
version).

You can disable plugins using -Plugins, such as:
-Plugins "@@DEFAULT;-auth"

That should run all the default ones except the auth testing.

See this page for more info: https://cirt.net/nikto2-docs/options.html

-Sullo

On Wed, Dec 8, 2010 at 4:50 AM, Chris Thomas <chris at mediumcool.net> wrote:

>
> Hi,
>
> I'm using Nikto 2.1.3 on Windows XP.
>
> When Nikto attempts to GET the page /bandwidth/index.cgi on the server I'm
> testing it recieves the response '401 Requires Authorization'. Nikto then
> appears to enter a loop repeatledly GETing /bandwidth/index.cgi which
> quickly trips my client's IDS and gets me blacklisted.
>
> I've done some test on my own web server using Nikto debugging and it
> appears Nikto is trying to brute-force authentication, making around 700
> request for /bandwidth/index.cgi with various credentials before it moves on
> to the next test.
>
> The command I'm running is:
> nikto.pl -h 172.16.20.17 -T 1 -D D > debug.txt
>
> I could get myself whitelisted, but I really don't want to be trying to
> brute-force authentication.
>
> I see there are various options for controlling plugins and tests but I've
> had a look at the code, db_tests etc., but it's hard to get a handle on
> what's actually being run.
>
> Any suggestions?
>
> Thanks.
>
> Chris
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://www.cirt.net     |      http://www.osvdb.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20101208/9614effd/attachment.html>