From sullo at cirt.net  Fri Jun 18 12:57:02 2010
From: sullo at cirt.net (Sullo)
Date: Fri, 18 Jun 2010 13:57:02 -0400
Subject: [Nikto-discuss] Nikto beta testers needed!
Message-ID: <AANLkTimdGTuR84ggTJ5AqQEO8iY46fFJTLoCxRArVsRe@mail.gmail.com>

We've just checked in code to provide some interactivity during nikto
scans, and we could use a little help testing it out, as well as some
feedback.

Interactive features:
During a scan, pressing certain keys will cause some actions, as listed below:
  (space) -- print out a progress report
  q  -- quit (same as control+c)
  d -- turn on/off debug mode
  v -- turn on/off verbose mode
  e -- turn on/off error printing
  o -- turn on/off OK printing
  a -- turn on/off authenticated resource printing
  c -- turn on/off cookie printing
  r -- turn on/off redirect printing

Obviously printing the current status is the big thing here! You'll
typically see something like this:
 - Completed: 350 tests, approximately 9% complete (in plugin Nikto Tests)

The sad part is that this is only going to work on POSIX compliant
systems with the TIme::HiRes module installed (which is standard with
perl installations >5.8). On systems without those features, it will
silently be disabled. On those systems (or on POSIX) you can also use
the "-D P" option to print out a status report on a regular basis.

So, the testing:
- Can you try this on a non-POSIX system and see if you get errors?
Can you still CONTROL+C to quit?
- Can you try this on your POSIX system and see how it works? Does it
error? Ill effects?
- Any other things we can/should do interactively?

To test, you'll need subversion and checkout the trunk repo:
  svn co  http://svn2.assembla.com/svn/Nikto_2/trunk/

Please let us know how testing goes, even if (especially if?) things work great.

Thanks!

-- 

http://www.cirt.net     |      http://www.osvdb.org/

From lokeshp at gmail.com  Fri Jun 18 14:21:55 2010
From: lokeshp at gmail.com (lokesh)
Date: Fri, 18 Jun 2010 15:21:55 -0400
Subject: [Nikto-discuss] Nikto beta testers needed!
In-Reply-To: <AANLkTimdGTuR84ggTJ5AqQEO8iY46fFJTLoCxRArVsRe@mail.gmail.com>
References: <AANLkTimdGTuR84ggTJ5AqQEO8iY46fFJTLoCxRArVsRe@mail.gmail.com>
Message-ID: <AANLkTikiDJAUTHB9Q7EAxv7wdsCspDcwNwWFCz_fmO1E@mail.gmail.com>

Pls unsubscribe me.

On Fri, Jun 18, 2010 at 1:57 PM, Sullo <sullo at cirt.net> wrote:

> We've just checked in code to provide some interactivity during nikto
> scans, and we could use a little help testing it out, as well as some
> feedback.
>
> Interactive features:
> During a scan, pressing certain keys will cause some actions, as listed
> below:
>  (space) -- print out a progress report
>  q  -- quit (same as control+c)
>  d -- turn on/off debug mode
>  v -- turn on/off verbose mode
>  e -- turn on/off error printing
>  o -- turn on/off OK printing
>  a -- turn on/off authenticated resource printing
>  c -- turn on/off cookie printing
>  r -- turn on/off redirect printing
>
> Obviously printing the current status is the big thing here! You'll
> typically see something like this:
>  - Completed: 350 tests, approximately 9% complete (in plugin Nikto Tests)
>
> The sad part is that this is only going to work on POSIX compliant
> systems with the TIme::HiRes module installed (which is standard with
> perl installations >5.8). On systems without those features, it will
> silently be disabled. On those systems (or on POSIX) you can also use
> the "-D P" option to print out a status report on a regular basis.
>
> So, the testing:
> - Can you try this on a non-POSIX system and see if you get errors?
> Can you still CONTROL+C to quit?
> - Can you try this on your POSIX system and see how it works? Does it
> error? Ill effects?
> - Any other things we can/should do interactively?
>
> To test, you'll need subversion and checkout the trunk repo:
>  svn co  http://svn2.assembla.com/svn/Nikto_2/trunk/
>
> Please let us know how testing goes, even if (especially if?) things work
> great.
>
> Thanks!
>
> --
>
> http://www.cirt.net     |      http://www.osvdb.org/
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20100618/ac2e1bf8/attachment.html>

From sullo at cirt.net  Fri Jun 18 14:28:27 2010
From: sullo at cirt.net (Sullo)
Date: Fri, 18 Jun 2010 15:28:27 -0400
Subject: [Nikto-discuss] Nikto beta testers needed!
In-Reply-To: <AANLkTikiDJAUTHB9Q7EAxv7wdsCspDcwNwWFCz_fmO1E@mail.gmail.com>
References: <AANLkTimdGTuR84ggTJ5AqQEO8iY46fFJTLoCxRArVsRe@mail.gmail.com> 
	<AANLkTikiDJAUTHB9Q7EAxv7wdsCspDcwNwWFCz_fmO1E@mail.gmail.com>
Message-ID: <AANLkTimYeT52lSn0TrU65O2FuuRz9sTZR5zdaWvPW9HY@mail.gmail.com>

On Fri, Jun 18, 2010 at 3:21 PM, lokesh <lokeshp at gmail.com> wrote:
> Pls unsubscribe me.


Please see this link, which is on the bottom of every message:
https://attrition.org/mailman/listinfo/nikto-discuss

It has a field/form you can use to unsubscribe.


-- 

http://www.cirt.net     |      http://www.osvdb.org/

From wkwang at cisco.com  Thu Jun 24 13:05:17 2010
From: wkwang at cisco.com (Peter Wang)
Date: Thu, 24 Jun 2010 14:05:17 -0400
Subject: [Nikto-discuss] FW: XML report file change in 2.1.1
In-Reply-To: <C8490DA5.11790%wkwang@cisco.com>
Message-ID: <C849169D.117A2%wkwang@cisco.com>

Re-send to right email alias.

------ Forwarded Message

Hi all,

I noticed that there has been some changes introduced for XML report file
format in Nikto 2.1.1.  In 2.03, scandetails element contains two
attributes: itemstested and itemsfound. They have been moved a new element
<statistics/>. We have written a script in parsing Nikto XML report file for
result. This change broke our script in parsing Nikto XML result file. So I
want to understand what else change was introduced in Nikto 2.1.1 for XML
report. Is there any Scheme or DTD file for reference?

Thanks,
Peter
------ End of Forwarded Message

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20100624/06245d56/attachment.html>

From dave at cirt.net  Fri Jun 25 02:08:37 2010
From: dave at cirt.net (David Lodge)
Date: Fri, 25 Jun 2010 08:08:37 +0100
Subject: [Nikto-discuss] FW: XML report file change in 2.1.1
In-Reply-To: <C849169D.117A2%wkwang@cisco.com>
References: <C849169D.117A2%wkwang@cisco.com>
Message-ID: <op.veugsn10eh0gei@asgard.cable.virginmedia.net>

On Thu, 24 Jun 2010 19:05:17 +0100, Peter Wang <wkwang at cisco.com> wrote:
> I noticed that there has been some changes introduced for XML report file
> format in Nikto 2.1.1.  In 2.03, scandetails element contains two
> attributes: itemstested and itemsfound. They have been moved a new  
> element
> <statistics/>. We have written a script in parsing Nikto XML report file  
> for
> result. This change broke our script in parsing Nikto XML result file.  
> So I
> want to understand what else change was introduced in Nikto 2.1.1 for XML
> report. Is there any Scheme or DTD file for reference?

Unfortunately we had to make some changes to how the XML schema worked  
(as, since 2.1.1, we generate the XML on the fly, rather than waiting  
until the end, meaning you can cancel the scan halfway through and still  
get an output).

The major changes have been:
* Move itemstested, itemsfound, elapsed, hoststotal, endtime to a new  
element <statistics>, this may be found as a child of <niktoscan> and  
<scandetails>
* New attribute nxmlversion to say the version of Nikto XML being used  
(currently 1.1)
* Added an optional <ssl> element as a child of <scandetails> to include  
ssl details (this is for trunk/2.1.2, so hasn't been released yet).

The dtd can be found inside docs/nikto.dtd.

dave

From jabra at spl0it.org  Fri Jun 25 10:19:43 2010
From: jabra at spl0it.org (Jabra)
Date: Fri, 25 Jun 2010 11:19:43 -0400
Subject: [Nikto-discuss] FW: XML report file change in 2.1.1
In-Reply-To: <op.veugsn10eh0gei@asgard.cable.virginmedia.net>
References: <C849169D.117A2%wkwang@cisco.com>
	<op.veugsn10eh0gei@asgard.cable.virginmedia.net>
Message-ID: <20100625151943.GD30771@navi.v2s.org>

I plan to update Nikto::Parser
( http://search.cpan.org/~jabra/Nikto-Parser-0.01/ ) once the new
stable version is released.

This should be helpful for anyone that wants to extract data from
the XML reports.

Regards,
Jabra

On 25.Jun.2010 08:08AM +0100, David Lodge wrote:
> On Thu, 24 Jun 2010 19:05:17 +0100, Peter Wang <wkwang at cisco.com> wrote:
>> I noticed that there has been some changes introduced for XML report file
>> format in Nikto 2.1.1.  In 2.03, scandetails element contains two
>> attributes: itemstested and itemsfound. They have been moved a new element
>> <statistics/>. We have written a script in parsing Nikto XML report file 
>> for
>> result. This change broke our script in parsing Nikto XML result file. So 
>> I
>> want to understand what else change was introduced in Nikto 2.1.1 for XML
>> report. Is there any Scheme or DTD file for reference?
>
> Unfortunately we had to make some changes to how the XML schema worked (as, 
> since 2.1.1, we generate the XML on the fly, rather than waiting until the 
> end, meaning you can cancel the scan halfway through and still get an 
> output).
>
> The major changes have been:
> * Move itemstested, itemsfound, elapsed, hoststotal, endtime to a new 
> element <statistics>, this may be found as a child of <niktoscan> and 
> <scandetails>
> * New attribute nxmlversion to say the version of Nikto XML being used 
> (currently 1.1)
> * Added an optional <ssl> element as a child of <scandetails> to include 
> ssl details (this is for trunk/2.1.2, so hasn't been released yet).
>
> The dtd can be found inside docs/nikto.dtd.
>
> dave
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

-- 
Jabra < jabra at spl0it.org >
http://www.spl0it.org

From csullo at gmail.com  Fri Jun 25 10:25:38 2010
From: csullo at gmail.com (Sullo)
Date: Fri, 25 Jun 2010 11:25:38 -0400
Subject: [Nikto-discuss] FW: XML report file change in 2.1.1
In-Reply-To: <20100625151943.GD30771@navi.v2s.org>
References: <C849169D.117A2%wkwang@cisco.com>
	<op.veugsn10eh0gei@asgard.cable.virginmedia.net> 
	<20100625151943.GD30771@navi.v2s.org>
Message-ID: <AANLkTimbDddg3qp1-9RzEEQy8IN16F5LjJDdRjbCIgPL@mail.gmail.com>

The current XML report is also missing an element, but it looks like
it is already in the DTD:
 http://trac2.assembla.com/Nikto_2/ticket/160

This is one of the last bugs to fix before the next release.

On Fri, Jun 25, 2010 at 11:19 AM, Jabra <jabra at spl0it.org> wrote:
> I plan to update Nikto::Parser
> ( http://search.cpan.org/~jabra/Nikto-Parser-0.01/ ) once the new
> stable version is released.
>
> This should be helpful for anyone that wants to extract data from
> the XML reports.
>
> Regards,
> Jabra
>
> On 25.Jun.2010 08:08AM +0100, David Lodge wrote:
>> On Thu, 24 Jun 2010 19:05:17 +0100, Peter Wang <wkwang at cisco.com> wrote:
>>> I noticed that there has been some changes introduced for XML report file
>>> format in Nikto 2.1.1. ?In 2.03, scandetails element contains two
>>> attributes: itemstested and itemsfound. They have been moved a new element
>>> <statistics/>. We have written a script in parsing Nikto XML report file
>>> for
>>> result. This change broke our script in parsing Nikto XML result file. So
>>> I
>>> want to understand what else change was introduced in Nikto 2.1.1 for XML
>>> report. Is there any Scheme or DTD file for reference?
>>
>> Unfortunately we had to make some changes to how the XML schema worked (as,
>> since 2.1.1, we generate the XML on the fly, rather than waiting until the
>> end, meaning you can cancel the scan halfway through and still get an
>> output).
>>
>> The major changes have been:
>> * Move itemstested, itemsfound, elapsed, hoststotal, endtime to a new
>> element <statistics>, this may be found as a child of <niktoscan> and
>> <scandetails>
>> * New attribute nxmlversion to say the version of Nikto XML being used
>> (currently 1.1)
>> * Added an optional <ssl> element as a child of <scandetails> to include
>> ssl details (this is for trunk/2.1.2, so hasn't been released yet).
>>
>> The dtd can be found inside docs/nikto.dtd.
>>
>> dave
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>
> --
> Jabra < jabra at spl0it.org >
> http://www.spl0it.org
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://www.cirt.net     |      http://www.osvdb.org/