From aereal at gmail.com Fri Oct 1 16:30:55 2010 From: aereal at gmail.com (Matt ~) Date: Fri, 1 Oct 2010 18:30:55 -0300 Subject: [Nikto-discuss] Suggestion about scanning selection. Message-ID: Hello Nikto community, I'm new at this mailist (don't know why I wasn't on the mailist before since I always used nikto), so if my suggestion has been already made or has been improved on an svn my apologies. Sometimes I find myself scanning with nikto to websites I know there are not going to be old vulnerabilities, so my suggestion is if it will be possible to select a range of years where vulnerabilities where released. Example: ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities reported between 2005 and 2010] ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities reported this year] I don't know if I made my point, thanks for reading. -- Atte: Mat?as Aereal Ae?n -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Sat Oct 2 06:47:08 2010 From: csullo at gmail.com (Sullo) Date: Sat, 2 Oct 2010 07:47:08 -0400 Subject: [Nikto-discuss] Suggestion about scanning selection. In-Reply-To: References: Message-ID: This is a good suggestion in theory and would be trivial to implement *if* we had the data for when a vulnerability was originally published. For any vulnerability which has an associated OSVDB ID (which is many, but not all--a quick grep says ~1400 don't have IDs), we could get the data. But even then, generic entires such as /admin/ would not have an associated date. In any case, we could probably work around generic entries if we had the data. Anyone who wants to match up all those tests w/o OSVDB IDs is very welcome to! On Fri, Oct 1, 2010 at 5:30 PM, Matt ~ wrote: > Hello Nikto community, I'm new at this mailist (don't know why I wasn't on > the mailist before since I always used nikto), so if my suggestion has been > already made or has been improved on an svn my apologies. > Sometimes I find myself scanning with nikto to websites I know there are > not going to be old vulnerabilities, so my suggestion is if it will be > possible to select a range of years where vulnerabilities where released. > > Example: > ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities > reported between 2005 and 2010] > > ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities > reported this year] > > I don't know if I made my point, thanks for reading. > -- > Atte: > Mat?as Aereal Ae?n > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net | http://www.osvdb.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From aereal at gmail.com Sat Oct 2 17:22:31 2010 From: aereal at gmail.com (Matt ~) Date: Sat, 2 Oct 2010 19:22:31 -0300 Subject: [Nikto-discuss] Suggestion about scanning selection. In-Reply-To: References:

Message-ID: In that case, the user will be able to match the ones that have an associated OSVDB ID and the rest (1400 w/o IDs) will always get tested too until they get their original OSVDB ID. On Sat, Oct 2, 2010 at 8:47 AM, Sullo wrote: > This is a good suggestion in theory and would be trivial to implement *if* > we had the data for when a vulnerability was originally published. > > For any vulnerability which has an associated OSVDB ID (which is many, but > not all--a quick grep says ~1400 don't have IDs), we could get the data. But > even then, generic entires such as /admin/ would not have an associated > date. > > In any case, we could probably work around generic entries if we had the > data. Anyone who wants to match up all those tests w/o OSVDB IDs is very > welcome to! > > > On Fri, Oct 1, 2010 at 5:30 PM, Matt ~ wrote: > >> Hello Nikto community, I'm new at this mailist (don't know why I wasn't on >> the mailist before since I always used nikto), so if my suggestion has been >> already made or has been improved on an svn my apologies. >> Sometimes I find myself scanning with nikto to websites I know there are >> not going to be old vulnerabilities, so my suggestion is if it will be >> possible to select a range of years where vulnerabilities where released. >> >> Example: >> ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities >> reported between 2005 and 2010] >> >> ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities >> reported this year] >> >> I don't know if I made my point, thanks for reading. >> -- >> Atte: >> Mat?as Aereal Ae?n >> >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss >> >> > > > -- > > http://www.cirt.net | http://www.osvdb.org/ > -- Atte: Mat?as Aereal Ae?n -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at yehg.net Sat Oct 9 03:59:43 2010 From: lists at yehg.net (YGN Ethical Hacker Group) Date: Sat, 9 Oct 2010 16:59:43 +0800 Subject: [Nikto-discuss] hi from yehg Message-ID: Hello everyone in the list We're from yehg.net. We'd like to join the list and hopefully we can contribute something to our favorite Nikto. Next year, Nikto will have 10 years anniversary. Best regards YEHG