[Nikto-discuss] Suggestion about scanning selection.

Sullo csullo at gmail.com
Sat Oct 2 06:47:08 CDT 2010


This is a good suggestion in theory and would be trivial to implement *if*
we had the data for when a vulnerability was originally published.

For any vulnerability which has an associated OSVDB ID (which is many, but
not all--a quick grep says ~1400 don't have IDs), we could get the data. But
even then, generic entires such as /admin/ would not have an associated
date.

In any case, we could probably work around generic entries if we had the
data. Anyone who wants to match up all those tests w/o OSVDB IDs is very
welcome to!


On Fri, Oct 1, 2010 at 5:30 PM, Matt ~ <aereal at gmail.com> wrote:

> Hello Nikto community, I'm new at this mailist (don't know why I wasn't on
> the mailist before since I always used nikto), so if my suggestion has been
> already made or has been improved on an svn my apologies.
> Sometimes I find myself scanning with nikto to websites I know there are
> not going to be old vulnerabilities, so my suggestion is if it will be
> possible to select a range of years where vulnerabilities where released.
>
> Example:
> ./nikto.pl -h www.site.com -vulndb 2005-2010 [test again vulnerabilities
> reported between 2005 and 2010]
>
> ./nikto.pl -h www.site.com -vulndb 2010 [just scan using vulnerabilities
> reported this year]
>
> I don't know if I made my point, thanks for reading.
> --
> Atte:
> Matías Aereal Aeón
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 

http://www.cirt.net     |      http://www.osvdb.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20101002/46fda0c3/attachment-0001.html>


More information about the Nikto-discuss mailing list