From martinmickael at free.fr Mon May 2 09:01:18 2011 From: martinmickael at free.fr (martinmickael at free.fr) Date: Mon, 2 May 2011 16:01:18 +0200 (CEST) Subject: [Nikto-discuss] an issue with OSVDB-10902 In-Reply-To: <1157230237.1591061304344635262.JavaMail.root@zimbra20-e3.priv.proxad.net> Message-ID: <410407372.1592331304344878141.JavaMail.root@zimbra20-e3.priv.proxad.net> Hi all, I'm a new user of Nikto. I like this software for his simplicity, so big thank you to developers. But I have an issue (or maybe my error) : I make : perl nikto.pl -h http://172.31.4.200 and I obtain "OSVDB-10902: /cgi-bin/nbmember.cgi?cmd=list_all_users: Netbilling ndmember.cgi reveals sensitive information.". I haven't the cgi script ndmember on my web server. My cgi-bin directory exits but is empty ! No I don't understand why Nikto display this information. Some informations : An vim return by nikto : Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 uname -a : Linux debian 2.6.26-2-amd64 perl nikto.pl -Version : --------------------------------------------------------------------------- Nikto Versions --------------------------------------------------------------------------- File Version Last Mod ----------------------------- -------- ---------- Nikto main 2.1.4 LibWhisker 2.5 db_404_strings 2.003 2011-02-19 db_content_search 2.000 2011-02-19 db_embedded 2.004 2011-02-19 db_favicon 2.006 2011-02-19 db_headers 2.007 2011-02-19 db_httpoptions 2.002 2011-02-19 db_multiple_index 2.005 2011-02-19 db_outdated 2.014 2011-02-19 db_realms 2.002 2011-02-19 db_server_msgs 2.005 2011-02-19 db_subdomains 2.005 2011-02-19 db_tests 2.017 2011-02-19 db_variables 2.003 2011-02-19 nikto_apache_expect_xss.plugin 2.03 2011-02-19 nikto_apacheusers.plugin 2.05 2011-02-19 nikto_auth.plugin 2.03 2011-02-19 nikto_cgi.plugin 2.05 2011-02-19 nikto_content_search.plugin 2.04 2011-02-19 nikto_cookies.plugin 2.01 2011-03-06 nikto_core.plugin 2.1.5 2011-02-19 nikto_core.plugin.debug 2.1.4 2011-02-19 nikto_dictionary_attack.plugin 2.03 2011-02-19 nikto_embedded.plugin 2.06 2011-02-19 nikto_favicon.plugin 2.08 2011-02-19 nikto_headers.plugin 2.09 2011-02-19 nikto_httpoptions.plugin 2.09 2011-02-19 nikto_msgs.plugin 2.06 2011-02-19 nikto_multiple_index.plugin 2.02 2011-02-19 nikto_outdated.plugin 2.08 2011-02-19 nikto_put_del_test.plugin 2.04 2011-02-19 nikto_report_csv.plugin 2.05 2011-02-19 nikto_report_html.plugin 2.05 2011-02-19 nikto_report_msf.plugin 1.00 2011-02-19 nikto_report_nbe.plugin 2.01 2011-02-19 nikto_report_text.plugin 2.05 2011-02-19 nikto_report_xml.plugin 2.05 2011-02-19 nikto_robots.plugin 2.04 2011-02-19 nikto_single.plugin 2.03 2011-02-19 nikto_ssl.plugin 2.00 2011-02-19 nikto_subdomain.plugin 2.01 2011-02-19 nikto_tests.plugin 2.03 2011-02-19 --------------------------------------------------------------------------- Module RPC::XML missing. Logging to Metasploit is disabled. Module RPC::XML::Client missing. Logging to Metasploit is disabled. SSL: Net::SSLeay 1.35 --------------------------------------------------------------------------- PS : when I re-launch Nikto after removing the directory cgi-bin of my apache2, the information disappears. From csullo at gmail.com Mon May 2 09:05:55 2011 From: csullo at gmail.com (Sullo) Date: Mon, 2 May 2011 10:05:55 -0400 Subject: [Nikto-discuss] an issue with OSVDB-10902 In-Reply-To: <410407372.1592331304344878141.JavaMail.root@zimbra20-e3.priv.proxad.net> References: <1157230237.1591061304344635262.JavaMail.root@zimbra20-e3.priv.proxad.net> <410407372.1592331304344878141.JavaMail.root@zimbra20-e3.priv.proxad.net> Message-ID: On Mon, May 2, 2011 at 10:01 AM, wrote: > I'm a new user of Nikto. I like this software for his simplicity, so big thank you to developers. > But I have an issue (or maybe my error) : > I make : ?perl nikto.pl -h http://172.31.4.200 > and I obtain "OSVDB-10902: /cgi-bin/nbmember.cgi?cmd=list_all_users: Netbilling ndmember.cgi reveals sensitive information.". > I haven't the cgi script ndmember on my web server. My cgi-bin directory exits but is empty ! > No I don't understand why Nikto display this information. It looks like this test only looks for a 200/OK response from the server, so it is likely that your site is responding with the OK message to that particular CGI. I am a little surprised that is the only one giving this issue. In any case, you should be able to safely ignore the issue. To confirm, perform a GET on that page from the command line (using wget or curl), with a proxy (burp, etc.) or with a browser plugin that allows you to see the HTTP headers, and should see the 200 OK response and no content. Assuming you don't actually see any sensitive information, it is a false positive. -Chris -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From Tristan.Lawson at infogressive.com Fri May 27 12:58:15 2011 From: Tristan.Lawson at infogressive.com (Tristan Lawson) Date: Fri, 27 May 2011 12:58:15 -0500 Subject: [Nikto-discuss] multi port, multi server scanning Message-ID: <0B3C441220CB76478711EA030584A61BDB32072F86@JIF.infogressive.local> Good day fellow nikto users, I am in need of some assistance, I have been trying to get nikto to accept a list of servers to scan on port 80 and it works until it gets to about 15 servers and then it quits. It doesn't matter if I use a provided list or use nmap live output, it does not work. I have also tried tweaking global perl settings involved in allocation of memory and processing time, and it has made no difference. The system is an intel core 2 duo with 3 GB of DDR2 RAM. Any help or advise would be very appreciated. Thanks Tristan Lawson | Senior Information Security Consultant CISSP, OSCP, C|EH, E|CSA, C|HFI, GWAPT, GCIH, GISP, GSEC FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+ Office: 402-261-0123 x101 | Email: tristan.lawson at infogressive.com Infogressive, Inc. | Aggressive Information Security | http://www.infogressive.com -------------- next part -------------- An HTML attachment was scrubbed... URL: