From zakiakhmad at gmail.com Tue Oct 4 02:55:28 2011 From: zakiakhmad at gmail.com (Zaki Akhmad) Date: Tue, 4 Oct 2011 14:55:28 +0700 Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4 Message-ID: Hello list, I am trying to update my nikto 2.1.4, then I get the following error: root at think:/home/za/tools/nikto/nikto-2.1.4# ./nikto.pl -update + Retrieving 'db_tests' + Retrieving 'db_outdated' + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_outdated What's wrong with this update process? Thanks! -- Zaki Akhmad -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Wed Oct 5 07:35:31 2011 From: csullo at gmail.com (Sullo) Date: Wed, 5 Oct 2011 08:35:31 -0400 Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4 In-Reply-To: References: Message-ID: I am unable to duplicate this behavior... seems to be working ok for me. Anyone else having issues? On Tue, Oct 4, 2011 at 3:55 AM, Zaki Akhmad wrote: > Hello list, > I am trying to update my nikto 2.1.4, then I get the following error: > root at think:/home/za/tools/nikto/nikto-2.1.4# ./nikto.pl -update > + Retrieving 'db_tests' > + Retrieving 'db_outdated' > + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_outdated > What's wrong with this update process? > Thanks! > -- > Zaki Akhmad > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From zakiakhmad at gmail.com Wed Oct 12 23:26:38 2011 From: zakiakhmad at gmail.com (Zaki Akhmad) Date: Thu, 13 Oct 2011 11:26:38 +0700 Subject: [Nikto-discuss] Link to OSVDB at HTML Report Message-ID: Hi, I am saving nikto report as htm format. When there's vulnerability links to OSVDB, the URL path isn't point to the OSVDB URL. Am I missing something? I am using using Nikto 2.1.4 $ nikto -h localhost -p 80 -o nikto-report -F htm Thanks -- Zaki Akhmad -------------- next part -------------- An HTML attachment was scrubbed... URL: From nirav_acharya at yahoo.com Thu Oct 13 06:38:34 2011 From: nirav_acharya at yahoo.com (nirav acharya) Date: Thu, 13 Oct 2011 04:38:34 -0700 (PDT) Subject: [Nikto-discuss] Welcome to the "Nikto-discuss" mailing list (Digest mode) In-Reply-To: References: Message-ID: <1318505914.68641.YahooMailNeo@web125709.mail.ne1.yahoo.com> ? -Nirav Acharya ----- Forwarded Message ----- From: "nikto-discuss-request at attrition.org" To: nirav_acharya at yahoo.com Sent: Friday, 7 October 2011 5:11 PM Subject: Welcome to the "Nikto-discuss" mailing list (Digest mode) Welcome to the Nikto-discuss at attrition.org mailing list! To post to this list, send your email to: ? nikto-discuss at attrition.org General information about the mailing list is at: ? https://attrition.org/mailman/listinfo/nikto-discuss If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: ? https://attrition.org/mailman/options/nikto-discuss/nirav_acharya%40yahoo.com You can also make such adjustments via email by sending a message to: ? Nikto-discuss-request at attrition.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe.? It is: ? prarthana88 Normally, Mailman will remind you of your attrition.org mailing list passwords once every month, although you can disable this if you prefer.? This reminder will also include instructions on how to unsubscribe or change your account options.? There is also a button on your options page that will email your current password to you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Thu Oct 13 22:44:06 2011 From: csullo at gmail.com (Sullo) Date: Thu, 13 Oct 2011 23:44:06 -0400 Subject: [Nikto-discuss] Link to OSVDB at HTML Report In-Reply-To: References: Message-ID: Zaki, > I am saving nikto report as htm format. When there's vulnerability links to > OSVDB, the URL path isn't point to the OSVDB URL. Am I missing something? No, you are not missing anything... but we have been! I'm not sure how this wasn't seen before, but there is a problem in the template variable replacements. I've opened ticket #255 to track resolution of this. https://trac.assembla.com/Nikto_2/ticket/225 Thanks for pointing this out. Hopefully we can have a fix soon. Regards, Sullo -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From zakiakhmad at gmail.com Fri Oct 14 01:46:17 2011 From: zakiakhmad at gmail.com (Zaki Akhmad) Date: Fri, 14 Oct 2011 13:46:17 +0700 Subject: [Nikto-discuss] Link to OSVDB at HTML Report In-Reply-To: References: Message-ID: Your welcome Sullo. I'm happy to help! :-) -- Zaki Akhmad -------------- next part -------------- An HTML attachment was scrubbed... URL: From www.cyberyogi at gmail.com Fri Oct 21 03:34:09 2011 From: www.cyberyogi at gmail.com (cyber yogi) Date: Fri, 21 Oct 2011 14:04:09 +0530 Subject: [Nikto-discuss] Precisely Configuring nikto Message-ID: Respected People, I want to configure nikto scanner to scan and report as much precisely as it is possible. for this I have tried mutate options but while it takes so much time in scanning web server. and I am aware with Turning option of nikto too. Please do suggest me. How I can configure or which options I can use in nikto scanner to get maximum vulnerabilities and scan web server in lesser time. Thanks :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From www.cyberyogi at gmail.com Fri Oct 21 03:45:31 2011 From: www.cyberyogi at gmail.com (cyber yogi) Date: Fri, 21 Oct 2011 14:15:31 +0530 Subject: [Nikto-discuss] configure / options to precisely get vulnerabilites Message-ID: Respected People, I want to configure nikto scanner to scan and report as precisely as much it is possible. for this I have tried mutate options but while scanning web server it takes so much time. and I am aware with Turning option of nikto too. Please do suggest me. How I can configure or which options I can use in nikto scanner to get maximum vulnerabilities and scan web server in lesser time. Thanks :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From nirav_acharya at yahoo.com Mon Oct 24 01:33:59 2011 From: nirav_acharya at yahoo.com (nirav acharya) Date: Sun, 23 Oct 2011 23:33:59 -0700 (PDT) Subject: [Nikto-discuss] Osvdbid in report with mutate option Message-ID: <1319438039.68125.YahooMailNeo@web125712.mail.ne1.yahoo.com> Hello all of you, while scanning web server with mutate option nikto gives osvdbid=0 in report . So how can we get another related osvdbid? to the vulnerability? Thanx ? -Nirav Acharya -------------- next part -------------- An HTML attachment was scrubbed... URL: From nirav_acharya at yahoo.com Mon Oct 24 02:01:26 2011 From: nirav_acharya at yahoo.com (nirav acharya) Date: Mon, 24 Oct 2011 00:01:26 -0700 (PDT) Subject: [Nikto-discuss] (no subject) Message-ID: <1319439686.34681.YahooMailNeo@web125706.mail.ne1.yahoo.com> Hello , how to improve scanning performance of nikto? ? -Nirav Acharya -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Mon Oct 24 07:48:41 2011 From: csullo at gmail.com (Sullo) Date: Mon, 24 Oct 2011 08:48:41 -0400 Subject: [Nikto-discuss] Osvdbid in report with mutate option In-Reply-To: <1319438039.68125.YahooMailNeo@web125712.mail.ne1.yahoo.com> References: <1319438039.68125.YahooMailNeo@web125712.mail.ne1.yahoo.com> Message-ID: On Mon, Oct 24, 2011 at 2:33 AM, nirav acharya wrote: > Hello all of you, > while scanning web server with mutate option nikto gives osvdbid=0 in report > . So how can we get another related osvdbid? to the vulnerability? With the mutate options, is basically using some rules to combine directories and files/payloads into one request. It's very unlikely that the attack would match up to an actual entry in OSVDB. -Sullo -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From csullo at gmail.com Mon Oct 24 07:50:57 2011 From: csullo at gmail.com (Sullo) Date: Mon, 24 Oct 2011 08:50:57 -0400 Subject: [Nikto-discuss] configure / options to precisely get vulnerabilites In-Reply-To: References: Message-ID: On Fri, Oct 21, 2011 at 4:45 AM, cyber yogi wrote: > Respected People, > > ? ? ?? I want to configure nikto scanner to scan and report as precisely as > much it is possible. > ?for this I have tried mutate options but while scanning web server it takes > so much time. > ?and I am aware with Turning option of nikto too. > > ?Please do suggest me. How I can configure or which options I can use in > nikto scanner to get maximum vulnerabilities and scan web server in lesser > time. In most cases, you'll get best coverage by running with the default settings--so essentially just supplying the target host/port combination. Tuning is going to be best if you want to cut out certain classes of vulnerabilities (say, RFI for example) if you don't care about them or have some other reason for not wanting to test them. Using mutate options is going to dramatically increase the amount of time testing takes. -Sullo -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From csullo at gmail.com Mon Oct 24 07:53:42 2011 From: csullo at gmail.com (Sullo) Date: Mon, 24 Oct 2011 08:53:42 -0400 Subject: [Nikto-discuss] (no subject) In-Reply-To: <1319439686.34681.YahooMailNeo@web125706.mail.ne1.yahoo.com> References: <1319439686.34681.YahooMailNeo@web125706.mail.ne1.yahoo.com> Message-ID: On Mon, Oct 24, 2011 at 3:01 AM, nirav acharya wrote: > Hello , > how to improve scanning performance of nikto? Well that is a pretty broad question... performance depends on a lot of factor, many of which have nothing to do with Nikto itself (web server response times, network speeds, scanner host CPU/memory, etc.). All of those things factor in. Certainly not using mutate options will speed things up, as they can generate a massively large number of requests and can take a long time to complete. Otherwise, using Tuning options may speed things up if there are classes of vulnerabilities you don't care to test. Lastly, on *nix systems you can press SPACE during a scan to see the number of tests complete/waiting, and a guess as to the time remaining. Hope that helps. -Sullo -- http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/ From zakiakhmad at gmail.com Tue Oct 25 02:50:00 2011 From: zakiakhmad at gmail.com (Zaki Akhmad) Date: Tue, 25 Oct 2011 14:50:00 +0700 Subject: [Nikto-discuss] Support for HTTP-method-request POST Form? Message-ID: Hello, There is userid:password option at Nikto. From the nikto man page: -id ID and password to use for host Basic host authentication. Format is "id:password". Does it mean that Nikto hasn't supported the http-method-request post form authentication? Many thanks! -- Zaki Akhmad From christian.heinrich at cmlh.id.au Thu Oct 27 02:00:31 2011 From: christian.heinrich at cmlh.id.au (Christian Heinrich) Date: Thu, 27 Oct 2011 18:00:31 +1100 Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4 In-Reply-To: References: Message-ID: Sullo, I have a similar error with db_tests with a BackTrack, i.e. BT5R1-GNOME-VM-32, which I have reproduced below: root at bt:/pentest/web/nikto# ./nikto.pl -update + Retrieving 'db_tests' + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_tests I can't retrieve "db_tests" with a web browser (Chrome) or wget as confirmed by the 200 OK HTTP Status Code quoted below: root at bt:/pentest/web/nikto# wget http://CIRT.net/nikto/UPDATES/2.1.4/db_tests --2011-10-27 02:52:01-- http://cirt.net/nikto/UPDATES/2.1.4/db_tests Resolving cirt.net... 174.142.17.165 Connecting to cirt.net|174.142.17.165|:80... connected. *HTTP request sent, awaiting response... 200 OK* Length: 1165182 (1.1M) [text/plain] Saving to: `db_tests' 100%[===================================================>] 1,165,182 30.2K/s in 43s 2011-10-27 02:52:44 (26.6 KB/s) - `db_tests' saved [1165182/1165182] This error is occurring now (i.e. 6PM Australian Eastern Standard Time) so ignore the timestamp in the example above i.e. *02:52:01.* On Wed, Oct 5, 2011 at 11:35 PM, Sullo wrote: > I am unable to duplicate this behavior... seems to be working ok for > me. Anyone else having issues? > > On Tue, Oct 4, 2011 at 3:55 AM, Zaki Akhmad wrote: > > Hello list, > > I am trying to update my nikto 2.1.4, then I get the following error: > > root at think:/home/za/tools/nikto/nikto-2.1.4# ./nikto.pl -update > > + Retrieving 'db_tests' > > + Retrieving 'db_outdated' > > + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_outdated > > What's wrong with this update process? > > Thanks! > > -- > > Zaki Akhmad > > > > _______________________________________________ > > Nikto-discuss mailing list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > > > > > -- > > http://www.cirt.net | http://www.osvdb.org/ > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- Regards, Christian Heinrich http://cmlh.id.au/contact -------------- next part -------------- An HTML attachment was scrubbed... URL: