[Nikto-discuss] Nikto tuning : passwords
Subscriptions
subs at qcontinuum.plus.com
Fri May 4 06:52:01 CDT 2012
I'm looking at the Nikto tuning options and I came across this mutate
option:
2. Guess for password file names. Takes a list of common password file
names (such as "passwd", "pass", "password") and file extensions ("txt",
"pwd", "bak", etc.) and builds a list of files to check for.
So presumably this searches for know password file names accessible for
the web server. I tried running a scan with it on and it ran for a very
long time (over 20mins). I had to kill it eventually. Is it supposed to
take this long?
Is there also an option that can search for passwords embedded in config
files?
More information about the Nikto-discuss
mailing list