From sullo at cirt.net Sun Sep 16 23:12:14 2012 From: sullo at cirt.net (Sullo) Date: Mon, 17 Sep 2012 00:12:14 -0400 Subject: [Nikto-discuss] Nikto 2.1.5 Released! Message-ID: At long last, we've officially released Nikto 2.1.5! This version contains tons of changes and new features: - Save full response on positive, plaintext & JSON - 'maxtime' maximum execution time per host (seconds) - 'until' run until specified time or duration - 'IgnoreCode' option to allow db_404_strings @CODE from the command line - Replay saved JSON requests with replay.pl - Client SSL certificate support - Output file name now takes '.' which will auto-generate name - Content parsing to add items to db_variables values for enhanced testing - robots.txt lines are now added to db_variables values for enhanced testing For the full list or to download, please see: http://cirt.net/node/89 MD5 Checksums: nikto-2.1.5.tar.bz2 35ac9f11ab4aa0d5b8449748338bd159 nikto-2.1.5.tar.gz efcc98a918becb77471ee9a5df0a7b1e -- http://cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From thedelinquentrecurve at gmail.com Mon Sep 17 07:55:53 2012 From: thedelinquentrecurve at gmail.com (Peace Maker) Date: Mon, 17 Sep 2012 18:25:53 +0530 Subject: [Nikto-discuss] Error after updating nikto database Message-ID: Hi Guys.. I am getting the below error after updating Nikto DB. Undefined subroutine &main::get_ips called at /pentest/web/nikto/plugins/nikto_headers.plugin line 72. The current DB version is : root at bt:/pentest/web/nikto# ./nikto.pl -Version --------------------------------------------------------------------------- Nikto Versions --------------------------------------------------------------------------- File Version Last Mod ----------------------------- -------- ---------- Nikto main 2.1.5 LibWhisker 2.5 db_404_strings 2.003 2011-07-01 db_content_search 2.000 2010-12-29 2012-07-04 1.0 db_embedded 2.004 2010-01-19 db_favicon 2.010 db_headers 2.008 db_httpoptions 2.002 2008-09-12 db_multiple_index 2.005 2008-09-12 db_outdated 2.017 db_parked_strings 2.000 db_realms 2.002 2010-07-11 db_server_msgs 2.006 2011-06-14 db_subdomains 2.006 db_tests 2.019 db_variables 2.004 2011-06-14 nikto_apache_expect_xss.plugin 2.04 nikto_apacheusers.plugin 2.06 nikto_auth.plugin 2.04 nikto_cgi.plugin 2.06 2008-05-06 nikto_clientaccesspolicy.plugin 1.00 nikto_content_search.plugin 2.05 nikto_cookies.plugin 2.03 nikto_core.plugin 2.1.5 2012-01-01 nikto_dictionary_attack.plugin 2.04 nikto_embedded.plugin 2.07 nikto_favicon.plugin 2.09 nikto_fileops.plugin 1.00 nikto_headers.plugin 2.10 nikto_httpoptions.plugin 2.10 nikto_msgs.plugin 2.07 nikto_multiple_index.plugin 2.03 nikto_outdated.plugin 2.09 nikto_parked.plugin 2.00 nikto_paths.plugin 2.00 nikto_put_del_test.plugin 2.04 2011-02-19 nikto_report_csv.plugin 2.06 2008-11-11 nikto_report_html.plugin 2.05 2009-07-20 nikto_report_msf.plugin 1.00 2010-08-24 nikto_report_nbe.plugin 2.01 2011-02-19 nikto_report_text.plugin 2.05 2008-11-11 nikto_report_xml.plugin 2.05 2009-07-20 nikto_robots.plugin 2.06 nikto_siebel.plugin 1.00 2011-01-03 nikto_single.plugin 2.03 2011-02-19 nikto_ssl.plugin 2.01 2011-07-23 nikto_subdomain.plugin 2.01 2011-02-19 nikto_tests.plugin 2.04 2008-09-21 --------------------------------------------------------------------------- SSL: Net::SSLeay 1.35 --------------------------------------------------------------------------- It was working good earlier. -------------- next part -------------- An HTML attachment was scrubbed... URL: From csullo at gmail.com Mon Sep 17 08:06:16 2012 From: csullo at gmail.com (Sullo) Date: Mon, 17 Sep 2012 09:06:16 -0400 Subject: [Nikto-discuss] Error after updating nikto database In-Reply-To: References: Message-ID: What do you mean, "updating nikto database"? There should be no updates right now... if you still have that in your scrollback buffer you can you tell show me what it says? Using trunk and a downloaded version, I ran -update and then had no issues. -Sullo On Mon, Sep 17, 2012 at 8:55 AM, Peace Maker wrote: > Hi Guys.. > > I am getting the below error after updating Nikto DB. > > Undefined subroutine &main::get_ips called at > /pentest/web/nikto/plugins/nikto_headers.plugin line 72. > > > The current DB version is : > > root at bt:/pentest/web/nikto# ./nikto.pl -Version > --------------------------------------------------------------------------- > Nikto Versions > --------------------------------------------------------------------------- > File Version Last Mod > ----------------------------- -------- ---------- > Nikto main 2.1.5 > LibWhisker 2.5 > db_404_strings 2.003 2011-07-01 > db_content_search 2.000 2010-12-29 > 2012-07-04 1.0 > db_embedded 2.004 2010-01-19 > db_favicon 2.010 > db_headers 2.008 > db_httpoptions 2.002 2008-09-12 > db_multiple_index 2.005 2008-09-12 > db_outdated 2.017 > db_parked_strings 2.000 > db_realms 2.002 2010-07-11 > db_server_msgs 2.006 2011-06-14 > db_subdomains 2.006 > db_tests 2.019 > db_variables 2.004 2011-06-14 > nikto_apache_expect_xss.plugin 2.04 > nikto_apacheusers.plugin 2.06 > nikto_auth.plugin 2.04 > nikto_cgi.plugin 2.06 2008-05-06 > nikto_clientaccesspolicy.plugin 1.00 > nikto_content_search.plugin 2.05 > nikto_cookies.plugin 2.03 > nikto_core.plugin 2.1.5 2012-01-01 > nikto_dictionary_attack.plugin 2.04 > nikto_embedded.plugin 2.07 > nikto_favicon.plugin 2.09 > nikto_fileops.plugin 1.00 > nikto_headers.plugin 2.10 > nikto_httpoptions.plugin 2.10 > nikto_msgs.plugin 2.07 > nikto_multiple_index.plugin 2.03 > nikto_outdated.plugin 2.09 > nikto_parked.plugin 2.00 > nikto_paths.plugin 2.00 > nikto_put_del_test.plugin 2.04 2011-02-19 > nikto_report_csv.plugin 2.06 2008-11-11 > nikto_report_html.plugin 2.05 2009-07-20 > nikto_report_msf.plugin 1.00 2010-08-24 > nikto_report_nbe.plugin 2.01 2011-02-19 > nikto_report_text.plugin 2.05 2008-11-11 > nikto_report_xml.plugin 2.05 2009-07-20 > nikto_robots.plugin 2.06 > nikto_siebel.plugin 1.00 2011-01-03 > nikto_single.plugin 2.03 2011-02-19 > nikto_ssl.plugin 2.01 2011-07-23 > nikto_subdomain.plugin 2.01 2011-02-19 > nikto_tests.plugin 2.04 2008-09-21 > --------------------------------------------------------------------------- > SSL: Net::SSLeay 1.35 > --------------------------------------------------------------------------- > > > It was working good earlier. > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lewis at lewisfrancis.com Mon Sep 17 09:29:53 2012 From: lewis at lewisfrancis.com (lewis francis) Date: Mon, 17 Sep 2012 10:29:53 -0400 Subject: [Nikto-discuss] Nikto 2.1.5 Released! In-Reply-To: References: Message-ID: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> Congrats on the new release. For some reason Trac isn't accepting my Assembla credentials, but noticed that in HTML reports, links to osvdb.org lack the www sub which annoyingly is needed by osvdb.org's current dns config. Cheers! From csullo at gmail.com Mon Sep 17 09:35:25 2012 From: csullo at gmail.com (Sullo) Date: Mon, 17 Sep 2012 10:35:25 -0400 Subject: [Nikto-discuss] Nikto 2.1.5 Released! In-Reply-To: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> References: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> Message-ID: I don't see that OSVDB issue... As for Assembla, is it not allowing you to login or not allowing you to add a ticket? On Mon, Sep 17, 2012 at 10:29 AM, lewis francis wrote: > Congrats on the new release. For some reason Trac isn't accepting my > Assembla credentials, but noticed that in HTML reports, links to osvdb.orglack the www sub which annoyingly is needed by > osvdb.org's current dns config. Cheers! > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lewis at lewisfrancis.com Mon Sep 17 09:44:01 2012 From: lewis at lewisfrancis.com (lewis francis) Date: Mon, 17 Sep 2012 10:44:01 -0400 Subject: [Nikto-discuss] Nikto 2.1.5 Released! In-Reply-To: References: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> Message-ID: Logged in to Assembla, couldn't login to Trac -- it's been a while, does Trac use different credentials? As for OSVDB, it's working for me now, too. Must have hit it during a hiccup, sorry for the false alarm. On Sep 17, 2012, at 10:35 AM, Sullo wrote: > I don't see that OSVDB issue... > > As for Assembla, is it not allowing you to login or not allowing you to add a ticket? > > On Mon, Sep 17, 2012 at 10:29 AM, lewis francis wrote: > Congrats on the new release. For some reason Trac isn't accepting my Assembla credentials, but noticed that in HTML reports, links to osvdb.org lack the www sub which annoyingly is needed by osvdb.org's current dns config. Cheers! > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > > > -- > > http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From jweberhofer at weberhofer.at Mon Sep 17 09:56:23 2012 From: jweberhofer at weberhofer.at (Johannes Weberhofer) Date: Mon, 17 Sep 2012 16:56:23 +0200 Subject: [Nikto-discuss] Nikto 2.1.5 Released! In-Reply-To: References: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> Message-ID: <50573A17.2040508@weberhofer.at> Did you join the nikt 2 space? See https://trac.assembla.com/Nikto_2/wiki Johannes Am 17.09.12 16:44, schrieb lewis francis: > Logged in to Assembla, couldn't login to Trac -- it's been a while, does Trac use different credentials? > > As for OSVDB, it's working for me now, too. Must have hit it during a hiccup, sorry for the false alarm. > > On Sep 17, 2012, at 10:35 AM, Sullo > wrote: > >> I don't see that OSVDB issue... >> >> As for Assembla, is it not allowing you to login or not allowing you to add a ticket? >> >> On Mon, Sep 17, 2012 at 10:29 AM, lewis francis > wrote: >> >> Congrats on the new release. For some reason Trac isn't accepting my Assembla credentials, but noticed that in HTML reports, links to osvdb.org lack the www sub which annoyingly is needed by osvdb.org 's current dns config. Cheers! >> _______________________________________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/listinfo/nikto-discuss >> >> >> >> >> -- >> >> http://www.cirt.net | http://richsec.com/ > > > > _______________________________________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna From csullo at gmail.com Mon Sep 17 10:01:20 2012 From: csullo at gmail.com (Sullo) Date: Mon, 17 Sep 2012 11:01:20 -0400 Subject: [Nikto-discuss] Nikto 2.1.5 Released! In-Reply-To: <50573A17.2040508@weberhofer.at> References: <103D3BFE-A234-4541-A457-E97F16E30EBB@lewisfrancis.com> <50573A17.2040508@weberhofer.at> Message-ID: I probably messed up the permissions this morning. I'm looking into it! On Mon, Sep 17, 2012 at 10:56 AM, Johannes Weberhofer < jweberhofer at weberhofer.at> wrote: > Did you join the nikt 2 space? See https://trac.assembla.com/** > Nikto_2/wiki > > Johannes > > Am 17.09.12 16:44, schrieb lewis francis: > >> Logged in to Assembla, couldn't login to Trac -- it's been a while, does >> Trac use different credentials? >> >> As for OSVDB, it's working for me now, too. Must have hit it during a >> hiccup, sorry for the false alarm. >> >> On Sep 17, 2012, at 10:35 AM, Sullo > csullo at gmail.com>> wrote: >> >> I don't see that OSVDB issue... >>> >>> As for Assembla, is it not allowing you to login or not allowing you to >>> add a ticket? >>> >>> On Mon, Sep 17, 2012 at 10:29 AM, lewis francis >> lewis at lewisfrancis.com**>> wrote: >>> >>> Congrats on the new release. For some reason Trac isn't accepting my >>> Assembla credentials, but noticed that in HTML reports, links to >>> osvdb.org lack the www sub which annoyingly is >>> needed by osvdb.org 's current dns config. Cheers! >>> ______________________________**_________________ >>> Nikto-discuss mailing list >>> Nikto-discuss at attrition.org >>> > >>> https://attrition.org/mailman/**listinfo/nikto-discuss >>> >>> >>> >>> >>> -- >>> >>> http://www.cirt.net | http://richsec.com/ >>> >> >> >> >> ______________________________**_________________ >> Nikto-discuss mailing list >> Nikto-discuss at attrition.org >> https://attrition.org/mailman/**listinfo/nikto-discuss >> >> > -- > Johannes Weberhofer > Weberhofer GmbH, Austria, Vienna > > ______________________________**_________________ > Nikto-discuss mailing list > Nikto-discuss at attrition.org > https://attrition.org/mailman/**listinfo/nikto-discuss > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: