From user021 at hushmail.com  Fri Aug  9 07:31:07 2013
From: user021 at hushmail.com (user021 at hushmail.com)
Date: Fri, 09 Aug 2013 08:31:07 -0400
Subject: [Nikto-discuss] a newbie question
In-Reply-To: <EBE78754-638C-47E7-B28B-519BE05D2BC7@qq.com>
References: <20130804125231.33365A0122@smtp.hushmail.com>
	<EBE78754-638C-47E7-B28B-519BE05D2BC7@qq.com>
Message-ID: <20130809123107.CBFEBC04C8@smtp.hushmail.com>

Hi guys, im pretty new in this field and lately was scanning with
nikto using default settings a webserv protected by CloudFlare. thing
is, it detects alot of stuff but when try to manual check it in
browser i get no result, could be all Fps or i am missing
something.thx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130809/6e107889/attachment.html>

From justin at madirish.net  Fri Aug  9 09:27:40 2013
From: justin at madirish.net (Justin C. Klein Keane)
Date: Fri, 09 Aug 2013 10:27:40 -0400
Subject: [Nikto-discuss] a newbie question
In-Reply-To: <20130809123107.CBFEBC04C8@smtp.hushmail.com>
References: <20130804125231.33365A0122@smtp.hushmail.com>
	<EBE78754-638C-47E7-B28B-519BE05D2BC7@qq.com>
	<20130809123107.CBFEBC04C8@smtp.hushmail.com>
Message-ID: <5204FC5C.1050402@madirish.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When Nikto receives a 200 response from a probe it may report  a
finding depending on the test definition (ref:
http://cirt.net/nikto2-docs/expanding.html#id2792422), which may be a
false positive.  Your browser may show "no result" but get a 200 HTTP
response.  This is one of the bigger issues with Nikto, if you run it
against something like Drupal (which routes all requests through
index.php and responds with a customized "Not Found Page" but
unhelpfully serves it with a 200 response code) you wind up with a
bunch of false positives.

Justin C. Klein Keane
http://www.MadIrish.net

Any digital signature on this message can be confirmed using
the GPG key at http://www.madirish.net/gpgkey

On 08/09/2013 08:31 AM, user021 at hushmail.com wrote:
> Hi guys, im pretty new in this field and lately was scanning with
> nikto using default settings a webserv protected by CloudFlare.
> thing is, it detects alot of stuff but when try to manual check it
> in browser i get no result, could be all Fps or i am missing
> something.thx
> 
> 
> _______________________________________________ Nikto-discuss
> mailing list Nikto-discuss at attrition.org 
> https://attrition.org/mailman/listinfo/nikto-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iPwEAQECAAYFAlIE/FkACgkQkSlsbLsN1gCi8gb+LYvOehps7PEMA4zcdov6zBDd
d1dS2LwgMaC4bBf4WZwsfp7QUNJT0RkdA97DOz1sqX9cr2J6H9s/3tkuYXORX8co
mIWd/nxCoXl5RJWihv9A0X+XinDYtGYJOR3RsbNMVBnoAXnAaDo68adgC1DduxB7
n1syKQWO4aU+2Kb4Lxsf+GyBxY7gObe3VFMxx4zkDPTocnXDsZJhj2zQh+AapjVZ
FdASPBzXSI9S7MXWIv5OtUb39kmLM7/3bBNDdBu3JhE45hlT2uD2SESlQ3ZYkL6A
5KQhj2FE13u4nglmtMc=
=jjsz
-----END PGP SIGNATURE-----

From csullo at gmail.com  Fri Aug  9 21:59:20 2013
From: csullo at gmail.com (Sullo)
Date: Fri, 9 Aug 2013 22:59:20 -0400
Subject: [Nikto-discuss] a newbie question
In-Reply-To: <5204FC5C.1050402@madirish.net>
References: <20130804125231.33365A0122@smtp.hushmail.com>
	<EBE78754-638C-47E7-B28B-519BE05D2BC7@qq.com>
	<20130809123107.CBFEBC04C8@smtp.hushmail.com>
	<5204FC5C.1050402@madirish.net>
Message-ID: <CA+KRv60nWKsXwD6x9gkmZupt8zYP63RKM_UsJvxVHFF_mCHUtw@mail.gmail.com>

On Fri, Aug 9, 2013 at 10:27 AM, Justin C. Klein Keane
<justin at madirish.net>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> When Nikto receives a 200 response from a probe it may report  a
> finding depending on the test definition (ref:
> http://cirt.net/nikto2-docs/expanding.html#id2792422), which may be a
> false positive.  Your browser may show "no result" but get a 200 HTTP
> response.  This is one of the bigger issues with Nikto, if you run it
> against something like Drupal (which routes all requests through
> index.php and responds with a customized "Not Found Page" but
> unhelpfully serves it with a 200 response code) you wind up with a
> bunch of false positives.
>
>
This is true, and it's a constant battle with Nikto (and other web security
tools). There are also a number of strings in db_404_strings which, if they
match page content, are treated as if the server responded with a 404
response. Additionally, most tests added in the last few years don't rely
on 200--it's generally the older ones, or ones where we have no idea what a
valid response looks like, which only match on 200.

As for Cloudflare...I can't say how things respond as I haven't tried it
out in a few years. If the original poster wants to send me (off list) a
capture of the output running with "-D DS" (debug mode, scrubbing hostnames
& Ips) along with the sanitized report (any format) I'm happy to take a
look at it to see if anything can be done.

Better, if the original poster or someone with a Cloudflare site want to
let me test directly... email me off-list!

-Sullo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130809/9924a332/attachment.html>

From t.devergranne at gmail.com  Fri Aug 30 08:30:28 2013
From: t.devergranne at gmail.com (=?iso-8859-1?Q?Thi=E9baut_Devergranne?=)
Date: Fri, 30 Aug 2013 15:30:28 +0200
Subject: [Nikto-discuss] (no subject)
Message-ID: <D1B76FF0-3CD5-4871-9CE0-12937E7F3214@gmail.com>

Hi guys, 

I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one. 

I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.

Anyone could help to put me on the right track ? 
Thanks





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130830/f7137c85/attachment.html>