[Nikto-discuss] a newbie question
Justin C. Klein Keane
justin at madirish.net
Fri Aug 9 09:27:40 CDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When Nikto receives a 200 response from a probe it may report a
finding depending on the test definition (ref:
http://cirt.net/nikto2-docs/expanding.html#id2792422), which may be a
false positive. Your browser may show "no result" but get a 200 HTTP
response. This is one of the bigger issues with Nikto, if you run it
against something like Drupal (which routes all requests through
index.php and responds with a customized "Not Found Page" but
unhelpfully serves it with a 200 response code) you wind up with a
bunch of false positives.
Justin C. Klein Keane
http://www.MadIrish.net
Any digital signature on this message can be confirmed using
the GPG key at http://www.madirish.net/gpgkey
On 08/09/2013 08:31 AM, user021 at hushmail.com wrote:
> Hi guys, im pretty new in this field and lately was scanning with
> nikto using default settings a webserv protected by CloudFlare.
> thing is, it detects alot of stuff but when try to manual check it
> in browser i get no result, could be all Fps or i am missing
> something.thx
>
>
> _______________________________________________ Nikto-discuss
> mailing list Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iPwEAQECAAYFAlIE/FkACgkQkSlsbLsN1gCi8gb+LYvOehps7PEMA4zcdov6zBDd
d1dS2LwgMaC4bBf4WZwsfp7QUNJT0RkdA97DOz1sqX9cr2J6H9s/3tkuYXORX8co
mIWd/nxCoXl5RJWihv9A0X+XinDYtGYJOR3RsbNMVBnoAXnAaDo68adgC1DduxB7
n1syKQWO4aU+2Kb4Lxsf+GyBxY7gObe3VFMxx4zkDPTocnXDsZJhj2zQh+AapjVZ
FdASPBzXSI9S7MXWIv5OtUb39kmLM7/3bBNDdBu3JhE45hlT2uD2SESlQ3ZYkL6A
5KQhj2FE13u4nglmtMc=
=jjsz
-----END PGP SIGNATURE-----
More information about the Nikto-discuss
mailing list