From mccarthtom at gmail.com  Tue Feb  5 07:36:04 2013
From: mccarthtom at gmail.com (Tom Mccarthy)
Date: Tue, 5 Feb 2013 13:36:04 +0000
Subject: [Nikto-discuss] Info
Message-ID: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>

Hi,
I am studying computer networks in college and for my final year project I
intend to run a number of penetration testing tools on a network with 3 to
4 workstations each with it's own ip address. I am performing this task on
my own and I hope to get results involving vulnerability identification. I
am E-mailing you to inquire is NIKTO suitable to run on Windows and Linux
machines? Also I have no recent history with the use of NIKTO and any
relevant information or advice would be greatly appreciated.

-- 
Regards Thomas McCarthy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130205/a6e185f1/attachment.html>

From mike at itsecuritypros.org  Tue Feb  5 13:27:16 2013
From: mike at itsecuritypros.org (Michael D. Wood)
Date: Tue, 5 Feb 2013 14:27:16 -0500
Subject: [Nikto-discuss] Info
In-Reply-To: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
References: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
Message-ID: <34E5C019-7669-4933-BD72-708DD83FA2A6@itsecuritypros.org>

Tom,

Why not use BackTrack?  It has Nikto already included.  Also, Nikto is used primarily for web application audits.  You could use Nessus and Metasploit also that are included in BackTrack.

Michael D. Wood
mike at itsecuritypros.org

On Feb 5, 2013, at 8:36 AM, Tom Mccarthy <mccarthtom at gmail.com> wrote:

> Hi,
> I am studying computer networks in college and for my final year project I intend to run a number of penetration testing tools on a network with 3 to 4 workstations each with it's own ip address. I am performing this task on my own and I hope to get results involving vulnerability identification. I am E-mailing you to inquire is NIKTO suitable to run on Windows and Linux machines? Also I have no recent history with the use of NIKTO and any relevant information or advice would be greatly appreciated.
> 
> 
> -- 
> Regards Thomas McCarthy _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130205/271be8f3/attachment-0001.html>

From mailforalexb at googlemail.com  Wed Feb  6 02:52:52 2013
From: mailforalexb at googlemail.com (Alex Brook)
Date: Wed, 6 Feb 2013 15:52:52 +0700
Subject: [Nikto-discuss] Info
In-Reply-To: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
References: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
Message-ID: <CAGD+0m2Cr12seW1pZiOPeqTUjY47UkASPxyQbVQxHZ5Nk1U0eQ@mail.gmail.com>

Hi Tom,

You can run Nikto on whatever machine you like. At worst, just install a
VM, no problem.

I think if you are going to run this sort of project, I would also advise
you get accustomed to doing some research. Not trying to rib you, it's just
that I ran a quick search on google with the phrase "nikto windows and
linux" and I picked up this
link<http://cirt.net/nikto2-docs/installation.html> (Nikto
Installation Guide) on the first page (
http://cirt.net/nikto2-docs/installation.html).

As my forensics lecturer would say, RTFM.

Alex.

On Tue, Feb 5, 2013 at 8:36 PM, Tom Mccarthy <mccarthtom at gmail.com> wrote:

> Hi,
> I am studying computer networks in college and for my final year project I
> intend to run a number of penetration testing tools on a network with 3 to
> 4 workstations each with it's own ip address. I am performing this task on
> my own and I hope to get results involving vulnerability identification. I
> am E-mailing you to inquire is NIKTO suitable to run on Windows and Linux
> machines? Also I have no recent history with the use of NIKTO and any
> relevant information or advice would be greatly appreciated.
>
> --
> Regards Thomas McCarthy
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 
Alex G. Brook

Mobile/HP:  +6285778122209
Skype:         alexgbrook
LinkedIn:      http://au.linkedin.com/in/alexgbrook
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130206/54d0d021/attachment.html>

From mike at itsecuritypros.org  Wed Feb  6 03:07:14 2013
From: mike at itsecuritypros.org (Michael D. Wood)
Date: Wed, 6 Feb 2013 04:07:14 -0500
Subject: [Nikto-discuss] Info
In-Reply-To: <CAGD+0m2Cr12seW1pZiOPeqTUjY47UkASPxyQbVQxHZ5Nk1U0eQ@mail.gmail.com>
References: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
	<CAGD+0m2Cr12seW1pZiOPeqTUjY47UkASPxyQbVQxHZ5Nk1U0eQ@mail.gmail.com>
Message-ID: <07F37160-97DD-4758-978A-103F9204F7BE@itsecuritypros.org>

With this line of work?.research is inevitable.

Google is your friend ;)  Don't hesitate to e-mail me though!

Michael D. Wood
mike at itsecuritypros.org

On Feb 6, 2013, at 3:52 AM, Alex Brook <mailforalexb at googlemail.com> wrote:

> Hi Tom,
> 
> You can run Nikto on whatever machine you like. At worst, just install a VM, no problem.
> 
> I think if you are going to run this sort of project, I would also advise you get accustomed to doing some research. Not trying to rib you, it's just that I ran a quick search on google with the phrase "nikto windows and linux" and I picked up this link (Nikto Installation Guide) on the first page (http://cirt.net/nikto2-docs/installation.html).
> 
> As my forensics lecturer would say, RTFM.
> 
> Alex.
> 
> On Tue, Feb 5, 2013 at 8:36 PM, Tom Mccarthy <mccarthtom at gmail.com> wrote:
> Hi,
> I am studying computer networks in college and for my final year project I intend to run a number of penetration testing tools on a network with 3 to 4 workstations each with it's own ip address. I am performing this task on my own and I hope to get results involving vulnerability identification. I am E-mailing you to inquire is NIKTO suitable to run on Windows and Linux machines? Also I have no recent history with the use of NIKTO and any relevant information or advice would be greatly appreciated.
> 
> 
> -- 
> Regards Thomas McCarthy 
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
> 
> 
> 
> 
> -- 
> Alex G. Brook
> 
> Mobile/HP:  +6285778122209
> Skype:         alexgbrook
> LinkedIn:      http://au.linkedin.com/in/alexgbrook
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130206/06fe96ec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4151 bytes
Desc: not available
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130206/06fe96ec/attachment.p7s>

From bachimca2005 at gmail.com  Wed Feb  6 21:49:34 2013
From: bachimca2005 at gmail.com (Bachi Bachi)
Date: Thu, 7 Feb 2013 09:19:34 +0530
Subject: [Nikto-discuss] Info
In-Reply-To: <07F37160-97DD-4758-978A-103F9204F7BE@itsecuritypros.org>
References: <CAJL4XMLuMWPdV3t5tLOFwBoEMrQ7eZ_A7fe4skE8bhEtMKFJCQ@mail.gmail.com>
	<CAGD+0m2Cr12seW1pZiOPeqTUjY47UkASPxyQbVQxHZ5Nk1U0eQ@mail.gmail.com>
	<07F37160-97DD-4758-978A-103F9204F7BE@itsecuritypros.org>
Message-ID: <CAP0L0gyAGrZR52GDezFEWE9ZiRqsfR4WHwHGuWZrjPV=b_YFEQ@mail.gmail.com>

Hi Tom,

If you are planning to scan only workstations then use GFI Languard, Nessus
home feed, MBSA(Microsoft basrline Security Analyzer 2.2, works on windows
box only).
If you are planning to scan even web applications installed on those
workstations then you can use Nikto, w3af, webcruiser.


Regards
Bhaskar Puppala
http://in.linkedin.com/pub/bhaskar-puppala/16/113/3bb



On Wed, Feb 6, 2013 at 2:37 PM, Michael D. Wood <mike at itsecuritypros.org>wrote:

> With this line of work?.research is inevitable.
>
> Google is your friend ;)  Don't hesitate to e-mail me though!
>
>  Michael D. Wood
> mike at itsecuritypros.org
>
> On Feb 6, 2013, at 3:52 AM, Alex Brook <mailforalexb at googlemail.com>
> wrote:
>
> Hi Tom,
>
> You can run Nikto on whatever machine you like. At worst, just install a
> VM, no problem.
>
> I think if you are going to run this sort of project, I would also advise
> you get accustomed to doing some research. Not trying to rib you, it's just
> that I ran a quick search on google with the phrase "nikto windows and
> linux" and I picked up this link<http://cirt.net/nikto2-docs/installation.html> (Nikto
> Installation Guide) on the first page (
> http://cirt.net/nikto2-docs/installation.html).
>
> As my forensics lecturer would say, RTFM.
>
> Alex.
>
> On Tue, Feb 5, 2013 at 8:36 PM, Tom Mccarthy <mccarthtom at gmail.com> wrote:
>
>> Hi,
>> I am studying computer networks in college and for my final year project
>> I intend to run a number of penetration testing tools on a network with 3
>> to 4 workstations each with it's own ip address. I am performing this task
>> on my own and I hope to get results involving vulnerability identification.
>> I am E-mailing you to inquire is NIKTO suitable to run on Windows and Linux
>> machines? Also I have no recent history with the use of NIKTO and any
>> relevant information or advice would be greatly appreciated.
>>
>> --
>> Regards Thomas McCarthy
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>>
>
>
> --
> Alex G. Brook
>
> Mobile/HP:  +6285778122209
> Skype:         alexgbrook
> LinkedIn:      http://au.linkedin.com/in/alexgbrook
>  _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/5ccba0bb/attachment-0001.html>

From FBreedijk at schubergphilis.com  Thu Feb  7 08:24:37 2013
From: FBreedijk at schubergphilis.com (Frank Breedijk)
Date: Thu, 7 Feb 2013 14:24:37 +0000
Subject: [Nikto-discuss] False positive or not?
Message-ID: <B6A3AF582122724D8893615255A5CE52377175F7@SBPOMB401.sbp.lan>

Recently we got some results from Nikto which we regard as false positives.

>telnet xxx.xxx.xxx.xxx 80
Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx
Escape character is '^]'.
GET /phpimageview.php?pic=javascript:alert('Vulnerable') HTTP/1.1
Host: xxxxxxxxxxxxxxxxxxxx

HTTP/1.1 301 Moved Permanently
Set-Cookie: ARPT=PZUZILSpws1CKIOL; path=/
Date: Thu, 07 Feb 2013 14:19:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')
Content-Length: 297
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1><p>The document has moved <a href="https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')">here</a>.</p>
</body></html>Connection closed by foreign host.

I understand my the rule triggers, the URL is echoed back apparently unescaped. However the double quotes neutralize the XSS and if you insert a " in the URL the webserver actually returns a 400 Bad Request.

Kind regards,
Frank Breedijk


Schuberg Philis
Boeing Avenue 271
1119 PD Schiphol-Rijk
schubergphilis.com

+31 20 750 65 38
+31 6 4382 2637
_____________________
[Description: http://widget.sbpad6.nl/alpe_email.pl?nick=frank]<http://frank.sbpad6.nl/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/1d9864df/attachment-0001.html>

From resident.deity at gmail.com  Thu Feb  7 09:46:57 2013
From: resident.deity at gmail.com (a)
Date: Thu, 7 Feb 2013 15:46:57 +0000
Subject: [Nikto-discuss] False positive or not?
In-Reply-To: <B6A3AF582122724D8893615255A5CE52377175F7@SBPOMB401.sbp.lan>
References: <B6A3AF582122724D8893615255A5CE52377175F7@SBPOMB401.sbp.lan>
Message-ID: <CABaKezBvjYbK4YsJX0DihMt-TzDHzVOSw44PzP-jAkdGwXH5JQ@mail.gmail.com>

This looks like its a false positive off test 818; which is testing for a
XSS in the pic parameter of phpimageview.php.
There should be an exception case to catch this.

Is there any chance you could do a test with -D dvs on this. To cut down
the size of the debug file, you can edit db_tests and alter the 3rd column
of test 818 and put in a "z", then run Nikto like:

nikto.pl -host vulnerable -D dvs -Tuning z -Plugins tests -no404

One of these days I'll put in a way of doing this easily, probably
something like "-Plugins tests(tids:818)", suggestions would be appreciated.


On 7 February 2013 14:24, Frank Breedijk <FBreedijk at schubergphilis.com>wrote:

>  Recently we got some results from Nikto which we regard as false
> positives.****
>
> ** **
>
> >telnet xxx.xxx.xxx.xxx 80****
>
> Trying xxx.xxx.xxx.xxx...****
>
> Connected to xxx.xxx.xxx.xxx ****
>
> Escape character is '^]'.****
>
> GET /phpimageview.php?pic=javascript:alert('Vulnerable') HTTP/1.1****
>
> Host: xxxxxxxxxxxxxxxxxxxx****
>
> ** **
>
> HTTP/1.1 301 Moved Permanently****
>
> Set-Cookie: ARPT=PZUZILSpws1CKIOL; path=/****
>
> Date: Thu, 07 Feb 2013 14:19:39 GMT****
>
> Server: Microsoft-IIS/6.0****
>
> X-Powered-By: ASP.NET****
>
> Location:
> https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable
> ')****
>
> Content-Length: 297****
>
> Content-type: text/html****
>
> ** **
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">****
>
> <html><head>****
>
> <title>301 Moved Permanently</title>****
>
> </head><body>****
>
> <h1>Moved Permanently</h1><p>The document has moved <a href="
> https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')
> ">here</a>.</p>****
>
> </body></html>Connection closed by foreign host.****
>
> ** **
>
> I understand my the rule triggers, the URL is echoed back apparently
> unescaped. However the double quotes neutralize the XSS and if you insert a
> ? in the URL the webserver actually returns a 400 Bad Request.****
>
> ** **
>
> Kind regards,
> Frank Breedijk
>
>
> Schuberg Philis
> Boeing Avenue 271
> 1119 PD Schiphol-Rijk
> schubergphilis.com
>
> +31 20 750 65 38
> +31 6 4382 2637
> _____________________ ****
>
> [image: Description: http://widget.sbpad6.nl/alpe_email.pl?nick=frank]<http://frank.sbpad6.nl/>
> ****
>
> ** **
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/c86e8bd1/attachment.html>

From resident.deity at gmail.com  Thu Feb  7 09:58:41 2013
From: resident.deity at gmail.com (a)
Date: Thu, 7 Feb 2013 15:58:41 +0000
Subject: [Nikto-discuss] Changes to reporting
Message-ID: <CABaKezCfsm2M1egJHxpMn1eGM7_Ow_aTW7_ZZuESpCoR5u9TPw@mail.gmail.com>

I've been procrastinating for a long time about making changes to the way
Nikto does reporting, it's currently got some half cocked solution which
mangles an early form of hooks with a few basic template frigs together.
Making it quite buggy, especially if you're tuning your plugins.

Basically I'd like to rewrite it from scratch. What do people want in a
reporting system?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/74dce0f2/attachment.html>

From robin at digininja.org  Thu Feb  7 10:03:28 2013
From: robin at digininja.org (Robin Wood)
Date: Thu, 7 Feb 2013 16:03:28 +0000
Subject: [Nikto-discuss] Changes to reporting
In-Reply-To: <CABaKezCfsm2M1egJHxpMn1eGM7_Ow_aTW7_ZZuESpCoR5u9TPw@mail.gmail.com>
References: <CABaKezCfsm2M1egJHxpMn1eGM7_Ow_aTW7_ZZuESpCoR5u9TPw@mail.gmail.com>
Message-ID: <CALmccy7dXGhpH5bnUmZ=ReSNTihHHhYYhSCX+SaYf1bREi6CoQ@mail.gmail.com>

On 7 February 2013 15:58, a <resident.deity at gmail.com> wrote:

> I've been procrastinating for a long time about making changes to the way
> Nikto does reporting, it's currently got some half cocked solution which
> mangles an early form of hooks with a few basic template frigs together.
> Making it quite buggy, especially if you're tuning your plugins.
>
> Basically I'd like to rewrite it from scratch. What do people want in a
> reporting system?
>
>
Something that writes it all for me so I can go to the pub.

(I'll think about a proper answer when I've finished writing this report!)

Robin


>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/aa4d59ec/attachment.html>

From csullo at gmail.com  Thu Feb  7 10:06:18 2013
From: csullo at gmail.com (Sullo)
Date: Thu, 7 Feb 2013 11:06:18 -0500
Subject: [Nikto-discuss] Changes to reporting
In-Reply-To: <CABaKezCfsm2M1egJHxpMn1eGM7_Ow_aTW7_ZZuESpCoR5u9TPw@mail.gmail.com>
References: <CABaKezCfsm2M1egJHxpMn1eGM7_Ow_aTW7_ZZuESpCoR5u9TPw@mail.gmail.com>
Message-ID: <CA+KRv62gBV8S1=mMOvhofvvmEjfcgdA5Hn7Ok3vi5K_qsrANog@mail.gmail.com>

I don't have a ton of complaints about our current formats though maybe I
don't use them or nikto the same way you do... some open issues come to
mind, though:

- BUG: actually valid xml (https://github.com/sullo/nikto/issues/28)
- BUG: timing info can be incorrect (https://github.com/sullo/nikto/issues/1
)
- ENHANCEMENT: save in all (or multiple) formats (
https://github.com/sullo/nikto/issues/21)
- ENHANCEMENT: fatal errors in reports (
https://github.com/sullo/nikto/issues/3)





On Thu, Feb 7, 2013 at 10:58 AM, a <resident.deity at gmail.com> wrote:

> I've been procrastinating for a long time about making changes to the way
> Nikto does reporting, it's currently got some half cocked solution which
> mangles an early form of hooks with a few basic template frigs together.
> Making it quite buggy, especially if you're tuning your plugins.
>
> Basically I'd like to rewrite it from scratch. What do people want in a
> reporting system?
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/71a97971/attachment.html>

From resident.deity at gmail.com  Thu Feb  7 10:10:40 2013
From: resident.deity at gmail.com (a)
Date: Thu, 7 Feb 2013 16:10:40 +0000
Subject: [Nikto-discuss] False positive or not?
In-Reply-To: <CABaKezBvjYbK4YsJX0DihMt-TzDHzVOSw44PzP-jAkdGwXH5JQ@mail.gmail.com>
References: <B6A3AF582122724D8893615255A5CE52377175F7@SBPOMB401.sbp.lan>
	<CABaKezBvjYbK4YsJX0DihMt-TzDHzVOSw44PzP-jAkdGwXH5JQ@mail.gmail.com>
Message-ID: <CABaKezDBNr-ZTAn1=z4agFo7wyQaUm5Ltd7yAwgWYxBF1xKr_g@mail.gmail.com>

Just thought: you can minimise output by just switching on stuff like
verbose and debug only for the tests plugin, using:

nikto.pl -host vulnerable -D s -Tuning z -Plugins tests
-no404(debug,verbose)


On 7 February 2013 15:46, a <resident.deity at gmail.com> wrote:

> This looks like its a false positive off test 818; which is testing for a
> XSS in the pic parameter of phpimageview.php.
> There should be an exception case to catch this.
>
> Is there any chance you could do a test with -D dvs on this. To cut down
> the size of the debug file, you can edit db_tests and alter the 3rd column
> of test 818 and put in a "z", then run Nikto like:
>
> nikto.pl -host vulnerable -D dvs -Tuning z -Plugins tests -no404
>
> One of these days I'll put in a way of doing this easily, probably
> something like "-Plugins tests(tids:818)", suggestions would be appreciated.
>
>
> On 7 February 2013 14:24, Frank Breedijk <FBreedijk at schubergphilis.com>wrote:
>
>>  Recently we got some results from Nikto which we regard as false
>> positives.****
>>
>> ** **
>>
>> >telnet xxx.xxx.xxx.xxx 80****
>>
>> Trying xxx.xxx.xxx.xxx...****
>>
>> Connected to xxx.xxx.xxx.xxx ****
>>
>> Escape character is '^]'.****
>>
>> GET /phpimageview.php?pic=javascript:alert('Vulnerable') HTTP/1.1****
>>
>> Host: xxxxxxxxxxxxxxxxxxxx****
>>
>> ** **
>>
>> HTTP/1.1 301 Moved Permanently****
>>
>> Set-Cookie: ARPT=PZUZILSpws1CKIOL; path=/****
>>
>> Date: Thu, 07 Feb 2013 14:19:39 GMT****
>>
>> Server: Microsoft-IIS/6.0****
>>
>> X-Powered-By: ASP.NET****
>>
>> Location:
>> https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable
>> ')****
>>
>> Content-Length: 297****
>>
>> Content-type: text/html****
>>
>> ** **
>>
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">****
>>
>> <html><head>****
>>
>> <title>301 Moved Permanently</title>****
>>
>> </head><body>****
>>
>> <h1>Moved Permanently</h1><p>The document has moved <a href="
>> https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')
>> ">here</a>.</p>****
>>
>> </body></html>Connection closed by foreign host.****
>>
>> ** **
>>
>> I understand my the rule triggers, the URL is echoed back apparently
>> unescaped. However the double quotes neutralize the XSS and if you insert a
>> ? in the URL the webserver actually returns a 400 Bad Request.****
>>
>> ** **
>>
>> Kind regards,
>> Frank Breedijk
>>
>>
>> Schuberg Philis
>> Boeing Avenue 271
>> 1119 PD Schiphol-Rijk
>> schubergphilis.com
>>
>> +31 20 750 65 38
>> +31 6 4382 2637
>> _____________________ ****
>>
>> [image: Description: http://widget.sbpad6.nl/alpe_email.pl?nick=frank]<http://frank.sbpad6.nl/>
>> ****
>>
>> ** **
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130207/90f11dff/attachment-0001.html>

From resident.deity at gmail.com  Fri Feb  8 08:36:02 2013
From: resident.deity at gmail.com (a)
Date: Fri, 8 Feb 2013 14:36:02 +0000
Subject: [Nikto-discuss] False positive or not?
In-Reply-To: <CABaKezDBNr-ZTAn1=z4agFo7wyQaUm5Ltd7yAwgWYxBF1xKr_g@mail.gmail.com>
References: <B6A3AF582122724D8893615255A5CE52377175F7@SBPOMB401.sbp.lan>
	<CABaKezBvjYbK4YsJX0DihMt-TzDHzVOSw44PzP-jAkdGwXH5JQ@mail.gmail.com>
	<CABaKezDBNr-ZTAn1=z4agFo7wyQaUm5Ltd7yAwgWYxBF1xKr_g@mail.gmail.com>
Message-ID: <CABaKezDzT2UF0EN_5N=3e__pK3frAYHQm0-cZsfZuDk20rZW_A@mail.gmail.com>

I've just added a new parameter to the tests plugin so that you can run a
range of tids, the format is:
-Plugins tests(tids:1-5 6 9-10)

A - will specify a range, a space will separate groups of ranges (we can't
use a comma as that's a parameter separator). It's not the most perfect
expansion  routine but it works for now.

So if you clone the latest from the git repo, you can run the command:
nikto.pl -host vulnerable -D dvs -Tuning z -Plugins tests(tids:818) -no404


On 7 February 2013 16:10, a <resident.deity at gmail.com> wrote:

> Just thought: you can minimise output by just switching on stuff like
> verbose and debug only for the tests plugin, using:
>
> nikto.pl -host vulnerable -D s -Tuning z -Plugins tests
> -no404(debug,verbose)
>
>
> On 7 February 2013 15:46, a <resident.deity at gmail.com> wrote:
>
>> This looks like its a false positive off test 818; which is testing for a
>> XSS in the pic parameter of phpimageview.php.
>> There should be an exception case to catch this.
>>
>> Is there any chance you could do a test with -D dvs on this. To cut down
>> the size of the debug file, you can edit db_tests and alter the 3rd column
>> of test 818 and put in a "z", then run Nikto like:
>>
>> nikto.pl -host vulnerable -D dvs -Tuning z -Plugins tests -no404
>>
>> One of these days I'll put in a way of doing this easily, probably
>> something like "-Plugins tests(tids:818)", suggestions would be appreciated.
>>
>>
>> On 7 February 2013 14:24, Frank Breedijk <FBreedijk at schubergphilis.com>wrote:
>>
>>>  Recently we got some results from Nikto which we regard as false
>>> positives.****
>>>
>>> ** **
>>>
>>> >telnet xxx.xxx.xxx.xxx 80****
>>>
>>> Trying xxx.xxx.xxx.xxx...****
>>>
>>> Connected to xxx.xxx.xxx.xxx ****
>>>
>>> Escape character is '^]'.****
>>>
>>> GET /phpimageview.php?pic=javascript:alert('Vulnerable') HTTP/1.1****
>>>
>>> Host: xxxxxxxxxxxxxxxxxxxx****
>>>
>>> ** **
>>>
>>> HTTP/1.1 301 Moved Permanently****
>>>
>>> Set-Cookie: ARPT=PZUZILSpws1CKIOL; path=/****
>>>
>>> Date: Thu, 07 Feb 2013 14:19:39 GMT****
>>>
>>> Server: Microsoft-IIS/6.0****
>>>
>>> X-Powered-By: ASP.NET****
>>>
>>> Location:
>>> https://xxxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable
>>> ')****
>>>
>>> Content-Length: 297****
>>>
>>> Content-type: text/html****
>>>
>>> ** **
>>>
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">****
>>>
>>> <html><head>****
>>>
>>> <title>301 Moved Permanently</title>****
>>>
>>> </head><body>****
>>>
>>> <h1>Moved Permanently</h1><p>The document has moved <a href="
>>> https://xxxxxxxxxxxxxxxxx/phpimageview.php?pic=javascript:alert('Vulnerable')
>>> ">here</a>.</p>****
>>>
>>> </body></html>Connection closed by foreign host.****
>>>
>>> ** **
>>>
>>> I understand my the rule triggers, the URL is echoed back apparently
>>> unescaped. However the double quotes neutralize the XSS and if you insert a
>>> ? in the URL the webserver actually returns a 400 Bad Request.****
>>>
>>> ** **
>>>
>>> Kind regards,
>>> Frank Breedijk
>>>
>>>
>>> Schuberg Philis
>>> Boeing Avenue 271
>>> 1119 PD Schiphol-Rijk
>>> schubergphilis.com
>>>
>>> +31 20 750 65 38
>>> +31 6 4382 2637
>>> _____________________ ****
>>>
>>> [image: Description: http://widget.sbpad6.nl/alpe_email.pl?nick=frank]<http://frank.sbpad6.nl/>
>>> ****
>>>
>>> ** **
>>>
>>> _______________________________________________
>>> Nikto-discuss mailing list
>>> Nikto-discuss at attrition.org
>>> https://attrition.org/mailman/listinfo/nikto-discuss
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130208/ee7be734/attachment.html>

From rob.taschler at gmail.com  Wed Feb 27 12:09:03 2013
From: rob.taschler at gmail.com (Rob Taschler)
Date: Wed, 27 Feb 2013 13:09:03 -0500
Subject: [Nikto-discuss]  Multiple roots from a single scan?
In-Reply-To: Pine.LNX.4.64.0804012318240.32463@forced.attrition.org
References: Pine.LNX.4.64.0804012318240.32463@forced.attrition.org
Message-ID: <512E4BBF.7020305@gmail.com>

I'm curious if nikto was ever modified to allow multiple roots for a
target to be passed in the host file.

From sullo at cirt.net  Wed Feb 27 13:04:33 2013
From: sullo at cirt.net (Sullo)
Date: Wed, 27 Feb 2013 14:04:33 -0500
Subject: [Nikto-discuss] Multiple roots from a single scan?
In-Reply-To: <512E4BBF.7020305@gmail.com>
References: <512E4BBF.7020305@gmail.com>
Message-ID: <CA+KRv63mhWsFMQch0w8PJEgavFB8Grdt_XvCzBPN8MnDSMq0LA@mail.gmail.com>

No, it wasn't... guessing (at least in large part) because a ticket was
never opened and everyone forgot :-)

I'm not in a place where I can log into github, but if someone can open a
ticket at least we won't forget this time...

https://github.com/sullo/nikto

Thanks!


On Wed, Feb 27, 2013 at 1:09 PM, Rob Taschler <rob.taschler at gmail.com>wrote:

> I'm curious if nikto was ever modified to allow multiple roots for a
> target to be passed in the host file.
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130227/4d3db27f/attachment.html>