[Nikto-discuss] (no subject)

a resident.deity at gmail.com
Wed Sep 11 18:41:39 CDT 2013


I see the problem: the plugin names are wrong, it should usually be without
the nikto_. You can see the full list of plugins and their names by doing a:
  nikto -list-plugins

Although the plugin name is usually nikto_plugin it doesn't have to be. In
case of doubt always use the name shown when doing a -list-plugins.

The command line you're looking for is:
  nikto -Plugins 'outdated' -no404 -host http://www.domain.com

Be warned: reporting is done by a plugin as well, so if you want to save
the result to a file, you'll need to include the reporting plugin as well:
  nikto -Plugins 'outdated,report_xml' -no404 -host
http://www.domain.com-output domain.xml



On 2 September 2013 09:02, Thiébaut Devergranne <t.devergranne at gmail.com>wrote:

> Thanks for the feedback. If I uses theses options Nikto doesn't tell me
> about any problems any more ; here's a test :
>
> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h
> http://www.domain.com
> - Nikto v2.1.5
> ---------------------------------------------------------------------------
> + Target IP:          bla.bla.
> + Target Hostname:    www.domain.com
> + Target Port:        80
> + Start Time:         2013-09-02 09:58:56 (GMT2)
> ---------------------------------------------------------------------------
> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
> + End Time:           2013-09-02 09:58:56 (GMT2) (0 seconds)
> ---------------------------------------------------------------------------
>
> So the server runs a vulnerable version of php but Nikto doesn't give me
> any information about it. Is there something i'm missing ?
>
> Thanks !
> TD
>
>
> Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :
>
> I am not near a computer, sorry, but you want to use the -no404 option
> combined with -Plugins.
>
> It should be like:  -Plugins "@@none;nikto_outdated;nikto_versions"
>
> Those are from memory so check output of -list-plugins to be sure those
> are correct.
>
> Also see:
> http://cirt.net/nikto2-docs/options.html#id2741238
>
> I'm not sure it will be one request but probably 2-3 if you set the
> options right, since it tests ssl and possibly more than one method. You
> can use -ssl and -nossl to save a request if you know ahead of time or
> don't mind guessing based on port.
>
> Let us know how it turns out!
>
> -Sullo
>
> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <t.devergranne at gmail.com>
> wrote:
>
> Hi guys,
>
> I'm very new to Nikto and I'm trying to find out how to conduct a server
> version tests (like php, asp) sending the minimal number of requests,
> ideally one.
>
> I understand it's possible to do that using the -Plugin parameter but i'm
> kind of lost after that.
>
> Anyone could help to put me on the right track ?
> Thanks
>
>
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130912/7de3e927/attachment.html>


More information about the Nikto-discuss mailing list