[Nikto-discuss] (no subject)

Thiébaut Devergranne t.devergranne at gmail.com
Thu Sep 12 07:21:48 CDT 2013


Sorry I tried with the configuration you suggested but had no results whatsoever. 
Regards


Le 12 sept. 2013 à 01:41, a <resident.deity at gmail.com> a écrit :

> I see the problem: the plugin names are wrong, it should usually be without the nikto_. You can see the full list of plugins and their names by doing a:
>   nikto -list-plugins
> 
> Although the plugin name is usually nikto_plugin it doesn't have to be. In case of doubt always use the name shown when doing a -list-plugins.
> 
> The command line you're looking for is:
>   nikto -Plugins 'outdated' -no404 -host http://www.domain.com
> 
> Be warned: reporting is done by a plugin as well, so if you want to save the result to a file, you'll need to include the reporting plugin as well:
>   nikto -Plugins 'outdated,report_xml' -no404 -host http://www.domain.com -output domain.xml
> 
> 
> 
> On 2 September 2013 09:02, Thiébaut Devergranne <t.devergranne at gmail.com> wrote:
> Thanks for the feedback. If I uses theses options Nikto doesn't tell me about any problems any more ; here's a test : 
> 
> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h http://www.domain.com
> - Nikto v2.1.5
> ---------------------------------------------------------------------------
> + Target IP:          bla.bla.
> + Target Hostname:    www.domain.com
> + Target Port:        80
> + Start Time:         2013-09-02 09:58:56 (GMT2)
> ---------------------------------------------------------------------------
> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
> + End Time:           2013-09-02 09:58:56 (GMT2) (0 seconds)
> ---------------------------------------------------------------------------
> 
> So the server runs a vulnerable version of php but Nikto doesn't give me any information about it. Is there something i'm missing ?
> 
> Thanks !
> TD
> 
> 
> Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :
> 
>> I am not near a computer, sorry, but you want to use the -no404 option combined with -Plugins. 
>> 
>> It should be like:  -Plugins "@@none;nikto_outdated;nikto_versions"
>> 
>> Those are from memory so check output of -list-plugins to be sure those are correct. 
>> 
>> Also see:
>> http://cirt.net/nikto2-docs/options.html#id2741238
>> 
>> I'm not sure it will be one request but probably 2-3 if you set the options right, since it tests ssl and possibly more than one method. You can use -ssl and -nossl to save a request if you know ahead of time or don't mind guessing based on port. 
>> 
>> Let us know how it turns out!
>> 
>> -Sullo
>> 
>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <t.devergranne at gmail.com> wrote:
>> 
>>> Hi guys, 
>>> 
>>> I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one. 
>>> 
>>> I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.
>>> 
>>> Anyone could help to put me on the right track ? 
>>> Thanks
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Nikto-discuss mailing list
>>> Nikto-discuss at attrition.org
>>> https://attrition.org/mailman/listinfo/nikto-discuss
> 
> 
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130912/425629c6/attachment-0001.html>


More information about the Nikto-discuss mailing list