[Nikto-discuss] (no subject)
Thiébaut Devergranne
t.devergranne at gmail.com
Thu Sep 12 07:21:48 CDT 2013
Sorry I tried with the configuration you suggested but had no results whatsoever.
Regards
Le 12 sept. 2013 à 01:41, a <resident.deity at gmail.com> a écrit :
> I see the problem: the plugin names are wrong, it should usually be without the nikto_. You can see the full list of plugins and their names by doing a:
> nikto -list-plugins
>
> Although the plugin name is usually nikto_plugin it doesn't have to be. In case of doubt always use the name shown when doing a -list-plugins.
>
> The command line you're looking for is:
> nikto -Plugins 'outdated' -no404 -host http://www.domain.com
>
> Be warned: reporting is done by a plugin as well, so if you want to save the result to a file, you'll need to include the reporting plugin as well:
> nikto -Plugins 'outdated,report_xml' -no404 -host http://www.domain.com -output domain.xml
>
>
>
> On 2 September 2013 09:02, Thiébaut Devergranne <t.devergranne at gmail.com> wrote:
> Thanks for the feedback. If I uses theses options Nikto doesn't tell me about any problems any more ; here's a test :
>
> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h http://www.domain.com
> - Nikto v2.1.5
> ---------------------------------------------------------------------------
> + Target IP: bla.bla.
> + Target Hostname: www.domain.com
> + Target Port: 80
> + Start Time: 2013-09-02 09:58:56 (GMT2)
> ---------------------------------------------------------------------------
> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
> + End Time: 2013-09-02 09:58:56 (GMT2) (0 seconds)
> ---------------------------------------------------------------------------
>
> So the server runs a vulnerable version of php but Nikto doesn't give me any information about it. Is there something i'm missing ?
>
> Thanks !
> TD
>
>
> Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :
>
>> I am not near a computer, sorry, but you want to use the -no404 option combined with -Plugins.
>>
>> It should be like: -Plugins "@@none;nikto_outdated;nikto_versions"
>>
>> Those are from memory so check output of -list-plugins to be sure those are correct.
>>
>> Also see:
>> http://cirt.net/nikto2-docs/options.html#id2741238
>>
>> I'm not sure it will be one request but probably 2-3 if you set the options right, since it tests ssl and possibly more than one method. You can use -ssl and -nossl to save a request if you know ahead of time or don't mind guessing based on port.
>>
>> Let us know how it turns out!
>>
>> -Sullo
>>
>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <t.devergranne at gmail.com> wrote:
>>
>>> Hi guys,
>>>
>>> I'm very new to Nikto and I'm trying to find out how to conduct a server version tests (like php, asp) sending the minimal number of requests, ideally one.
>>>
>>> I understand it's possible to do that using the -Plugin parameter but i'm kind of lost after that.
>>>
>>> Anyone could help to put me on the right track ?
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Nikto-discuss mailing list
>>> Nikto-discuss at attrition.org
>>> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130912/425629c6/attachment-0001.html>
More information about the Nikto-discuss
mailing list