[Nikto-discuss] (no subject)

Sullo csullo at gmail.com
Thu Sep 12 07:42:06 CDT 2013


David's method seems to work for me:

./nikto.pl -h localhost -Plugins "@@none;outdated" -no404
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    localhost
+ Target Port:        80
+ Start Time:         2013-09-12 08:40:49 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.2.22 (Unix) DAV/2 mod_ssl/2.2.22 OpenSSL/0.9.8r
+ mod_ssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may
depend on server version)
+ OpenSSL/0.9.8r appears to be outdated (current is at least 1.0.1c).
OpenSSL 0.9.8r is also current.
+ 6607 items checked: 0 error(s) and 2 item(s) reported on remote host
+ End Time:           2013-09-12 08:40:49 (GMT-4) (0 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested





On Thu, Sep 12, 2013 at 8:21 AM, Thiébaut Devergranne <
t.devergranne at gmail.com> wrote:

> Sorry I tried with the configuration you suggested but had no results
> whatsoever.
> Regards
>
>
> Le 12 sept. 2013 à 01:41, a <resident.deity at gmail.com> a écrit :
>
> I see the problem: the plugin names are wrong, it should usually be
> without the nikto_. You can see the full list of plugins and their names by
> doing a:
>   nikto -list-plugins
>
> Although the plugin name is usually nikto_plugin it doesn't have to be. In
> case of doubt always use the name shown when doing a -list-plugins.
>
> The command line you're looking for is:
>   nikto -Plugins 'outdated' -no404 -host http://www.domain.com
>
> Be warned: reporting is done by a plugin as well, so if you want to save
> the result to a file, you'll need to include the reporting plugin as well:
>   nikto -Plugins 'outdated,report_xml' -no404 -host http://www.domain.com-output domain.xml
>
>
>
>  On 2 September 2013 09:02, Thiébaut Devergranne <t.devergranne at gmail.com>wrote:
>
>>  Thanks for the feedback. If I uses theses options Nikto doesn't tell me
>> about any problems any more ; here's a test :
>>
>> hstd# nikto -Plugins "@@none;nikto_outdated;nikto_versions" -no404 -h
>> http://www.domain.com
>> - Nikto v2.1.5
>>
>> ---------------------------------------------------------------------------
>> + Target IP:          bla.bla.
>> + Target Hostname:    www.domain.com
>> + Target Port:        80
>> + Start Time:         2013-09-02 09:58:56 (GMT2)
>>
>> ---------------------------------------------------------------------------
>> + Server: Apache/2.2.6 (Unix) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g
>> + 6545 items checked: 0 error(s) and 0 item(s) reported on remote host
>> + End Time:           2013-09-02 09:58:56 (GMT2) (0 seconds)
>>
>> ---------------------------------------------------------------------------
>>
>> So the server runs a vulnerable version of php but Nikto doesn't give me
>> any information about it. Is there something i'm missing ?
>>
>> Thanks !
>> TD
>>
>>
>> Le 1 sept. 2013 à 15:28, csullo at gmail.com a écrit :
>>
>> I am not near a computer, sorry, but you want to use the -no404 option
>> combined with -Plugins.
>>
>> It should be like:  -Plugins "@@none;nikto_outdated;nikto_versions"
>>
>> Those are from memory so check output of -list-plugins to be sure those
>> are correct.
>>
>> Also see:
>> http://cirt.net/nikto2-docs/options.html#id2741238
>>
>> I'm not sure it will be one request but probably 2-3 if you set the
>> options right, since it tests ssl and possibly more than one method. You
>> can use -ssl and -nossl to save a request if you know ahead of time or
>> don't mind guessing based on port.
>>
>> Let us know how it turns out!
>>
>> -Sullo
>>
>> On Aug 30, 2013, at 9:30 AM, Thiébaut Devergranne <
>> t.devergranne at gmail.com> wrote:
>>
>> Hi guys,
>>
>> I'm very new to Nikto and I'm trying to find out how to conduct a server
>> version tests (like php, asp) sending the minimal number of requests,
>> ideally one.
>>
>> I understand it's possible to do that using the -Plugin parameter but i'm
>> kind of lost after that.
>>
>> Anyone could help to put me on the right track ?
>> Thanks
>>
>>
>>
>>
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>>
>>
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
>>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 

http://www.cirt.net     |      http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20130912/1b6c03b2/attachment.html>


More information about the Nikto-discuss mailing list