From resident.deity at gmail.com Mon Nov 2 14:41:05 2009 From: resident.deity at gmail.com (david lodge) Date: Mon, 2 Nov 2009 14:41:05 +0000 Subject: [Nikto-discuss] Windows distribution and location of conf files Message-ID: I'm currently messing around with trying to get Nikto to work as a pre-compiled Windows executable (so having perl installed is not a requirement). This does lead to a couple of interesting questions about how Nikto should work on Windows and the distribution mechanism. At the moment Nikto doesn't come in OS dependant installation packages, this is simply to minimise work on releases of Nikto, so that the downstream package providers can turn them into .deb or .rpm files and fit the files in to their own distros requirements. With Windows this gets more complicated: most of the time Windows users expect an executable (or MSI) with it just working. For Nikto, the biggest problem is reading the nikto.conf file: at the moment we read the config files in the following way: 1. /etc/nikto.conf 2. ~/nikto.conf 3. ./nikto.conf With each config file overwriting any duplicates, this way a user can set up parameters for a single nikto session by configuring a nikto.conf in the current directory. With 2.1.0, in Windows, number 3 is the only one supported. I have a patch which is easy to apply to allow nikto to read from either $HOME or %USERPROFILE% depending on which ones are set, so number 2 is covered. But I have no real idea of where we should site number 1. At the moment this is hardcoded in nikto.pl with a comment for the package maintainer to alter it if needed, which isn't the best. On Windows this'd probably be best going in C:\program files\nikto\nikto.conf. (Which can also be complicated if it's not installed to c:\). But this also brings up the question of whether /etc/nikto.conf is best on Unix like file systems, there could be arguments made that /etc/nikto.conf is best, also /usr/local/etc/nikto.conf, or even /etc/opt/nikto/nikto.conf. Have any of the readers of this list done this in the past, or is it just best to highlight a comment saying "package maintainers, alter this path" above the line in the source? Thoughts appreciated. dave From gau.29486 at gmail.com Sun Nov 22 19:23:00 2009 From: gau.29486 at gmail.com (Gaurang Shukla) Date: Sun, 22 Nov 2009 13:23:00 -0600 Subject: [Nikto-discuss] Hostnames option Message-ID: What are the hostname options available with Nikto? Can Nikto scan hostnames like mcname1.abc.com.hostname.com; or mcname1.hostname.com ? Can it uniquely scan websites hosted on services like freehostia.com? Would scanning multiple websites like abx.freehostia.com and ghg.freehostia.comyield same results? -- -Gaurang -------------- next part -------------- An HTML attachment was scrubbed... URL: http://attrition.org/pipermail/nikto-discuss/attachments/20091122/73914365/attachment.html From csullo at gmail.com Mon Nov 23 19:28:22 2009 From: csullo at gmail.com (Sullo) Date: Mon, 23 Nov 2009 14:28:22 -0500 Subject: [Nikto-discuss] Hostnames option In-Reply-To: References: Message-ID: On Sun, Nov 22, 2009 at 2:23 PM, Gaurang Shukla wrote: > What are the hostname options available with Nikto? > Can Nikto scan hostnames like mcname1.abc.com.hostname.com; or > mcname1.hostname.com ? yes, just pass them with the -host option. if you want, you can also specify the virtual host header by using the -vhost option. > Can it uniquely scan websites hosted on services like freehostia.com? Would > scanning multiple websites like abx.freehostia.com and ghg.freehostia.com > yield same results? They should yield different results as they are going to be scanned with the Host header set to "abx.freehostia.com" or "ghg.freehostia.com" unless you use the IP or the -vhost option to specify something different. -Sullo -- http://www.cirt.net | http://www.osvdb.org/