From christian.heinrich at cmlh.id.au  Tue Nov  1 19:04:08 2011
From: christian.heinrich at cmlh.id.au (Christian Heinrich)
Date: Wed, 2 Nov 2011 11:04:08 +1100
Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4
In-Reply-To: <CAGKxTUTuHv=kvh4SoS_3h92CvTx3UAOeEeCaTjJud4X3u_O42g@mail.gmail.com>
References: <CAE7Ck-Qu+UvmcDqJR8tC+w=vndVvFo=xVE1PXFmEkkzxZnDVOA@mail.gmail.com>
	<CA+KRv63sYXQdjKwW-0jHbFk0tReN2k7FwvNWMP=QDEZDUYtSnA@mail.gmail.com>
	<CAGKxTUTuHv=kvh4SoS_3h92CvTx3UAOeEeCaTjJud4X3u_O42g@mail.gmail.com>
Message-ID: <CAGKxTUTVGMQofzDJSovFpCRvQRF1zH-98abR3VtvV4Q2UWdurQ@mail.gmail.com>

Sullo,

The issue appears to have been resolved at 11AM AEST i.e.

root at bt:/pentest/web/nikto# ./nikto.pl -update
+ Retrieving 'db_tests'
+ Retrieving 'db_outdated'
+ CIRT.net message: Please submit Nikto bugs to
http://trac2.assembla.com/Nikto_2/report/2
root at bt:/pentest/web/nikto# ./nikto.pl -update
+ No updates required.
+ CIRT.net message: Please submit Nikto bugs to
http://trac2.assembla.com/Nikto_2/report/2
root at bt:/pentest/web/nikto#

Would you be able to amend the instructions at
http://cirt.net/nikto2-docs/usage.html#id2727312 on how to update nikto by
hand, i.e. without -update, using curl/wget/browser from within the
/nikto/plugins directory?

On Thu, Oct 27, 2011 at 6:00 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:
> Sullo,
> I have a similar error with db_tests with a BackTrack,
> i.e. BT5R1-GNOME-VM-32, which I have reproduced below:
> root at bt:/pentest/web/nikto# ./nikto.pl -update
> + Retrieving 'db_tests'
> + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_tests
> I can't retrieve "db_tests" with a web browser (Chrome) or wget as
confirmed
> by the 200 OK HTTP Status Code quoted below:
> root at bt:/pentest/web/nikto# wget
> http://CIRT.net/nikto/UPDATES/2.1.4/db_tests
> --2011-10-27 02:52:01--  http://cirt.net/nikto/UPDATES/2.1.4/db_tests
> Resolving cirt.net... 174.142.17.165
> Connecting to cirt.net|174.142.17.165|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 1165182 (1.1M) [text/plain]
> Saving to: `db_tests'
> 100%[===================================================>] 1,165,182
> 30.2K/s   in 43s
> 2011-10-27 02:52:44 (26.6 KB/s) - `db_tests' saved [1165182/1165182]
> This error is occurring now (i.e. 6PM Australian Eastern Standard Time) so
> ignore the timestamp in the example above i.e. 02:52:01.
> On Wed, Oct 5, 2011 at 11:35 PM, Sullo <csullo at gmail.com> wrote:
>>
>> I am unable to duplicate this behavior... seems to be working ok for
>> me. Anyone else having issues?
>>
>> On Tue, Oct 4, 2011 at 3:55 AM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:
>> > Hello list,
>> > I am trying to update my nikto 2.1.4, then I get the following error:
>> > root at think:/home/za/tools/nikto/nikto-2.1.4# ./nikto.pl -update
>> > + Retrieving 'db_tests'
>> > + Retrieving 'db_outdated'
>> > + ERROR: Unable to get CIRT.net/nikto/UPDATES/2.1.4/db_outdated
>> > What's wrong with this update process?
>> > Thanks!
>> > --
>> > Zaki Akhmad
>> >
>> > _______________________________________________
>> > Nikto-discuss mailing list
>> > Nikto-discuss at attrition.org
>> > https://attrition.org/mailman/listinfo/nikto-discuss
>> >
>> >
>>
>>
>>
>> --
>>
>> http://www.cirt.net     |      http://www.osvdb.org/
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20111102/a836255f/attachment.html>

From nirav_acharya at yahoo.com  Mon Nov  7 23:56:42 2011
From: nirav_acharya at yahoo.com (nirav acharya)
Date: Mon, 7 Nov 2011 21:56:42 -0800 (PST)
Subject: [Nikto-discuss] Nikto-scan
Message-ID: <1320731802.70619.YahooMailNeo@web125701.mail.ne1.yahoo.com>

Hello,

Thanx Mr. Sullo. I tried options which u r suggested. I want maximum vulnerability of web server and web application. suggest me best option to scan vulnerability which takes less time (except mutate option).? 

Can nikto scan all url of? specific domain? 


Thanx.............

?
-Nirav Acharya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20111107/1bbbb0a9/attachment.html>

From csullo at gmail.com  Sat Nov 12 19:53:20 2011
From: csullo at gmail.com (Sullo)
Date: Sat, 12 Nov 2011 20:53:20 -0500
Subject: [Nikto-discuss] Nikto-scan
In-Reply-To: <1320731802.70619.YahooMailNeo@web125701.mail.ne1.yahoo.com>
References: <1320731802.70619.YahooMailNeo@web125701.mail.ne1.yahoo.com>
Message-ID: <CA+KRv62+eyrdRTub3Vo7d29KDWXuzJV4PjTr8rTTzqr67AyjTA@mail.gmail.com>

On Tue, Nov 8, 2011 at 12:56 AM, nirav acharya <nirav_acharya at yahoo.com> wrote:
> Hello,
> Thanx Mr. Sullo. I tried options which u r suggested. I want maximum
> vulnerability of web server and web application. suggest me best option to
> scan vulnerability which takes less time (except mutate option).
> Can nikto scan all url of? specific domain?
>
> Thanx.............

You should really read the documentation
(http://cirt.net/nikto2-docs/) so you understand what nikto is
actually checking for, and what it is not. It is not doing the same
job as a crawler/scanner, such as Webinpect, Appscan, etc..

-Sullo



-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/

From csullo at gmail.com  Sat Nov 12 20:06:27 2011
From: csullo at gmail.com (Sullo)
Date: Sat, 12 Nov 2011 21:06:27 -0500
Subject: [Nikto-discuss] Support for HTTP-method-request POST Form?
In-Reply-To: <CAE7Ck-SYAg9ZrmYaw9Sx3Dp5n3nY_QN_wMhG4WExpsT0V=ft-Q@mail.gmail.com>
References: <CAE7Ck-SYAg9ZrmYaw9Sx3Dp5n3nY_QN_wMhG4WExpsT0V=ft-Q@mail.gmail.com>
Message-ID: <CA+KRv619GTg0cn=G=77yWhMqn6Y7+fuCcYjdUqz4HLdpzTnsWA@mail.gmail.com>

On Tue, Oct 25, 2011 at 3:50 AM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:
> Hello,
>
> There is userid:password option at Nikto. From the nikto man page:
>
> <quote>
> -id
> ? ? ? ? ? ID and password to use for host Basic host authentication.
> Format is "id:password".
> </quote>
>
> Does it mean that Nikto hasn't supported the http-method-request post
> form authentication?

No. Nikto only supports HTTP Basic authentication. There are some
hacks you could probably do to the code to get that functionality, but
there's nothing too easy I can think of right off the top of my head.

Sorry for the delayed response!

-Sullo


-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/

From resident.deity at gmail.com  Tue Nov 15 02:20:01 2011
From: resident.deity at gmail.com (a)
Date: Tue, 15 Nov 2011 08:20:01 +0000
Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4
In-Reply-To: <CAGKxTUTVGMQofzDJSovFpCRvQRF1zH-98abR3VtvV4Q2UWdurQ@mail.gmail.com>
References: <CAE7Ck-Qu+UvmcDqJR8tC+w=vndVvFo=xVE1PXFmEkkzxZnDVOA@mail.gmail.com>
	<CA+KRv63sYXQdjKwW-0jHbFk0tReN2k7FwvNWMP=QDEZDUYtSnA@mail.gmail.com>
	<CAGKxTUTuHv=kvh4SoS_3h92CvTx3UAOeEeCaTjJud4X3u_O42g@mail.gmail.com>
	<CAGKxTUTVGMQofzDJSovFpCRvQRF1zH-98abR3VtvV4Q2UWdurQ@mail.gmail.com>
Message-ID: <CABaKezAxpzP6Z_QNEFMxQdH6KFHOyumZKrmg_pm_0oAsvqMJBQ@mail.gmail.com>

On 2 November 2011 00:04, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> Sullo,
> The issue appears to have been resolved at 11AM AEST i.e.
>
> root at bt:/pentest/web/nikto# ./nikto.pl -update
> + Retrieving 'db_tests'
> + Retrieving 'db_outdated'
> + CIRT.net message: Please submit Nikto bugs to
> http://trac2.assembla.com/Nikto_2/report/2
> root at bt:/pentest/web/nikto# ./nikto.pl -update
> + No updates required.
> + CIRT.net message: Please submit Nikto bugs to
> http://trac2.assembla.com/Nikto_2/report/2
> root at bt:/pentest/web/nikto#
>
> Would you be able to amend the instructions at
> http://cirt.net/nikto2-docs/usage.html#id2727312 on how to update nikto by
> hand, i.e. without -update, using curl/wget/browser from within the
> /nikto/plugins directory?

Created as ticket #227: https://trac.assembla.com/Nikto_2/ticket/227

From christian.heinrich at cmlh.id.au  Tue Nov 15 20:11:19 2011
From: christian.heinrich at cmlh.id.au (Christian Heinrich)
Date: Wed, 16 Nov 2011 13:11:19 +1100
Subject: [Nikto-discuss] Error While Update - Nikto version 2.1.4
In-Reply-To: <CABaKezAxpzP6Z_QNEFMxQdH6KFHOyumZKrmg_pm_0oAsvqMJBQ@mail.gmail.com>
References: <CAE7Ck-Qu+UvmcDqJR8tC+w=vndVvFo=xVE1PXFmEkkzxZnDVOA@mail.gmail.com>
	<CA+KRv63sYXQdjKwW-0jHbFk0tReN2k7FwvNWMP=QDEZDUYtSnA@mail.gmail.com>
	<CAGKxTUTuHv=kvh4SoS_3h92CvTx3UAOeEeCaTjJud4X3u_O42g@mail.gmail.com>
	<CAGKxTUTVGMQofzDJSovFpCRvQRF1zH-98abR3VtvV4Q2UWdurQ@mail.gmail.com>
	<CABaKezAxpzP6Z_QNEFMxQdH6KFHOyumZKrmg_pm_0oAsvqMJBQ@mail.gmail.com>
Message-ID: <CAGKxTUSRFJjexUjO+ZPLLwh+qBia1jyP919tBzDYXXYwZaG4_A@mail.gmail.com>

On Tue, Nov 15, 2011 at 7:20 PM, a <resident.deity at gmail.com> wrote:
> Created as ticket #227: https://trac.assembla.com/Nikto_2/ticket/227

Thanks - I wasn't aware of the assembla URL until today i.e.
http://cirt.net/nikto2-docs/developing.html :)


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact