hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Web Scanner Nikto
GovernmentSecurity.org > The Archives > Public Downloads
damulint
Dec 9 2003, 12:46 AM
IT is NT Nikto..
I used to Web Scanner [Nikto]..
Fast and IDS Evasion Good..
First Active Perl setup..
Second move Nikto in Active perl setup folder.
And Using..


Question one?
How about is add Plug in My pattern?
Wait to answer..
illwill
Dec 9 2003, 01:37 AM
morning_wood from my site http://illmob.org compiled this script to an exe program ,that way you dont need to run it from a webserver... enjoy
damulint
Dec 9 2003, 02:33 AM
Thanks for illwill..
I received U uploading Nikto..
GOOD..
But I do not understand all..
Soon i will understand all..
Thank you..

TedOb1
Dec 9 2003, 05:56 AM
and for those who have perl installed and would like to keep file size down (163k):

http://packetstormsecurity.nl/UNIX/cgi-sca...kto-1.31.tar.gz

Nikto 1.31 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site. Changes: LibWhisker 1.8, additional configuration options, enhanced multiple-host scanning, and multiple bug fixes and more

-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-

although its in the UNIX dir it runs great under win2k w/active perl:

---------------------------------------------------------------------------
- Nikto 1.31/1.16 - www.cirt.net
+ Target IP: xx.xxx.xx.xx
+ Target Hostname:
+ Target Port: 80
+ Start Time: Tue Dec 9 01:02:43 2003
---------------------------------------------------------------------------
+ Server: Microsoft-IIS/5.0
+ The root file (/) redirects to: log_stats.asp
+ No CGI Directories found (use -a to force check all possible dirs)
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK,
UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used
to get directory listings if indexing is allowed but a default page exists.
+ HTTP method 'SEARCH' may be used to get directory listings if Index Server is
running.
+ HTTP method 'TRACE' is typically only used for debugging. It should be disable
d.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgis
ecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror...aper_screen.pdf for details (T
RACK)
DJVASTVASTY2K
Dec 9 2003, 12:09 PM
Hello M8's

Thanks For Starting The Thread "Damulint"

And Thanks 4 This Tool

@IllWill

Thank You For The Windows Version of This Tool And Compiled wink.gif

And Thanks To "TedOb1"

For Provideing The File Size Down Version

Best Regards

Adam

Vast Gsm
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.