nikto
nikto copied to clipboard
sullo
Nikto web server scanner
commit 65059c63df69689cdecf9813a1d0ff53e79514da duplicated the X-Clacks-Overhead test with a comment implying that it's checking for Content-Security-Policy or Content-Security-Policy-Report-Only. ``` # CSP Report URLs if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined...
### Expected behavior Like running with -Plugins "headers", no error should be thrown. ``` $ perl /usr/local/nikto-nikto-2.5.0/program/nikto.pl -config /usr/local/nikto-nikto-2.5.0/program/nikto.conf -Display P -timeout 2 -Pause 0.1 -maxtime 24h -h -C all...
### Expected behavior Nikto should return items resembling the following: ``` ](https://127.0.0.1:8080/]]%3E%3C/namelink%3E) ](https://127.0.0.1:8080/]]%3E%3C/iplink%3E) ``` ### Actual behavior Nikto is including an item that appears to be an un-rendered template. ```...
I've just ran Nikto through Burp (and it worked perfectly) and then reviewed the calls and spotted requests to these two pages: https://xx/topsites/index.php?page=http://cirt.net/rfiinc.txt??&cmd=uname https://xx/topsites/index.php?page=http://cirt.net/rfiinc.txt??&cmd=uNikto Both were missing the HTTP version...
### Expected behavior I expected nikto to successfully connect to a https webserver to conduct its scans ### Actual behavior Received the following errors: #### Linux kali 5.16.0-kali6-cloud-amd64 #1 SMP...
### Description Add an option for specifying custom headers Something like: - nikto -h example.com --header "Authorization: Bearer \"
System: Kali Linux, Nikto 2.1.6 Given script run-nikto.sh: ``` #!/bin/bash command="nikto -D V -h 192.168.1.143 -p 80" echo "executing nikto..." eval $command echo "all done!" ``` Results produce: _results at...
### Output of suspected false positive / negative ``` + /com.cer: Potentially interesting backup/cert file found. + /database.tar.lzma: Potentially interesting backup/cert file found. + /dump.tgz: Potentially interesting backup/cert file found....
### Expected behavior Requests be made over http when specified ### Actual behavior Requests are made over https to port 80 ### Steps to reproduce With this command line the...
Now asking password from STDIN instead of command line argument's value. The `-id` argument's value should be in format `user` or `user:realm`. And the password for the user will be...
