Comments on: Nikto 2 Released - Web Server Scanning Tool http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/ Ethical Hacking, Penetration Testing & Computer Security Thu, 04 Dec 2008 16:41:04 +0000 http://wordpress.org/?v=2.6.5 By: Sir Henry http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95639 Sir Henry Wed, 09 Jan 2008 19:58:41 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95639 Anything to spread the word on security. Anything to spread the word on security.

]]> By: ivan http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95638 ivan Wed, 09 Jan 2008 19:57:31 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95638 oh my god, again, thanks a bunch for your absolutely ultra fast reply, i have understood now :) oh my god, again, thanks a bunch for your absolutely ultra fast reply, i have understood now :)

]]> By: Sir Henry http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95635 Sir Henry Wed, 09 Jan 2008 19:43:39 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95635 Look at the following link to see how one would check a favicon to enumerate the fingerprint of a web server: http://list.nessus.org/pipermail/plugins-writers/2005-October/msg00033.html Look at the following link to see how one would check a favicon to enumerate the fingerprint of a web server:

http://list.nessus.org/pipermail/plugins-writers/2005-October/msg00033.html

]]> By: ivan http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95634 ivan Wed, 09 Jan 2008 19:39:23 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95634 Sir Henry, Thanks a bunch for your explanation, but there's a thing that i'm not uderstand yet. So, can you give examples about like you're talking about favicon .ico of some webservers? Sir Henry,

Thanks a bunch for your explanation, but there’s a thing that i’m not uderstand yet. So, can you give examples about like you’re talking about favicon .ico of some webservers?

]]> By: Sir Henry http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95558 Sir Henry Wed, 09 Jan 2008 14:59:13 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95558 @Ivan This is simple enough. They are speaking specifically about the favicon .ico file for popular webservers. If you do a search for favicon.ico on a server, there is information there that can disclose the type of webserver, thus providing the fingerprint. @Ivan

This is simple enough. They are speaking specifically about the favicon .ico file for popular webservers. If you do a search for favicon.ico on a server, there is information there that can disclose the type of webserver, thus providing the fingerprint.

]]> By: ivan http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95549 ivan Wed, 09 Jan 2008 14:07:24 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95549 hi.... i am a total newbie on computer security, so please be patient Smile so, nikto 2 contains many enhancements over the first version. one of the major new features is fingerprinting web servers via favicon.ico files. because i'm a newbie i don't know how nikto finding a webserver bug through *.ico file? so please tell me. any answer would be appreciated ! hi….

i am a total newbie on computer security, so please be patient Smile

so, nikto 2 contains many enhancements over the first version. one of the major new features is fingerprinting web servers via favicon.ico files.

because i’m a newbie i don’t know how nikto finding a webserver bug through *.ico file? so please tell me.

any answer would be appreciated !

]]> By: eM3rC http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95282 eM3rC Wed, 09 Jan 2008 03:05:06 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95282 @ Sir Henry Its nice that you would be nice enough to contact your host about their vulnerabilities and let them know about what you were going to try to do. Many people I know seem to just do what they want and if someone doesn't like it, down go the servers and/or website and/or computer. @ Sir Henry

Its nice that you would be nice enough to contact your host about their vulnerabilities and let them know about what you were going to try to do. Many people I know seem to just do what they want and if someone doesn’t like it, down go the servers and/or website and/or computer.

]]> By: goodpeople http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95228 goodpeople Wed, 09 Jan 2008 00:55:51 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95228 hahaha, Well, I guess everybody here knows the frustration of knowing more than the people who are supposed to give support. hahaha,

Well, I guess everybody here knows the frustration of knowing more than the people who are supposed to give support.

]]> By: Sir Henry http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95226 Sir Henry Wed, 09 Jan 2008 00:51:06 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95226 For my web host? lol...yeah, I believe I have become that guy. But, I think they appreciate it. I once submitted with the following lines to show them that they needed to restart httpd: ps -ef | grep httpd userx 25159 25142 0 16:52 pts/2 00:00:00 grep httpd I believe they laughed, but thanked me for being attentive. For my web host? lol…yeah, I believe I have become that guy. But, I think they appreciate it. I once submitted with the following lines to show them that they needed to restart httpd:

ps -ef | grep httpd
userx 25159 25142 0 16:52 pts/2 00:00:00 grep httpd

I believe they laughed, but thanked me for being attentive.

]]> By: goodpeople http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95211 goodpeople Wed, 09 Jan 2008 00:09:38 +0000 http://www.darknet.org.uk/2007/12/nikto-2-released-web-server-scanning-tool/#comment-95211 You do realize that you have just become "that annoying guy who thinks he understands the wonderful Internet". Right? You do realize that you have just become “that annoying guy who thinks he understands the wonderful Internet”. Right?

]]>