Nikto v1.21 scan_database.db lotus notes additions and unicode/double decode fix

From: fr0stman (fr0stman@sun-tzu-security.net)
Date: 11/29/02

  • Next message: Ozan Gonenc: "RE: Terminal Server brute force"
    From: fr0stman <fr0stman@sun-tzu-security.net>
    Date: Fri, 29 Nov 2002 11:59:31 -0500
    To: pen-test@securityfocus.com
    
    

    Happy Thanksgiving All,

    Here's an updated scan_database.db for nikto 1.21 with Lotus Notes additions
    from David Barnett as well as fixing Unicode/Double Decode bug of a single \
    in cmd.exe?/c+dir+c:\" causing the check not to be performed. This has been
    changed to cmd.exe?/c+dir" instead and looking for <DIR> in the HTTP
    response. Added all default executable directories into the checks as well.

    http://www.geocities.com/fr0stmanspublicdownloads/nikto121update.tar.gz

    To install the update:

    1. perl nikto.pl -update to get the latest updates. **Warning** Don't do this
    after installing the attached scan_database.db until this update is
    incorporated by cirt.net.

    2. Now since you are at the latest update overwrite the scan_database.db in
    your /nikto/plugins/ directory with the attached one.

    3. Enjoy. :)

    --
    fr0stman
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    


    Relevant Pages

    • RE: Command line network sniffing tools on NT/W2K
      ... Command line network sniffing tools on NT/W2K ... why not install WinVNC...you can install it and ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: faster scans? (nmap)
      ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)
    • Re: pen test help please asap
      ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: ettercap help
      ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: Wardialing
      ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
      (Pen-Test)