Nikto v1.21 scan_database.db lotus notes additions and unicode/double decode fix

From: fr0stman (fr0stman@sun-tzu-security.net)
Date: 11/29/02

  • Next message: Ozan Gonenc: "RE: Terminal Server brute force"
    From: fr0stman <fr0stman@sun-tzu-security.net>
    Date: Fri, 29 Nov 2002 11:59:31 -0500
    To: pen-test@securityfocus.com
    
    

    Happy Thanksgiving All,

    Here's an updated scan_database.db for nikto 1.21 with Lotus Notes additions
    from David Barnett as well as fixing Unicode/Double Decode bug of a single \
    in cmd.exe?/c+dir+c:\" causing the check not to be performed. This has been
    changed to cmd.exe?/c+dir" instead and looking for <DIR> in the HTTP
    response. Added all default executable directories into the checks as well.

    http://www.geocities.com/fr0stmanspublicdownloads/nikto121update.tar.gz

    To install the update:

    1. perl nikto.pl -update to get the latest updates. **Warning** Don't do this
    after installing the attached scan_database.db until this update is
    incorporated by cirt.net.

    2. Now since you are at the latest update overwrite the scan_database.db in
    your /nikto/plugins/ directory with the attached one.

    3. Enjoy. :)

    --
    fr0stman
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/