Re: Integrating nikto fingerprints on runtime

[George Chatzisofroniou <sophron () latthi com>]

Hello Christian,

On Wed, Dec 18, 2013 at 08:53:51AM +1100, Christian Heinrich wrote: 
> Is there a tangible benefit in leveraging nmap over Nikto, such as
> speed or was this rather an academic exercise?

I don't think there is a concrete reason for doing this. I can think of some
advantages like:

* Nmap features, like multiple host/port scanning, output in various formats
etc.

* NSE specific features, like Lua, HTTP pipelining, caching etc.

* Unified results (along with the rest of Nmap output) during a testing.

Maybe Nikto support some of these, i'm not sure.

> Also, will nmap include the
> http://packetstormsecurity.com/papers/IDS/whiskerids.html features
> too?

This is an interesting paper. Some of these features are easy to implement and
they would probably make a good addition to NSE.

> On Tue, Dec 17, 2013 at 9:29 AM, George Chatzisofroniou
> <sophron () latthi com> wrote:
> > ----- Forwarded message from Sullo <sullo () cirt net> -----
> >
> > Date: Tue, 17 Sep 2013 21:00:53 -0400
> > From: Sullo <sullo () cirt net>
> > To: George Chatzisofroniou <sophron () latthi com>
> > Subject: Re: Permission for integrating Nikto's database to Nmap
> >
> > You could potentially write a parser for it and have the user point/config
> > the NSE to a copy they received with Nikto--there is another tool that does
> > this but the name is escaping me at the moment.
>
> I suspect this might be
> http://www.room362.com/blog/2009/10/10/burp-tip-of-the-day-nikto-db-import.html

Nessus has its way as well [1].

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/