Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Integrating nikto fingerprints on runtime

From: George Chatzisofroniou <sophron () latthi com>
Date: Mon, 23 Dec 2013 17:38:52 +0200
On Tue, Dec 17, 2013 at 12:29:14AM +0200, George Chatzisofroniou wrote:

A couple of months ago i contacted Chris Sullo (also CC'ed on this mail), one of
the authors of Nikto, the great scanner which performs comprehensive tests
against web servers for multiple items. I asked permission for integrating
Nikto's large database to our http-fingerprint file. Chris told me that this is
not possible due to the licensing issues. You can read the whole response at the
bottom of this mail.

That leaves us with one choice: parsing nikto's database on runtime. I think we
are mostly interested on db_tests file of Nikto that contains the bulk of the
web test information. I wrote a patch for it that seems to work good. The patch
actually implements a new option, http-fingerprints.nikto-db-path, that takes a
path for nikto database as an argument. It then converts the records in nikto's
database into our Lua table format and adds them to our current fingerprints if
they don't exist already.


I commited my patch to the trunk as revision 32571.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: