Re: Integrating nikto fingerprints on runtime

[Christian Heinrich <christian.heinrich () cmlh id au>]

George,

On Tue, Dec 17, 2013 at 9:29 AM, George Chatzisofroniou
<sophron () latthi com> wrote:
> A couple of months ago i contacted Chris Sullo (also CC'ed on this mail), one of
> the authors of Nikto, the great scanner which performs comprehensive tests
> against web servers for multiple items. I asked permission for integrating
> Nikto's large database to our http-fingerprint file. Chris told me that this is
> not possible due to the licensing issues. You can read the whole response at the
> bottom of this mail.

Is there a tangible benefit in leveraging nmap over Nikto, such as
speed or was this rather an academic exercise?

Also, will nmap include the
http://packetstormsecurity.com/papers/IDS/whiskerids.html features
too?

On Tue, Dec 17, 2013 at 9:29 AM, George Chatzisofroniou
<sophron () latthi com> wrote:
> ----- Forwarded message from Sullo <sullo () cirt net> -----
>
> Date: Tue, 17 Sep 2013 21:00:53 -0400
> From: Sullo <sullo () cirt net>
> To: George Chatzisofroniou <sophron () latthi com>
> Subject: Re: Permission for integrating Nikto's database to Nmap
>
> You could potentially write a parser for it and have the user point/config
> the NSE to a copy they received with Nikto--there is another tool that does
> this but the name is escaping me at the moment.

I suspect this might be
http://www.room362.com/blog/2009/10/10/burp-tip-of-the-day-nikto-db-import.html


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/