Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Integrating nikto fingerprints on runtime
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 19 Dec 2013 02:47:54 +0200

Hello Christian,

On Wed, Dec 18, 2013 at 08:53:51AM +1100, Christian Heinrich wrote: 
Is there a tangible benefit in leveraging nmap over Nikto, such as
speed or was this rather an academic exercise?

I don't think there is a concrete reason for doing this. I can think of some
advantages like:

* Nmap features, like multiple host/port scanning, output in various formats

* NSE specific features, like Lua, HTTP pipelining, caching etc.

* Unified results (along with the rest of Nmap output) during a testing.

Maybe Nikto support some of these, i'm not sure.

Also, will nmap include the
http://packetstormsecurity.com/papers/IDS/whiskerids.html features

This is an interesting paper. Some of these features are easy to implement and
they would probably make a good addition to NSE.

On Tue, Dec 17, 2013 at 9:29 AM, George Chatzisofroniou
<sophron () latthi com> wrote:
----- Forwarded message from Sullo <sullo () cirt net> -----

Date: Tue, 17 Sep 2013 21:00:53 -0400
From: Sullo <sullo () cirt net>
To: George Chatzisofroniou <sophron () latthi com>
Subject: Re: Permission for integrating Nikto's database to Nmap

You could potentially write a parser for it and have the user point/config
the NSE to a copy they received with Nikto--there is another tool that does
this but the name is escaping me at the moment.

I suspect this might be

Nessus has its way as well [1].

George Chatzisofroniou
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]