Home page logo
/

pen-test logo Penetration Testing mailing list archives

nikto problems
From: larsno () gmail com
Date: 9 Nov 2006 09:17:29 -0000

Hey

I've been trying to use Nikto on some https servers, and I can't get it to work. All the necessary packets are 
installed. The strange thing is that it seems to be LW who can't get the response it wants. I get all the SSL certs and 
even the information in the response seems correct when i try nikto in debug mode. Has enyone else experienced these 
problems?


 Here's the output from nikto -debug: 

nikto.pl -debug -h xxxxxx -p 443
---------------------------------------------------------------------------
- Nikto 1.35/1.36     -     www.cirt.net
D: - Target id:1:ident:xxxxxxxx:ports_in:443: 
D: - Request Hash:
D: - Connection: Keep-Alive
D: - Host: xxxxxx
D: - User-Agent: Mozilla/4.75 (Nikto/1.35 ) 
D: - $whisker->INITIAL_MAGIC: 31337
D: - $whisker->anti_ids: 
D: - $whisker->force_bodysnatch: 0
D: - $whisker->force_close: 0
D: - $whisker->force_open: 0
D: - $whisker->force_open: 0
D: - $whisker->host: xxxxxx
D: - $whisker->http_req_trailer: 
D: - $whisker->http_ver: 1.1
D: - $whisker->ignore_duplicate_headers: 1
D: - $whisker->include_host_in_uri: 0
D: - $whisker->lowercase_incoming_headers: 1
D: - $whisker->method: HEAD
D: - $whisker->method_postfix: 
D: - $whisker->normalize_incoming_headers: 1
D: - $whisker->port: 443
D: - $whisker->req_spacer:
D: - $whisker->req_spacer2:
D: - $whisker->retry: 1
D: - $whisker->ssl: 0
D: - $whisker->timeout: 10 
D: - $whisker->trailing_slurp: 0
D: - $whisker->uri: /
D: - $whisker->uri_param_sep: ?
D: - $whisker->uri_postfix:
D: - $whisker->uri_prefix:
D: - Result Hash:
D: - $whisker->INITIAL_MAGIC    31338 
D: - $whisker->error    Server read timed out
D: - $whisker->retry_errors     ARRAY(0x1e815b4)
D: - $whisker->uri      /
D: - Request Hash:
D: - Connection: Keep-Alive
D: - Host: xxxxxxx
D: - User-Agent: Mozilla/4.75 (Nikto/1.35 ) 
D: - $whisker->INITIAL_MAGIC: 31337
D: - $whisker->anti_ids:
D: - $whisker->force_bodysnatch: 0
D: - $whisker->force_close: 0
D: - $whisker->force_open: 0
D: - $whisker->host: xxxxxxxx 
D: - $whisker->http_req_trailer:
D: - $whisker->http_ver: 1.1
D: - $whisker->ignore_duplicate_headers: 1
D: - $whisker->include_host_in_uri: 0
D: - $whisker->lowercase_incoming_headers: 1
D: - $whisker->method: HEAD
D: - $whisker->method_postfix:
D: - $whisker->normalize_incoming_headers: 1
D: - $whisker->port: 443
D: - $whisker->req_spacer:
D: - $whisker->req_spacer2:
D: - $whisker->retry: 1 
D: - $whisker->save_ssl_info: 1
D: - $whisker->ssl: 1
D: - $whisker->timeout: 10
D: - $whisker->trailing_slurp: 0
D: - $whisker->uri: /
D: - $whisker->uri_param_sep: ?
D: - $whisker->uri_postfix: 
D: - $whisker->uri_prefix:
D: - Result Hash:
D: - cache-control              no-cache
D: - connection                 close
D: - content-length             2024
D: - content-type               text/html 
D: - pragma             no-cache
D: - $whisker->INITIAL_MAGIC    31338
D: - $whisker->code     403
D: - $whisker->http_resp        403
D: - $whisker->http_resp_message        Forbidden ( The server denied the specif 
ied Uniform Resource Locator (URL). Contact the server administrator.  )
D: - $whisker->http_ver         1.1
D: - $whisker->lowercase_incoming_headers       1
D: - $whisker->recv_header_order        ARRAY(0x1e81614) 
D: - $whisker->retry_errors     ARRAY(0x1e88c74)
D: - $whisker->ssl_cert_issuer  /DC=xx/DC=xxxx/DC=local/CN=xxxx
D: - $whisker->ssl_cert_subject         /C=XX/ST=xxxxx/L=xxxx/O=xx/OU=xxx/CN=xxxxxx
D: - $whisker->ssl_cipher       RC4-MD5 
D: - $whisker->uri      /
+ No HTTP(s) ports found on xxxxxxxx / 443
+ 1 host(s) tested

Lars

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]