Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive/Negative: Potentially interesting archive/cert file found #744

Closed
obi-jon opened this issue Sep 13, 2021 · 2 comments
Closed

False Positive/Negative: Potentially interesting archive/cert file found #744

obi-jon opened this issue Sep 13, 2021 · 2 comments
Labels
bug

Comments

@obi-jon
Copy link

obi-jon commented Sep 13, 2021

Output of suspected false positive / negative

It appears that Nikto is only looking for Status OK or Redirection responses to identify potentially interesting archives/certs. Applications that redirect the user to a log in/home page will cause all these "interesting" files to be false positives.

Maybe consider comparing the responses to ensure that they aren't all pointing to the exact same path.
@obi-jon obi-jon added the bug label Sep 13, 2021
@adi928
Copy link

adi928 commented Oct 12, 2021
edited
Loading

I traced it down to plugins/nikto_sitefiles.plugin
for now, if you rename this file to something else, it will not be used during the scan.
Not a solution, but until I learn perl (I guess)

@sullo
Copy link
Owner

sullo commented Feb 3, 2022

Duplicate of #728.

@sullo sullo closed this as completed Feb 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sullo @adi928 @obi-jon