Friday, October 9, 2009

BToD Importing Nikto DB to Intruder > Courtesy of @mubix

Its Friday, oh how we love Friday. Anyways, courtesy of @mubix we have a command to export the Nikto DB into a format suitable for Intruder. If you have any questions about how to load into intruder reference the other posts. I take no credit for this, @mubix came up with this command.

So in BackTrack3 you can use the command

cat /pentest/web/nikto/plugins/db_tests | awk -F "," '{print $4}' | sed 's/^\"*//;s/\"$//' | sed 's/^\@CGIDIRS//;s/\@ADMIN//;s/^\@NUKE//;s/^\@POSTNUKE//;s/^\@PHPMYADMIN//' | sed 's/^\///' > ~/nikto_burp.txt

or in BackTrack4

cat /var/lib/nikto/plugins/db_tests | awk -F "," '{print $4}' | sed 's/^\"*//;s/\"$//' | sed 's/^\@CGIDIRS//;s/\@ADMIN//;s/^\@NUKE//;s/^\@POSTNUKE//;s/^\@PHPMYADMIN//' | sed 's/^\///' > ~/nikto_burp.txt

Like so.........

and this will export the contents of the nikto db_tests into a txt file and in the format Intruder prefers.

Should look like.......

There you have it. Make sure you show @mubix some love by visiting his site Room362 and remember that PortSwigger just released Burp Suite Pro v2.17 which has an xml export for the scanner findings suitable for Dradis import.

Happy Hacking! 

No comments: