[OWASP-BLR]Queries regarding NIKTO and Nessus

Akash akashmahajan at gmail.com
Wed May 31 07:13:49 EDT 2006


On 5/31/06, Gaurav Gupta <gaurav_g2000 at hotmail.com> wrote:
> NIKTO
> ---------
> I want to use NIKTO from a windows XP machine to explore vulnerabilities in
> my IIS 5.0 Server running on another windows XP machine. I have downloaded
> the latest vesion from the CIRT website but i have not been able to install
> it on windows. Any idea how can i install it on windows?

What is the error you are getting in installing?

> NESSUS
> -----------
> When i use Nessus to scan my system, it gives me a list of the open ports on
> my server system. I want to check if my program running as a service is
> having any buffer overflow or not. Does anybody have an idea from where can
> i get the plugin for buffer overflow.

any nessus plugin is basically a check for  a vulnerable
software/version. That is why nessus is called a vuln assessment
tool/scanner.

If you want to exploit a vuln after detecting it you need an exploit framework.
For example Metasploit, securityforest, canvas etc.

HTH

regards
akash




More information about the Owasp-bangalore mailing list