diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua index 2e5ad5ce6..16acc9d4a 100644 --- a/nselib/data/http-fingerprints.lua +++ b/nselib/data/http-fingerprints.lua @@ -22,7 +22,7 @@ local table = require "table" -- * It doesn't support sending additional headers for a probe. -- That means, if a nikto fingerprint needs one of the above features, it -- won't be loaded. At the time of writing this, 6546 out of the 6573 Nikto --- fingerprints are being loaded successfully. +-- fingerprints are being loaded successfully. This runtime Nikto fingerprint integration was suggested by Nikto co-author Chris Sullo as described at http://seclists.org/nmap-dev/2013/q4/292 -- -- Although this format was originally modeled after the Nikto format, that ended -- up being too restrictive. The current format is a simple Lua table. There are many diff --git a/scripts/http-enum.nse b/scripts/http-enum.nse index f99ae407e..365ac489d 100644 --- a/scripts/http-enum.nse +++ b/scripts/http-enum.nse @@ -9,13 +9,13 @@ local table = require "table" description = [[ Enumerates directories used by popular web applications and servers. -This parses a fingerprint file that's formatted in a way that's compatible with the Nikto Web application +This parses a fingerprint file that's similar in format to the Nikto Web application scanner. This script, however, takes it one step further by building in advanced pattern matching as well as having the ability to identify specific versions of Web applications. -You can, however, parse the nikto database using http-fingerprints.nikto-db-path. This will try to parse +You can also parse a Nikto-formatted database using http-fingerprints.nikto-db-path. This will try to parse most of the fingerprints defined in nikto's database in real time. More documentation about this in the -nselib/data/http-fingerprints file. +nselib/data/http-fingerprints.lua file. Currently, the database can be found under Nmap's directory in the nselib/data folder. The file is called http-fingerprints and has a long description of its functionality in the file header.