Hi, recently i've stumbled over a problem in Nikto where some checks failed against a Webserver with BigIP F5 Load Balancers in front.
After a short research i found this existing issue to Nikto: https://github.com/sullo/nikto/pull/202 where a user had reported the same. It seems that some Load Balancers or WAFs are blocking requests with an added port in the Host header, even if this is RFC conform. To work around this in Nikto the ports in the Host header are now only added if they are not 80/443: https://github.com/sullo/nikto/commit/a884be7bf8d998eae119415250102d17684ee4db This probably also affects all OpenVAS NVT having an: "Host: ", host, ":", port, "\r\n", in the request. Currently this are about 120: grep -R "Host:" /usr/src/openvas-nvts/scripts/ | grep port | wc -l Is this something which can be handled in OpenVAS or those NVTs? _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
