Closed Cyb3rC3lt closed 2 years ago
it doesn't auto exploit but i would go with nikto mostly because i don't have time to re-add some features like proxy support (currently broken) an add some newer exploit detections.
There was an auto exploit feature for the XSS/RFI bit but Nova removed it and it's been edited heavily to ensure safety of users. It no longer fires exploits unless you call Hello buttons on webpages exploits. It might, however, draw attention of astute web-admins and sysadmins watching the logs. But it's not malicious and doesn't do anything you don't tell it to do.
Apologies this isn't an issue but I didn't know where to ask. Is this tool OSCP friendly so doesn't auto exploit? I know Nikto is used a lot on the exam but maybe this is better? Thanks