PaulDotCom mailing list archives
Scanning for phpMyAdmin
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Mon, 03 Aug 2009 13:40:15 -0400
Looks like Nikto contains about 5 checks for phpmyadmin (grep -i phpmyadmin db_tests). Nmap scripts do not contain any references to phpmyadmin. Cheers, Paul Nathan Sweaney wrote:
Couple options off the top of my head. You?ll have to research them/try them out to figure out which works for you. 1). Nessus. I?m pretty sure it?ll detect phpMyAdmin & even determine old versions. Paul should be able to confirm that. 2). Nmap. It?ll find the webservers, but not specify the application unless there?s an NSE script to detect it. If not you could probably create one pretty easily. Awhile back Kevin Johnson did some work converting the Nikto tests into Nmap NSE scripts. So he may have something for that. 3). Nikto will show you where it?s installed, but I?m not sure it includes which version. It could also take awhile to scan your entire network. I?d use nmap first to find the servers & then Nikto. -- Nathan ------------------------------------------------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *John Hoyt *Sent:* Monday, August 03, 2009 9:08 AM *To:* Pauldotcom at mail.pauldotcom.com *Subject:* [Pauldotcom] Scanning for phpMyAdmin Does anyone know of a method that I can use to scan my network for servers hosting phpMyAdmin? I'm potentially looking for vulnerable versions. Thanks, John Hoyt ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552
Current thread:
- Scanning for phpMyAdmin John Hoyt (Aug 03)
- Scanning for phpMyAdmin Robin Wood (Aug 03)
- Scanning for phpMyAdmin Nathan Sweaney (Aug 03)
- Scanning for phpMyAdmin Paul Asadoorian (Aug 03)
- Scanning for phpMyAdmin Paul Asadoorian (Aug 03)
- Scanning for phpMyAdmin Tom Brennan - Personal (Aug 03)
- Scanning for phpMyAdmin Paul Asadoorian (Aug 04)
- Scanning for phpMyAdmin Paul Asadoorian (Aug 03)
- Scanning for phpMyAdmin Jim Halfpenny (Aug 03)
- <Possible follow-ups>
- Scanning for phpMyAdmin infolookup at gmail.com (Aug 03)