Masked link

[internal]

Okay I have seen about about on websites with a masked link say it may have the url followed by at the end #!listen/cr2r is there anyway of finding the true link for use in a program say for instance nikto ?

Thanks

[digip]

Masked urls like a URL shortner to see where it redirects to? Not sure with nikto, but you can always paste one into http://validator.w3.org/ to see the final redirected URL's or use wget to script a fake scan and ignore the download but keep a debug log to view all the links it 301/302 redirects through. Could be scripted to automate inline and show the output in a console without having to use a browser to visit a malicious link, but I like using http://validator.w3.org/ since it doesn't require giving up your IP to do the lookup.

* http://validator.w3.org/ also lets you look at the source code of the final site so you can check it for malicious code.

Edited March 1, 2015 by digip

[internal]

Thankyou digip I am familiar with validator.w3.org will check that out.

[digininja]

If you don't mind the destination knowing where you came from you could use my HTTP Traceroute tool which will follow all redirects and give you full information from each one.

http://digi.ninja/projects/http_traceroute.php

Nikto won't help you with this as it is a static scanner, it looks at the URL you gave it and tests for known issue. It will probably tell you if it is a redirect and the next hop but if you are looking at these as used maliciously then they often use multiple hops so won't get to the end.