Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
This release contains a number of important bug fixes, as well as new functionality and improvements, which have been added to the development branch over the last 19 months!
New Features
- Save full response on positive, plaintext & JSON
- -maxtime maximum execution time per host (seconds)
- -until run until specified time or duration
- -IgnoreCode option to allow db_404_strings @CODE from the command line
- Replay saved JSON requests with replay.pl
- Client SSL certificate support
- Output file name now takes '.' which will auto-generate name
- Content parsing to add items to db_variables values for enhanced testing
- robots.txt lines are now added to db_variables values for enhanced testing
New Checks
- Check for wildcards in crossdomain.xml and clientaccesspolicy.xml
- Find IPs in HTTP headers
- Checked for sites parked at hosting providers or advertising pages
- Parsed robots.txt now checks for listed files (for content search, etc.)
- nikto_favicon.plugin checks for icons in <link> tags
Enhancements
- Fix bugs/minor enhancements in: XML reports, robots.txt parsing, wildcard certificate matching, banner parsing, tons more!
- Default to use Net::SSL instead of Net::SSLeay as a result of too many memory issues in SSLeay
- CSV reports include the same info as other reports
- HTML reports include more meta information
For a full list of updates, see the CHANGELOG.txt file or the list of closed tickets on assembla.com.
MD5 Checksums:
- nikto-2.1.5.tar.bz2 35ac9f11ab4aa0d5b8449748338bd159
- nikto-2.1.5.tar.gz efcc98a918becb77471ee9a5df0a7b1e
Visit Website -
Documentation-
Previous post regarding Nikto -
0 comments:
Post a Comment