Nikto updated to v2.03

by

In: Application Scanner , Nikto , Vulnerability Scanner

1 September 2008

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated

Major changes :

  • Nikto can now take greppable nmap input directly on the command line.
  • Nikto can take a range of ports (e.g. 80-82).
  • Ports that are not open are now reported.
  • Nikto can now read hosts from stdin, by specifying "-host -".
  • HTML and XML reports don’t produce duplicates.
  • Allow multiple HTTP methods to work out whether the server is HTTP or not.
  • Fix for a nasty bug where defined variables (e.g. cgi-bin directories) are not read properly.
  • Updates to allow HTML output to validate properly as XHTML.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Nikto
Vulnerability Scanner