Nikto v2.01 released

by

In: Application Scanner , Network Discovery , Nikto , Vulnerability Scanner

11 December 2007

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired

Updates :

  • Fix anti ids encoding use. thanks to Francisco Amato
  • Fix virtual host usage if set via CLI. thanks Jon Hart
  • Fix Host header restoration when testing for IIS IP leak
  • Fix for plugindir & templatedir if EXECDIR is set in config.txt, thanks Shiraishi.M and Will Andrews for pointing it out.
  • Fix count of items—count now accurately reflects the number of items, not just number of vulns. thanks Frank Breedijk
  • Kick a few more things to KB that should be saved
  • Added SKIPIDS to config.txt to completely ignore some tests loaded from db_tests. Suggested by Christian Folini.
  • Enhanced rm_active_content to try to exclude the file/QUERYSTRING requested
  • Unset the auth header after guessing at it. Thanks Paul Woroshow for reporting the bug.
  • Fix internal IP address snarfing for IIS, thanks Frank Breedijk for pointing it out

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Network Discovery :

    PCI DSS 11.2, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Network Discovery
Nikto
Vulnerability Scanner