Nikto v2.01 released
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired
Updates :
- Fix anti ids encoding use. thanks to Francisco Amato
- Fix virtual host usage if set via CLI. thanks Jon Hart
- Fix Host header restoration when testing for IIS IP leak
- Fix for plugindir & templatedir if EXECDIR is set in config.txt, thanks Shiraishi.M and Will Andrews for pointing it out.
- Fix count of items—count now accurately reflects the number of items, not just number of vulns. thanks Frank Breedijk
- Kick a few more things to KB that should be saved
- Added SKIPIDS to config.txt to completely ignore some tests loaded from db_tests. Suggested by Christian Folini.
- Enhanced rm_active_content to try to exclude the file/QUERYSTRING requested
- Unset the auth header after guessing at it. Thanks Paul Woroshow for reporting the bug.
- Fix internal IP address snarfing for IIS, thanks Frank Breedijk for pointing it out
Post scriptum
Compliance Mandates
|