Security Dashboard
Nikto v2.01 released
Tuesday 11 December 2007
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desiredUpdates :
Fix anti ids encoding use. thanks to Francisco Amato
Fix virtual host usage if set via CLI. thanks Jon Hart
Fix Host header restoration when testing for IIS IP leak
Fix for plugindir & templatedir if EXECDIR is set in config.txt, thanks Shiraishi.M and Will Andrews for pointing it out.
Fix count of items—count now accurately reflects the number of items, not just number of vulns. thanks Frank Breedijk
Kick a few more things to KB that should be saved
Added SKIPIDS to config.txt to completely ignore some tests loaded from db_tests. Suggested by Christian Folini.
Enhanced rm_active_content to try to exclude the file/QUERYSTRING requested
Unset the auth header after guessing at it. Thanks Paul Woroshow for reporting the bug.
Fix internal IP address snarfing for IIS, thanks Frank Breedijk for pointing it out
POSTSCRIPTUM
RELATED ARTICLES
Application Scanner, Nikto, Recon and Scanning, Vulnerability Scanner, 1 September 2008 : Nikto updated to v2.035 February 2008 : MacNikto v1.01 boosting OSX with Nikto capabilities13 January 2008 : Nikto v2.02 released11 December 2007 : Nikto v2.01 released14 November 2007 : Nikto Version 2.00 released
