Nikto updated to 2.03

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated

Changes

  • Fix for Jetty to latest version, fixes ticket #49
  • New export of the manual from the docbook
  • Updated versions in nikto.pl
  • Added various new versions
  • Fix for ticket #45
  • Added favicons for Roku Soundbridge and Ampache
  • Changes to look at non-standard headers
  • Changes to examine Apache’s ETag header
  • Fix for ticket #41 - a rather nasty bug that’s been in nikto 2 since its inception; where variables weren’t fully expanded.
  • Fix for ticket #11 - change CGIDIRS test so that they’re not hardcoded. The reponse codes are now kept in a variable indb_variables
  • Applied same to enumerating apache users plugin
  • Fix for ticket #39 - we now check whether getoptions failed, show
    usage and exit with a code of one. This also means that it will exit
    gracefully if a parameter is missed out when one is required.
  • Fix for ticket #35 - allow multiple HTTP methods to identify an HTTP server, these are set with the variable CHECKMETHODS in config.txt
  • Fix for a bug in the nmap reader where it would ignore the IP address if it nmap didn’t return a hostname.
  • Fix for ticket #26 - stop domino tests producing false positives
  • Fix for ticket #30 - ensure that propfind has the right OSVDB tag
  • Change to allow stop duplication of items when scanning more than one host. Fix for bug 28
  • Change to allow reading of a host list from stdin
  • Fix for enhancement 10: read from nmap output (only -oG)
  • Fixes for bug 25: Unopen ports are now reported
  • Fixes for bug 24: HTML output is now valid HTML 4.01 Strict
  • Started using international dates instead of the weird US format
  • Added a fix for bug id 23: allow a range of ports instead of a comma separated list
  • Updated current version of Apache to 2.2.8

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Nikto
Vulnerability Scanner