Nikto updated to 2.03
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated
Changes
- Fix for Jetty to latest version, fixes ticket #49
- New export of the manual from the docbook
- Updated versions in nikto.pl
- Added various new versions
- Fix for ticket #45
- Added favicons for Roku Soundbridge and Ampache
- Changes to look at non-standard headers
- Changes to examine Apache’s ETag header
- Fix for ticket #41 - a rather nasty bug that’s been in nikto 2 since its inception; where variables weren’t fully expanded.
- Fix for ticket #11 - change CGIDIRS test so that they’re not hardcoded. The reponse codes are now kept in a variable indb_variables
- Applied same to enumerating apache users plugin
- Fix for ticket #39 - we now check whether getoptions failed, show
usage and exit with a code of one. This also means that it will exit
gracefully if a parameter is missed out when one is required. - Fix for ticket #35 - allow multiple HTTP methods to identify an HTTP server, these are set with the variable CHECKMETHODS in config.txt
- Fix for a bug in the nmap reader where it would ignore the IP address if it nmap didn’t return a hostname.
- Fix for ticket #26 - stop domino tests producing false positives
- Fix for ticket #30 - ensure that propfind has the right OSVDB tag
- Change to allow stop duplication of items when scanning more than one host. Fix for bug 28
- Change to allow reading of a host list from stdin
- Fix for enhancement 10: read from nmap output (only -oG)
- Fixes for bug 25: Unopen ports are now reported
- Fixes for bug 24: HTML output is now valid HTML 4.01 Strict
- Started using international dates instead of the weird US format
- Added a fix for bug id 23: allow a range of ports instead of a comma separated list
- Updated current version of Apache to 2.2.8
Post scriptum
Compliance Mandates
|
Related Articles
Application Scanner |
|
Nikto |
|
Vulnerability Scanner |
|