Nikto v2.1.1 released

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Version 2.1.1 (2010-01-20)

JPEG - 6.7 kb

-* Ticket 117: Fixed SKIPPORTS

  • Ticket 116: Moved User-Agent string to nikto.conf
  • Ticket 116: Added dynamic variables to User-Agent (Testid, Evasion methods)
  • Ticket 95: Added support for OSVDB, now the fun bit of filling it in
  • Ticket 111: Basic syntax checks for all databases
  • Ticket 109: Added an extra optional element to xml output to contain the SSL date. Need to do similar for html, txt and csv
  • Ticket 106: Shorts authentication being successful if an error is returned
  • Ticket 107: Support for short reads in LW2.5
  • Ticket 98: If -Format is missed guess the format based on file extension in -output. Default is none if -output is omitted.
  • Ticket 96: Multiple index file enhancements for groups and better unique file identification
  • Ticket 103: < description > content in xml report is now wrapped in CDATA
  • Ticket 110: Mutate now respects db variables
  • Ticket 97: Fix for response caching
  • Ticket 99: Spelling disagreements between Brits and Americans
  • Added @RFIURL to nikto.conf for a remote file include location, and supporting code.
  • Added 2300 RFI tests from the combined RSnake/OSVDB list
  • Removed NMAP and NMAPOPTS from nikto.conf as it is no longer used/supported
  • Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates
  • Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer)
  • Added support to select plugins via -Plugins and -list-plugins option to list current plugins
  • Major bug fix for proxy usage
  • Don’t report p3p header as unusual
  • Various changes to aid future binary db usage for mutates
  • Various changes to aid future multi-threading
  • Fix for multiple index files

More Information:

MD5 Checksums:

nikto-2.1.1.tar.bz2 = 4a7ca9634190eba8cac9847117a72446
nikto-2.1.1.tar.gz  = a9404c3f464b08f3f48788d5f39e0ca7

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Network Discovery :

    PCI DSS 11.2, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Network Discovery
Vulnerability Scanner