WebApp Sec mailing list archives
Nikto 2 released
From: Sullo <sullo () cirt net>
Date: Sun, 11 Nov 2007 23:39:59 -0500
Just wanted to let everyone know that Nikto 2 is finally out (after years of dragging my feet and more than a few excuses!). -Sullo /// Nikto is an open source (GPL) web server scanner which performs tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Version 2 adds a ton of enhancements, including: - Fingerprinting web servers via favicon.ico files - 404 error checking for each file type - Enhanced false positive reduction via multiple methods: headers, page content, and content hashing - Scan tuning to include or exclude entire classes of vulnerability checks - Uses LibWhisker 2, which has its own long list of enhancements - A "single" scan mode that allows you to craft an HTTP request manually - Basic template engine so that HTML reports can be easily customized - An experimental knowledge base for scans, which will allow regenerated reports and retests (future) - Optimizations, bug fixes and more... Source & info: http://www.cirt.net/code/nikto.shtml ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405 -------------------------------------------------------------------------
Current thread:
- Nikto 2 released Sullo (Nov 12)