Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Nikto 2.10 released

The guys over at CIRT.NET has released an update to the Nikto web server scanner tool. According to the blog post discussing the release, this version has undergone “significant rewrites under the hood …” “… to make it more expandable and usable”. Sounds interesting.

The newest version includes a number of bug-fixes, as well as some enhanced functionality .:

  • Added test for asp source code disclosure through the Translate header
  • New plugin added to identify embedded devices
  • Added check for multiple index files for request
  • Add plugin to use dirbuster lists with mutate 6 and mutate-options
  • Added subdomain buteforcer as mutate option 5, thanks to Ryan DewHurst
  • Added extra tests to pull information if scanning ePO agent or HP WBEM
  • Added test to recognise a Dell Remote Access Console
  • Now supports NTLM authentication
  • Added tests to identify Ampache
  • Altered favicon database to use dynamic database

For a full list of fixes, enhancements and changes see the project changelog.

By looking at the versions.txt released with this version it appears that the following plugins have been updated .:

  • nikto_user_enum_apache.plugin
  • nikto_core.plugin

One response to “Nikto 2.10 released

  1. Pingback: Interesting Information Security Bits RSA Catch-up Part 1 | Infosec Ramblings

%d bloggers like this: