Just wanted to let everyone know that Nikto 2 is finally out (after
years of dragging my feet and more than a few excuses!).
-Sullo
///
Nikto is an open source (GPL) web server scanner which performs tests
against web servers for multiple items, including over 3500 potentially
dangerous files/CGIs, versions on over 900 servers, and version specific
problems on over 250 servers.
Version 2 adds a ton of enhancements, including:
- Fingerprinting web servers via favicon.ico files
- 404 error checking for each file type
- Enhanced false positive reduction via multiple methods: headers, page
content, and content hashing
- Scan tuning to include or exclude entire classes of vulnerability checks
- Uses LibWhisker 2, which has its own long list of enhancements
- A "single" scan mode that allows you to craft an HTTP request manually
- Basic template engine so that HTML reports can be easily customized
- An experimental knowledge base for scans, which will allow regenerated
reports and retests (future)
- Optimizations, bug fixes and more...
Source & info:
http://www.cirt.net/code/nikto.shtml
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
