• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Nikto 2.00/2.01

  • Ја почнал/а темата
  • #1


26 март 2007
Веќе долго очекуваната втора верзија од оваа алатка (скенер за веб сервери) конечно на виделина :))

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Официјална страна: http://www.cirt.net/code/nikto.shtml

Директен линк за преземање: .gz или .bz2

Plugins и бази на податоци: тука.

Ново во верзија 2.00:
# Fingerprinting web servers via favicon.ico files
# 404 checking for each file type
# Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
# Scan tuning to include or exclude entire classes of vulnerability checks
# Expanded scan database can have multiple positive or negative triggers, to allow AND/OR/NOT for flexible checks
# Uses LibWhisker 2, which has its own long list of enhancements
# A "single" scan mode that allows you to craft an HTTP request by hand
# Updated and greatly enhanced documentation
# Authorization guessing handles any directory, not just the root directory
# New HTML report
# Basic template engine so that HTML reports can be easily customized
# An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
# ... and countless tweaks/bugfixes/optimizations ...
Fingerprinting web servers via favicon.ico files ова е интересно ;)

Благодарам... :rolleyes:
  • Ја почнал/а темата
  • #2


26 март 2007
Верзија 2.01 (updated)

Ново во 2.01:

# Anti IDS encoding now works, thanks to Francisco Amato
# Virtual hosts work properly when set via CLI, thanks Jon Hart
# Host header is restored after testing for IIS IP leak
# Plugindir & templatedir are properly set if if EXECDIR is set defined in config.txt, thanks Shiraishi.M and Will Andrews for pointing this out
# The count of items now accurately reflects the number of items, not just number of vulns found, thanks Frank Breedijk
# Unset the auth header after guessing it, thanks Paul Woroshow
# Save a few more items in the KB
# SKIPIDS (in config.txt) can be used to completely ignore tests loaded from db_tests, suggested by Christian Folini
# Enhanced rm_active_content to try to exclude the file/QUERYSTRING from the original request
Веб: http://www.cirt.net/code/nikto.shtml

Нови мислења

Последни Теми


Најнов член
На врв Дно