Nikto 2.00/2.01

[LiquidWorm]

Веќе долго очекуваната втора верзија од оваа алатка (скенер за веб сервери) конечно на виделина )

Description:
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Официјална страна: http://www.cirt.net/code/nikto.shtml

Директен линк за преземање: .gz или .bz2

Plugins и бази на податоци: тука.

Ново во верзија 2.00:

# Fingerprinting web servers via favicon.ico files
# 404 checking for each file type
# Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
# Scan tuning to include or exclude entire classes of vulnerability checks
# Expanded scan database can have multiple positive or negative triggers, to allow AND/OR/NOT for flexible checks
# Uses LibWhisker 2, which has its own long list of enhancements
# A "single" scan mode that allows you to craft an HTTP request by hand
# Updated and greatly enhanced documentation
# Authorization guessing handles any directory, not just the root directory
# New HTML report
# Basic template engine so that HTML reports can be easily customized
# An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
# ... and countless tweaks/bugfixes/optimizations ...

Fingerprinting web servers via favicon.ico files ова е интересно

Благодарам...

 

[LiquidWorm]

Верзија 2.01 (updated)

Ново во 2.01:

# Anti IDS encoding now works, thanks to Francisco Amato
# Virtual hosts work properly when set via CLI, thanks Jon Hart
# Host header is restored after testing for IIS IP leak
# Plugindir & templatedir are properly set if if EXECDIR is set defined in config.txt, thanks Shiraishi.M and Will Andrews for pointing this out
# The count of items now accurately reflects the number of items, not just number of vulns found, thanks Frank Breedijk
# Unset the auth header after guessing it, thanks Paul Woroshow
# Save a few more items in the KB
# SKIPIDS (in config.txt) can be used to completely ignore tests loaded from db_tests, suggested by Christian Folini
# Enhanced rm_active_content to try to exclude the file/QUERYSTRING from the original request

Веб: http://www.cirt.net/code/nikto.shtml

 

[Aleks]

aj da go probame