Seccubus automates regular vulnerability scans and provides delta reporting. On 8/1, the project released version 1.5 "The DefCon Edition." This version includes support for controlling Nikto through Seccubus directly, leveraging the NBE report format which Frank Breedijk (Seccubus' author) wrote and released with the 2.1.2 version of Nikto.
In addition to working with Seccubus, Frank's NBE report format should allow for easy Nikto integration into any program which supports Nessus imports.
In Nikto 2.1.1, the facillity to call only specific plugins was added. This was mainly designed as a debugging and development feature so that it is easier to test one plugin without running all of the tests. This was a very simple plugin string that consisted of a simple comma separated list of plugin names.
In Nikto 2.1.2 it was discovered that this facillity was of more use than previously thought and could fix one of the basic flaws with the current plugin system: that of passing parameters to the plugin, something that had been hacked via using -mutate-options.
Nikto 2.1.2 introduces some much needed status reporting, along with some new interactive features.
First up, the Display mode "P" will print a progress report to STDOUT every 500 tests (configurable in nikto.conf or via -Plugins). During a scan, you'll see something like this:
- Tests completed: 3000 47%
On systems with POSIX support, there are several interactive features you can use during scans. While running, any of the following keys can be pressed to report status or make display changes:
We're happy to announce the immediate availability of Nikto 2.1.2!
Nikto is an open source web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6400 potentially dangerous files/CGIs, checks for outdated versions
of over 1000 servers, and version specific problems on over 270 servers.
In addition to the usual laundry list of minor bug fixes, 2.1.2 contains some new functionality and improvements,
When facing off against a WebDAV enabled server, there are two things to
find out quickly: can you upload files, and if so, can you execute code?
DAVTest attempts help answer those questions... as well as automatically uploading shells when possible.
Read more at the Sunera Security Blog.
The default password database has been updated with a few new features!