Seccubus 1.5 with Nikto support

Seccubus automates regular vulnerability scans and provides delta reporting. On 8/1, the project released version 1.5 "The DefCon Edition." This version includes support for controlling Nikto through Seccubus directly, leveraging the NBE report format which Frank Breedijk (Seccubus' author) wrote and released with the 2.1.2 version of Nikto.

In addition to working with Seccubus, Frank's NBE report format should allow for easy Nikto integration into any program which supports Nessus imports.

Specifiying Individual Plugins

In Nikto 2.1.1, the facillity to call only specific plugins was added. This was mainly designed as a debugging and development feature so that it is easier to test one plugin without running all of the tests. This was a very simple plugin string that consisted of a simple comma separated list of plugin names.

In Nikto 2.1.2 it was discovered that this facillity was of more use than previously thought and could fix one of the basic flaws with the current plugin system: that of passing parameters to the plugin, something that had been hacked via using -mutate-options.

Nikto's Interactive Features & Status Reporting

Nikto 2.1.2 introduces some much needed status reporting, along with some new interactive features.

First up, the Display mode "P" will print a progress report to STDOUT every 500 tests (configurable in nikto.conf or via -Plugins). During a scan, you'll see something like this:

Nikto 2.1.2 available!

We're happy to announce the immediate availability of Nikto 2.1.2!

Nikto is an open source web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6400 potentially dangerous files/CGIs, checks for outdated versions
of over 1000 servers, and version specific problems on over 270 servers.

In addition to the usual laundry list of minor bug fixes, 2.1.2 contains some new functionality and improvements,
including:

New software: DAVTest

When facing off against a WebDAV enabled server, there are two things to
find out quickly: can you upload files, and if so, can you execute code?

DAVTest attempts help answer those questions... as well as automatically uploading shells when possible.

Read more at the Sunera Security Blog.

Password DB Updates - New Features

The default password database has been updated with a few new features!

Pages