Blogging @ Work

Just a quick note that I've decided this whole "blog" thing isn't just a fad, so I've started writing over at (the old) SPI Labs blog since, well, they pay me. So go subscribe. I just posted about oddities with hyphens in subdomain names and will try to keep posting more as the weeks go by.

Running Nikto via Nessus

Michel Arboi and Brian Martin have written a long post on Tenable's blog detailing exactly how to get Nessus to run Nikto automatically. This has been a question that's come up time and again on the mailing lists, so hopefully this will help everyone out.

Nikto 2.03 is here!

Only a month late (personal life et al) and nikto 2.03 is now here. This is an important release as it is the first release of Nikto not under the benevolent gaze of Sullo.

This is a point release to update the databases and fix a few bugs, many of which may be found under the CHANGES document (or you can check on Assembla).

In essence, what has changed:

Take us to your (new) leader!

I have been meaning to make this post for a while now...

I'm happy to announce that Nikto has a new lead developer! He goes by the name "Dave" but I think his parents actually named him "deity." Whatever you decide to call him, please welcome him to the club and make sure he knows the secret handshake.

New Nikto Mailing List

There is now a Nikto-discuss list. Aside from the documentation, this is the best resource available for support and assistance with Nikto.

Nikto 2.02 Available

Nikto 2.02 is now available!

This release adds the major new feature of XML reports, and several other new enhancements and fixes, including:

  • XML reports & DTD, thanks to Jabra
  • cleaned up HTML reports, thanks to Jabra
  • unique IDs for all checks, to help automated tracking of vulns
  • Apache Expect header XSS plugin
  • updated documentation
  • ...and various bug fixes