{"id":2206,"date":"2009-10-22T09:52:06","date_gmt":"2009-10-22T09:52:06","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2206"},"modified":"2015-09-09T19:37:52","modified_gmt":"2015-09-09T11:37:52","slug":"nikto-2-1-0-released-web-server-security-scanning-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/10\/nikto-2-1-0-released-web-server-security-scanning-tool\/","title":{"rendered":"Nikto 2.1.0 Released &#8211; Web Server Security Scanning Tool"},"content":{"rendered":"<p>[ad]<\/p>\n<p>It&#8217;s been almost 2 years since the last update on <a href=\"https:\/\/www.darknet.org.uk\/2007\/12\/nikto-2-released-web-server-scanning-tool\/\">Nikto, which was version 2<\/a>.<\/p>\n<p>For those that don&#8217;t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files\/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).<\/p>\n<p>Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it&#8217;s fairly obvious in log files. However, there is support for LibWhisker&#8217;s anti-IDS methods in case you want to give it a try (or test your IDS system).<\/p>\n<p><strong>Changes<\/strong><\/p>\n<p>This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable.<\/p>\n<ul>\n<li>\nRewrite to the plugin engine allowing more control of the plugin structure and making it easier to add plugins<\/li>\n<li>Rewrite to the reporting engine allowing reporting plugins to cover more and also ensuring that output is written if Nikto is quit before finishing<\/li>\n<li>Large overhaul of documentation to document built-in methods and variables<\/li>\n<li>Addition of caching to reduce amount of calls made to the web servers, as well as a facility to disable smart 404 guessing.<\/li>\n<li>Addition of simple guessing for whether a system is an embedded device and to report what it is<\/li>\n<li>Plugin to use OWASPs dictionary lists to attempt to brute force directories on the remote web server (as mutate 6)<\/li>\n<li>Plugin to attempt to brute force domains (as mutate 5)<\/li>\n<li>Allow username guessing (mutate 3 and 4) to use a dictionary file as well as brute forcing<\/li>\n<li>Support for NTLM authentication<\/li>\n<li>Lots of bug fixes and new security checks<\/li>\n<\/ul>\n<p>You can download Nikon 2.1.0 here:<\/p>\n<p><a href=\"http:\/\/cirt.net\/nikto\/nikto-current.tar.gz\">nikto-current.tar.gz<\/a><\/p>\n<p>Plugins and DB can be found <a href=\"http:\/\/cirt.net\/nikto\/UPDATES\/2.1.0\/\">here<\/a>.<\/p>\n<p><!--adsense#New468--><\/p>\n<p>Or read more <a href=\"http:\/\/cirt.net\/nikto2\">here<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad] It&#8217;s been almost 2 years since the last update on Nikto, which was version 2. For those that don&#8217;t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files\/CGIs, versions on over 900 servers, and version specific problems [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,5,15],"tags":[1152,2864,1602,250,4495,1472,396,1770],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2206"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=2206"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2206\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=2206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=2206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=2206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}