From sullo at cirt.net  Sun Jul 11 19:59:15 2010
From: sullo at cirt.net (Sullo)
Date: Sun, 11 Jul 2010 20:59:15 -0400
Subject: [Nikto-discuss] Nikto 2.1.2 released
Message-ID: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com>

We're happy to announce the immediate availability of Nikto 2.1.2!

http://cirt.net/Nikto2

Nikto is an open source web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6400 potentially dangerous files/CGIs, checks for outdated
versions of over 1000 servers, and version specific problems on over
270 servers.

In addition to the usual laundry list of minor bug fixes, 2.1.2
contains some new functionality and improvements, including:

    * Interactive scan status reporting
    * Interactive changes to display/verbosity settings
    * Memory/speed efficiencies
    * Massive memory reduction with mutation scanning
    * Search for strings with within all responses
    * Rewritten authorization code
    * Better use of cache to minimize server requests
    * Nessus NBE report format by Frank Breedijk of Seccubus
    * Improved plugin selection from command line
    * Many new and updated tests

Download: http://cirt.net/Nikto2

MD5 Checksums:
nikto-2.1.2.tar.bz2 = fa3e18a79de478e17736c35a6a3ca3f1
nikto-2.1.2.tar.gz = 06013f08978bc43ba3c4fe8a3b7515b6


-- 

http://www.cirt.net     |      http://www.osvdb.org/

From sullo at cirt.net  Mon Jul 12 08:30:17 2010
From: sullo at cirt.net (Sullo)
Date: Mon, 12 Jul 2010 09:30:17 -0400
Subject: [Nikto-discuss] Nikto 2.1.2 released
In-Reply-To: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com>
References: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com>
Message-ID: <AANLkTimt_LREZo-syjgATD6LpF0pbGHUcl3RN5U9pK25@mail.gmail.com>

Please note that I repackaged the release due to a large number of
trashy OSX files making it into the tarball. As a result, the md5
values have changed. The new ones are:

    * nikto-2.1.2.tar.bz2        42fd9748dc2d3949553a83660c36a503
    * nikto-2.1.2.tar.gz          ffee01c5e8561f65d14a320a226f8220

Just wanted to clear up any confusion beforehand.



On Sun, Jul 11, 2010 at 8:59 PM, Sullo <sullo at cirt.net> wrote:
> We're happy to announce the immediate availability of Nikto 2.1.2!
>
> http://cirt.net/Nikto2
>
> Nikto is an open source web server scanner which performs
> comprehensive tests against web servers for multiple items, including
> over 6400 potentially dangerous files/CGIs, checks for outdated
> versions of over 1000 servers, and version specific problems on over
> 270 servers.
>
> In addition to the usual laundry list of minor bug fixes, 2.1.2
> contains some new functionality and improvements, including:
>
> ? ?* Interactive scan status reporting
> ? ?* Interactive changes to display/verbosity settings
> ? ?* Memory/speed efficiencies
> ? ?* Massive memory reduction with mutation scanning
> ? ?* Search for strings with within all responses
> ? ?* Rewritten authorization code
> ? ?* Better use of cache to minimize server requests
> ? ?* Nessus NBE report format by Frank Breedijk of Seccubus
> ? ?* Improved plugin selection from command line
> ? ?* Many new and updated tests
>
> Download: http://cirt.net/Nikto2


-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/

From sullo at cirt.net  Thu Jul 15 08:24:12 2010
From: sullo at cirt.net (Sullo)
Date: Thu, 15 Jul 2010 09:24:12 -0400
Subject: [Nikto-discuss] Firefox Plugin Dev
Message-ID: <AANLkTinthbSbsJzzOqSP9x2kpc2hZSPEBJ1dSwpGEkMR@mail.gmail.com>

The backdoored Firefox plugin article I was just reading made me think
of an add-on that would be really helpful to the Nikto project (no, it
would not be malicious). Anyone have any experience writing them that
would be interested in collaborating on something? I don't think it
would be that hard.

-Sullo

-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/

From ryandewhurst at gmail.com  Thu Jul 15 08:27:56 2010
From: ryandewhurst at gmail.com (Ryan Dewhurst)
Date: Thu, 15 Jul 2010 14:27:56 +0100
Subject: [Nikto-discuss] Firefox Plugin Dev
In-Reply-To: <AANLkTinthbSbsJzzOqSP9x2kpc2hZSPEBJ1dSwpGEkMR@mail.gmail.com>
References: <AANLkTinthbSbsJzzOqSP9x2kpc2hZSPEBJ1dSwpGEkMR@mail.gmail.com>
Message-ID: <AANLkTin4vKiafeUkKweI5Db2fVsdpybxK9Hi7YABlZjW@mail.gmail.com>

I don't have experiences in firefox plugin development however do know
that DirBuster have made a plugin for their project. May be something
to look at for ideas.

http://www.sittinglittleduck.com/DirBuster-1.0-RC1.xpi

Ryan Dewhurst

My blog: http://www.ethicalhack3r.co.uk
My project: http://www.dvwa.co.uk
My Twitter: http://www.twitter.com/ethicalhack3r



On 15 July 2010 14:24, Sullo <sullo at cirt.net> wrote:
> The backdoored Firefox plugin article I was just reading made me think
> of an add-on that would be really helpful to the Nikto project (no, it
> would not be malicious). Anyone have any experience writing them that
> would be interested in collaborating on something? I don't think it
> would be that hard.
>
> -Sullo
>
> --
>
> http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>

From sullo at cirt.net  Thu Jul 15 10:29:07 2010
From: sullo at cirt.net (Sullo)
Date: Thu, 15 Jul 2010 11:29:07 -0400
Subject: [Nikto-discuss] Firefox Plugin Dev
In-Reply-To: <AANLkTin4vKiafeUkKweI5Db2fVsdpybxK9Hi7YABlZjW@mail.gmail.com>
References: <AANLkTinthbSbsJzzOqSP9x2kpc2hZSPEBJ1dSwpGEkMR@mail.gmail.com> 
	<AANLkTin4vKiafeUkKweI5Db2fVsdpybxK9Hi7YABlZjW@mail.gmail.com>
Message-ID: <AANLkTiligD-fjqOZJG4HVTzT0yvyJkJkqAt0R7PKMr_H@mail.gmail.com>

I have looked at that, but need something which sends to a third-party
site. I may actually look at using the backdoored plugin as a model
(but without the hiding of its purpose!). Anyone know of an add-on
that does this as part of its normal functionality?

On Thu, Jul 15, 2010 at 9:27 AM, Ryan Dewhurst <ryandewhurst at gmail.com> wrote:
> I don't have experiences in firefox plugin development however do know
> that DirBuster have made a plugin for their project. May be something
> to look at for ideas.
>
> http://www.sittinglittleduck.com/DirBuster-1.0-RC1.xpi
>
> Ryan Dewhurst
>
> My blog: http://www.ethicalhack3r.co.uk
> My project: http://www.dvwa.co.uk
> My Twitter: http://www.twitter.com/ethicalhack3r
>
>
>
> On 15 July 2010 14:24, Sullo <sullo at cirt.net> wrote:
>> The backdoored Firefox plugin article I was just reading made me think
>> of an add-on that would be really helpful to the Nikto project (no, it
>> would not be malicious). Anyone have any experience writing them that
>> would be interested in collaborating on something? I don't think it
>> would be that hard.
>>
>> -Sullo
>>
>> --
>>
>> http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/
>> _______________________________________________
>> Nikto-discuss mailing list
>> Nikto-discuss at attrition.org
>> https://attrition.org/mailman/listinfo/nikto-discuss
>>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>



-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/

From justin at madirish.net  Thu Jul 15 14:29:06 2010
From: justin at madirish.net (Justin Klein Keane)
Date: Thu, 15 Jul 2010 15:29:06 -0400
Subject: [Nikto-discuss] Nikto 2.1.2 released
In-Reply-To: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com>
References: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com>
Message-ID: <4C3F6182.9000603@madirish.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm writing some new tests and I have a couple of questions.  Firstly
I was wondering if anyone has documentation for the format of the
db_tests file.  I can pick through the source but help would be greatly
appreciated and abet my laziness.  Also, I'm adding some new stuff to
the db_variables file and wondering if that is the best way to add new
subdirectories to search.  So far my additions to db_variables are:

@DRUPAL=/ /drupal/ /drupal5/ /drupal6/ /drupal-6.16/ /drupal-6.17/

And the new tests I added to db_tests are:

"003700","3093","23b","@DRUPALsites/default/settings.php","GET","site-specific
configuration","","","","","The Drupal settings.php file is sent in
plain text not parsed by PHP. This file may contain a database
connection string.","",""
"003701","0","23b","@DRUPALsites/all/modules/og_menu/og_menu.js","GET","Drupal.behaviors.OGMenu","","","","","Deprecated
Drupal OG Menu module with known vulnerabilities detected
(SA-CONTRIB-2010-073 - http://drupal.org/node/854402).","",""
"003702","0","23b","@DRUPALsites/all/modules/jsmath/README.txt","GET","The
jsMath script","","","","","Deprecated Drupal jsMath module with known
vulnerabilities detected (SA-CONTRIB-2010-073 -
http://drupal.org/node/854402).","",""
"003703","0","23b","@DRUPALsites/all/modules/tellafriend_node/README.txt","GET","Glenn
Gaetz","","","","","Deprecated Drupal Tell a Friend Node module with
known vulnerabilities detected (SA-CONTRIB-2010-073 -
http://drupal.org/node/854402).","",""
"003704","0","23b","@DRUPALsites/all/modules/simplegallery/simplegallery.css","GET","simplegallery-term","","","","","Deprecated
Drupal Simple Gallery module with known vulnerabilities detected
(SA-CONTRIB-2010-073 - http://drupal.org/node/854402).","",""
"003705","0","23b","@DRUPALadmin/views/ajax/autocomplete/user/a","GET","200","","","","","Drupal
Views module with known information disclosure vulnerability detected
(http://www.madirish.net/?article=465).","",""
"003706","0","23b","@DRUPALindex.php?q=admin/views/ajax/autocomplete/user/a","GET","200","","","","","Drupal
Views module with known information disclosure vulnerability detected
(http://www.madirish.net/?article=465).","",""

I'm still testing these but they seem to work pretty well.  I'm going to
try and work back through some of the recent Drupal vulnerability
reports and add checks to Nikto.  Is there a recommended way to submit
stuff back to the project?  Thanks for any feedback.

Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey

On 07/11/2010 08:59 PM, Sullo wrote:
> We're happy to announce the immediate availability of Nikto 2.1.2!
> 
> http://cirt.net/Nikto2
> 
> Nikto is an open source web server scanner which performs
> comprehensive tests against web servers for multiple items, including
> over 6400 potentially dangerous files/CGIs, checks for outdated
> versions of over 1000 servers, and version specific problems on over
> 270 servers.
> 
> In addition to the usual laundry list of minor bug fixes, 2.1.2
> contains some new functionality and improvements, including:
> 
>     * Interactive scan status reporting
>     * Interactive changes to display/verbosity settings
>     * Memory/speed efficiencies
>     * Massive memory reduction with mutation scanning
>     * Search for strings with within all responses
>     * Rewritten authorization code
>     * Better use of cache to minimize server requests
>     * Nessus NBE report format by Frank Breedijk of Seccubus
>     * Improved plugin selection from command line
>     * Many new and updated tests
> 
> Download: http://cirt.net/Nikto2
> 
> MD5 Checksums:
> nikto-2.1.2.tar.bz2 = fa3e18a79de478e17736c35a6a3ca3f1
> nikto-2.1.2.tar.gz = 06013f08978bc43ba3c4fe8a3b7515b6
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAkw/YYIACgkQkSlsbLsN1gCRgwb/RMoWHJZNKq9LZasyH5xEOwov
fmCZ/f50g/AtgzgLbCVWSv1Fiyknlx0zLlozjqT6YsHx69zhyz140JmuFjS5dPdx
42laI9KH/xiqTzGo7hvkreUJlHdW8rw8fD56jWxiO3FyDHm1XjpjXQ61z6f97xGY
tlIJ/bLIqv52Po3LP+kj2GOj2QTVUZFVjVBRIzzydUs+t/u25EtzVHmN+wBEw2yA
kG9vCFoA4jJ6ZHYaT31GWD9nMJVLaBzVERbTM18m5BI1Q+ENiOzcj6oekRz6C0xd
EFCfxCgsmSqqXupO0L0=
=xB4l
-----END PGP SIGNATURE-----

From csullo at gmail.com  Thu Jul 15 15:18:42 2010
From: csullo at gmail.com (Sullo)
Date: Thu, 15 Jul 2010 16:18:42 -0400
Subject: [Nikto-discuss] Nikto 2.1.2 released
In-Reply-To: <4C3F6182.9000603@madirish.net>
References: <AANLkTinHrwgYgL2IKebFS0XmPpU3it1e2_DDfyKkuwNN@mail.gmail.com> 
	<4C3F6182.9000603@madirish.net>
Message-ID: <AANLkTim4-FvHRN8e_IJxo8bmf7KjYmsqp8bwV2xhx03h@mail.gmail.com>

On Thu, Jul 15, 2010 at 3:29 PM, Justin Klein Keane <justin at madirish.net> wrote:
> ?I'm writing some new tests and I have a couple of questions. ?Firstly
> I was wondering if anyone has documentation for the format of the
> db_tests file.

http://cirt.net/nikto2-docs/expanding.html

> Also, I'm adding some new stuff to
> the db_variables file and wondering if that is the best way to add new
> subdirectories to search. ?So far my additions to db_variables are:
>
> @DRUPAL=/ /drupal/ /drupal5/ /drupal6/ /drupal-6.16/ /drupal-6.17/

This looks fine. Keep in mind that each test will be multiplied into 5
tests with the 5 values you have here, so we always want to make sure
we are sticking with the most common subdirectories for a product
installation.

> I'm still testing these but they seem to work pretty well. ?I'm going to
> try and work back through some of the recent Drupal vulnerability
> reports and add checks to Nikto. ?Is there a recommended way to submit
> stuff back to the project? ?Thanks for any feedback.

You can validate the syntax of your tests with the -dbcheck option
(this will check the main tests as well as the user supplied
databases). You can email any checks directly to me and/or the mailing
list and I'll get them integrated as soon as possible.

Thanks!

-- 

http://www.cirt.net? ?? |? ? ? http://www.osvdb.org/