[Nikto-discuss] Nikto 2.1.2 released

Justin Klein Keane justin at madirish.net
Thu Jul 15 14:29:06 CDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm writing some new tests and I have a couple of questions.  Firstly
I was wondering if anyone has documentation for the format of the
db_tests file.  I can pick through the source but help would be greatly
appreciated and abet my laziness.  Also, I'm adding some new stuff to
the db_variables file and wondering if that is the best way to add new
subdirectories to search.  So far my additions to db_variables are:

@DRUPAL=/ /drupal/ /drupal5/ /drupal6/ /drupal-6.16/ /drupal-6.17/

And the new tests I added to db_tests are:

"003700","3093","23b","@DRUPALsites/default/settings.php","GET","site-specific
configuration","","","","","The Drupal settings.php file is sent in
plain text not parsed by PHP. This file may contain a database
connection string.","",""
"003701","0","23b","@DRUPALsites/all/modules/og_menu/og_menu.js","GET","Drupal.behaviors.OGMenu","","","","","Deprecated
Drupal OG Menu module with known vulnerabilities detected
(SA-CONTRIB-2010-073 - http://drupal.org/node/854402).","",""
"003702","0","23b","@DRUPALsites/all/modules/jsmath/README.txt","GET","The
jsMath script","","","","","Deprecated Drupal jsMath module with known
vulnerabilities detected (SA-CONTRIB-2010-073 -
http://drupal.org/node/854402).","",""
"003703","0","23b","@DRUPALsites/all/modules/tellafriend_node/README.txt","GET","Glenn
Gaetz","","","","","Deprecated Drupal Tell a Friend Node module with
known vulnerabilities detected (SA-CONTRIB-2010-073 -
http://drupal.org/node/854402).","",""
"003704","0","23b","@DRUPALsites/all/modules/simplegallery/simplegallery.css","GET","simplegallery-term","","","","","Deprecated
Drupal Simple Gallery module with known vulnerabilities detected
(SA-CONTRIB-2010-073 - http://drupal.org/node/854402).","",""
"003705","0","23b","@DRUPALadmin/views/ajax/autocomplete/user/a","GET","200","","","","","Drupal
Views module with known information disclosure vulnerability detected
(http://www.madirish.net/?article=465).","",""
"003706","0","23b","@DRUPALindex.php?q=admin/views/ajax/autocomplete/user/a","GET","200","","","","","Drupal
Views module with known information disclosure vulnerability detected
(http://www.madirish.net/?article=465).","",""

I'm still testing these but they seem to work pretty well.  I'm going to
try and work back through some of the recent Drupal vulnerability
reports and add checks to Nikto.  Is there a recommended way to submit
stuff back to the project?  Thanks for any feedback.

Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey

On 07/11/2010 08:59 PM, Sullo wrote:
> We're happy to announce the immediate availability of Nikto 2.1.2!
> 
> http://cirt.net/Nikto2
> 
> Nikto is an open source web server scanner which performs
> comprehensive tests against web servers for multiple items, including
> over 6400 potentially dangerous files/CGIs, checks for outdated
> versions of over 1000 servers, and version specific problems on over
> 270 servers.
> 
> In addition to the usual laundry list of minor bug fixes, 2.1.2
> contains some new functionality and improvements, including:
> 
>     * Interactive scan status reporting
>     * Interactive changes to display/verbosity settings
>     * Memory/speed efficiencies
>     * Massive memory reduction with mutation scanning
>     * Search for strings with within all responses
>     * Rewritten authorization code
>     * Better use of cache to minimize server requests
>     * Nessus NBE report format by Frank Breedijk of Seccubus
>     * Improved plugin selection from command line
>     * Many new and updated tests
> 
> Download: http://cirt.net/Nikto2
> 
> MD5 Checksums:
> nikto-2.1.2.tar.bz2 = fa3e18a79de478e17736c35a6a3ca3f1
> nikto-2.1.2.tar.gz = 06013f08978bc43ba3c4fe8a3b7515b6
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAkw/YYIACgkQkSlsbLsN1gCRgwb/RMoWHJZNKq9LZasyH5xEOwov
fmCZ/f50g/AtgzgLbCVWSv1Fiyknlx0zLlozjqT6YsHx69zhyz140JmuFjS5dPdx
42laI9KH/xiqTzGo7hvkreUJlHdW8rw8fD56jWxiO3FyDHm1XjpjXQ61z6f97xGY
tlIJ/bLIqv52Po3LP+kj2GOj2QTVUZFVjVBRIzzydUs+t/u25EtzVHmN+wBEw2yA
kG9vCFoA4jJ6ZHYaT31GWD9nMJVLaBzVERbTM18m5BI1Q+ENiOzcj6oekRz6C0xd
EFCfxCgsmSqqXupO0L0=
=xB4l
-----END PGP SIGNATURE-----

More information about the Nikto-discuss mailing list