What's new in Nikto 2.1.5
Oct 10, 2012
- Ticket 261: Update CSV report to include banner info and put data into proper columns
- Ticket 247: Move etag header check to postfetch so no additional requests are made
- Ticket 245: Liberal use of CDATA in XML report to prevent problems. Thanks to Peter Wang for reporting.
- Ticket 242: nikto_headers.plugin now uses nfetch instead of direct LW calls
- Ticket 234: Add plugin for crossdomain.xml (and clientaccesspolicy.xml) to look for wildcards and warn about entries
- Ticket 233: Fix bad values in robots.txt from causing crashes
- Ticket 229: Don't repeat XML headers if appending to an existing report file, thanks to digininja for idea
- Ticket 228: Add client SSL certificate support. Thanks to monnerat for code submission!
- Ticket 226: Add GMT offset to time outputs
- Ticket 225: Template variables now have terminating hash to prevent collisions
- Ticket 224: Space in robots.txt kills scanner
- Ticket 222: Fix problems with banner parsing related to spaces, should result in fewer missed matches which should be hits.
- Ticket 220: Certificate wildcard matching incorrect
- Ticket 217: Add -IgnoreCode option to allow db_404_strings' @CODE at the command line
- Ticket 214: Relocate databases to 'databases/' directory from 'plugins/'
- Ticket 211: Shuffled some information in HTML report and added more summary data. Added error count and total check count to XML (note: DTD change).
- Ticket 209: Find IPs in HTTP headers
- Ticket 202: -maxtime maximum execution time per host (seconds)
- Ticket 175: -until run until specified time or duration
- Ticket 174: Checked for sites parked at hosting providers or advertising pages
- Ticket 161: robots.txt now checks for listed files (content search, etc.)
- Ticket 91: Identification of WEBrick fails. Updates made to handle banners with multiple items but no spaces
- Ticket 74: Removed 'single' mode code from nikto. There are better tools for this nowadays.
- Ticket 57: nfetch no longer uses global request/response hashes
- Ticket 1: Save full response on positive, plaintext & JSON
- Completely remove cache functionality as it was near worthless and added a lot of overhead
- Including JSON-PP source to not require JSON installation. http://search.cpan.org/~makamaka/JSON-2.53/lib/JSON/backportPP.pm
- Add IP address to CSV output. NOTE: this changes a parse-able report format!
- add_vulnerability now takes in %request and %response for saving of data
- nfetch() now returns headers received as argument 6--no more hash reference over-writing headers to send
- Added sub get_ips() to centralize IP extraction from strings
- Output file name now takes '.' which will auto-generate output filename like nikto_hostname_port.EXT
- Fix -root not appearing in report output, reported by Cédric Michel
- nikto_favicon.plugin checks for icons in
- tags
- Add check for non-empty OPTIONS response body, which could be related to something like http://zacstewart.com/2012/04/14/http-options-method.html
- Add nikto_paths.plugin to look for things to add to db_variables values
- Items found in robots.txt are now added to values from db_variables
- Keep tokens from getting into �_extensions, thanks to Erik Cabetas
- Fix vhost not being set properly, thanks to Brian Poole
- Fix crash on invalid regex chars in robots.txt (dis)allow lines
- Default to use Net::SSL instead of Net::SSLeay as a result of too many memory issues in SSLeay