New software: CMS Explorer

Ever have to pentest a CMS and need to puzzle out what plugins and themes it has? Or ever see a cool site you know is running CMS-X but wonder what modules and themes they used? It can be tedious at best, or impossible at worst, to figure it out.

CMS Explorer was written just for that--to figure out what components (plugins and themes) CMS sites are using. The initial release works really well with Wordpress and Drupal, and has fledgling support for Mambo/Joomla! (fledgling because there is no central repo of components).

Firefox Search of Default Password List

Michel Chamberland has released a search add-on for Firefox that allows you to directly search the default password database directly. It's pretty straight-forward, but I like things that save time... and this does.

Grab it here.

MacNikto 1.1.1 Released

Lewis Francis has released a new version of MacNikto, which incorporates Nikto 2.1.1 and a few other fixes/updates. In case you're not familiar the program, it is a Mac OS X (universal binary) GUI for running Nikto without touching the command line:

Nikto 2.1.1 available!

I'm happy to announce the immediate availability of Nikto 2.1.1!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers.

In addition to bug fixes, 2.1.1 contains some new functionality, including:

  • New remote file inclusion (RFI) testing
  • Over 2300 new RFI tests (courtesy RSnake/OSVDB)
  • Sending of each test ID in the User-Agent

Nikto Award for Best IT Security Tools for 2009

Nikto has won a "Best IT Security Tools for 2009" award in the open source category for application scanners. An award is a testament to the great work Dave has done in 2009 to keep Nikto updated, accurate and relevant even as the web is changing at lightning speeds.

Nikto 2.1.0 release

It's final time to stop procrastinating: Nikto 2.1.0 is here!

This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable. Changes include:

  • Rewrite to the plugin engine allowing more control of the plugin structure and making it easier to add plugins

  • Rewrite to the reporting engine allowing reporting plugins to cover more and also ensuring that output is written if Nikto is quit before finishing