Jabra, author of Nikto's XML output format, has just released Nikto::Parser (along with several other security tool parsers). This perl module takes in a Nikto XML file (or runs Nikto directly) and creates an easily accessible interface to the data.

Here's an example reading in a saved scan file.

Using printers to hold files

I've had this little proof of concept tool sitting around for a while: it essentially acts as an ftp-like front end for storing files on a network aware printer.

Most modern printers are not only network aware, but they generally have an embedded hard disk, used to store fonts, templates and even jobs. The de facto standard for communicating with printers is PCL - an ASCII with escape codes system that has existed since the 1980s.

New tool: mp3 duplicate finder

The find_mp3_duplicates PERL script is designed to do one thing: find duplicate audio files, based on the audio content, from two distinct directory trees. It was made to help merge two somewhat-overlapping music collections.

It uses the MP3::Info module to extract the audio portion of the file, and then generates an md5 hash of the audio portion

See full description for more info.

Last chance for features in Nikto 2.1.0

I've decided to stop procrastinating and put the final polish on the next version of Nikto and aim for a mid-July release date.

This is the last chance to guide the remaining tasks I have left. If you want some super great feature or needed bug fix in the next version, head over to assembla ( and raise a ticket, post on the discussion list or send me an email.

What not to do when changing a configuration file

We've had a couple of bugs raised after some people have upgraded Nikto 2.02 to Nikto 2.03 and kept the same configuration file.

To fix a bug there was a wee change to the configuration file with Nikto 2.03, but there was no extra check in the code to give the new setting a default value.

If you have problems with Nikto 2.03 failing to find web servers, check config.txt and ensure that the below line is present:


(This line defines which HTTP methods Nikto uses to check whether an HTTP server is listening).

Anonymous tickets and spamming

The more observant may have noticed that several spamming tickets were created within the Nikto development trac instance, this compounded with a time when I couldn't get to my mail account, means that we've had around 100 spams in the trac database.

These have now been deleted and I've revoked rights for anonymous users to raise tickets to prevent more spammers from wasting my time.

This means that if you need to raise a ticket for Nikto, you'll have to either create an account within Assembla, or you'll need to contact me via email or the Nikto mailing list.