Tools & Utils

Click Jacking Test Script

Some of you may have been observant and noticed that Nikto has alerted about the lack of the X-Frame-Options header from web servers. This headers gives hints to the user agent on how it should be handled from within a frame, effectively preventing click-jacking, or the overlaying of information over a frame to fool a user into clicking on something they don't want to.

NIkto 2.1.5

We're happy to announce the immediate availability of Nikto 2.1.5, and that Nikto is now sponsored by Sunera LLC!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Nikto 2.1.4 available!

We're happy to announce the immediate availability of Nikto 2.1.4!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

This release contains a number of important bug fixes, as well as new functionality and improvements, including:

Site Crunch

What is Site Crunch?

A while ago I had a discussion with Billy Hoffman of Zoompf! about optimizing web site files in an automated manner on unix systems. I wrote a quick script to wrap some intelligence around a few common programs, and Site Crunch was born. Since then, it's gotten a bit more polished and easier to use, but the fundamental program hasn't changed.

New software: DAVTest

When facing off against a WebDAV enabled server, there are two things to
find out quickly: can you upload files, and if so, can you execute code?

DAVTest attempts help answer those questions... as well as automatically uploading shells when possible.

Read more at the Sunera Security Blog.

New software: CMS Explorer

Ever have to pentest a CMS and need to puzzle out what plugins and themes it has? Or ever see a cool site you know is running CMS-X but wonder what modules and themes they used? It can be tedious at best, or impossible at worst, to figure it out.

CMS Explorer was written just for that--to figure out what components (plugins and themes) CMS sites are using. The initial release works really well with Wordpress and Drupal, and has fledgling support for Mambo/Joomla! (fledgling because there is no central repo of components).

Pages