Archived news from the old site...

  • 2007-07-24:  Posted the lw_build_req script, which is for making LibWhisker scripts more easily.
  • 2007-07-09:  Released a few vulns in Unobtrusive Ajax Star Rating Bar.
  • 2007-09-09:  Nikto 1.36 is out! Check out the details.
  • 2007-02-11:  Robert at cgisecurity.com sent me a few questions & has posted the an interview.
  • 2006-11-15:  ZDI finally published some Verity Ultraseek vulnerabilities (ZDI-06-042) I discovered early this year. This can let you host/port scan or load pages from protected resources (localhost web servers, other servers in a DMZ, etc.): OSVDB-30286, OSVDB-30287, OSVDB-30288, OSVDB-30289.
  • 2006-07-15:  Nikto is not only good for your webservers, but it's good for your career as well! Check out how security tools and certifications stack up head-to-head in the new competetive job listing section of cirt.net. It's only been collecting jobs for a few days, and already the leaders are emerging!
  • 2006-06-21:  Nikto named the #1 Web Vulnerability Scanner, and overall number 12 security tool, in Insecure.org's Top 100 Network Security Tools survey! Thanks everyone for the votes!
  • 2006-02-28:  Found a fun little Trillian DoS.
  • 2005-05-23:  It's been a while... but Nikto 1.35 is out! Check it out.
  • 2005-03-26:  CGISecurity.com has a news feed for web application security. It's available in several formats, including RSS of course.
  • 2005-02-23:  Posted three vulnerabilities found in the Cylcades AlterPath Manager: information disclosure, privilege escalation, and arbitrary console connection.
  • 2005-02-10:  Pavel Kaňkovský has been kind enough to convert the Nikto readme to man page format. You can download it here.
  • 2004-12-28:  Two new advisories posted, for MySQL's Eventum bug tracking system. One is for an enabled default account and the other for some XSS issues.
  • 2004-12-06:  James C. Foster has a new article up titled "Inside application assessments: Pen testing vs. code review", which givs nikto some props.
  • 2004-11-23:  I've opened up Scurn Security Search to the public. This handy interface from Tyler Owen searches the popular security resources for information.
  • 2004-09-09:  Nikto 1.34 is out! Check out the details.
  • 2004-07-23:  Released a new arbitrary file retrieval in EasyWeb FileManager Module for PostNuke. Lame, but people still seem to be using this stuff (according to the PostNuke forums, and everyone's friend Google).
  • 2004-06-18:  A new book out which has some Nikto coverage: Hacking for Dummies. Seriously. I'm not kidding.
  • 2004-04-22:  "The man who saved the Internet" (Paul/Tony Watson) has released his paper, slides and code for the much publicized "Slipping in the Window: TCP Reset Attacks". It's all available on OSVDB.org. Kudos to Paul for getting this issue so much attention.
  • 2004-03-31:  The Open Source Vulnerability Database (OSVDB) is now live! Grab a beer and come join the hoopla!
  • 2004-03-29:  Extensive cPanel 9.1.0-R85 Remote XSS vulnerabilities in the Advisories section. cPanel finally seems to be getting the hint about input filtering...
  • 2004-03-29:  Posted an Apache Cocoon error page path disclosure in the Advisories section.
  • 2004-03-23:  Two new cPanel 9.1.0-R85 Remote File Retrieval vulnerabilities in the Advisories section. Both are restricted to the user's directory tree, however.
  • 2004-02-04:  I apologize for the lack of Nikto DB updates lately... but there is a lot of work going on at OSVDB, and I'm focusing on web-test integration, along with Nikto v2. All of it is coming very soon...
  • 2004-02-04:  Going to try out some limited advertising on the site in an effort to make some green-backs... thank you, please do that thing you do with a-d-s (yes, the Google monster complained about me saying you should check the links out--go figure..).
  • 2004-01-09:  SunFreeWare.com has recently added Nikto 1.32 as an install package for Solaris 2.5 to 2.9. Thanks to Steve Christensen and everyone else there for the support.
  • 2004-01-01:  Nikto updates are going to be a bit less frequent for a short time, while version 2.0 is written and work on OSVDB is really cranking. Good things are coming out of the integration of both projects, and taking some time off updates will result in a long-term win for Nikto. Please be patient, or send me well-written checks so I can just add them to the DB. Also, OSVDB is looking for more people to help get the data in shape, and it is a worthwhile endeavor for anyone who wants to use the database in the future or learn more about current/past vulnerabilities.
  • 2003-10-27:  Nikto 1.32 is out! Check out the details.
  • 2003-08-06:  Back from Defcon! Quite a trip. The Firewall Monkeys and I hope to have pics online very soon of us running around in blue tuxedos. Also, had some great conversations with FBR and Watson about the future of OSVDB (Open Source Vulnerability Database) and we decided you should get involved, along with a few other things to come.
  • 2003-05-27:  Nikto 1.30 released! This release contains added functionality including NTLM authentication, multiple host/port support, CSV output, a cgiwrap plugin & more. All users are encouraged to upgrade to this version as the 1.23 databases will no longer be maintained. See the Nikto page for more details. Note: nikto_core.plugin version 1.05 initiall released with 1.30 has a bug which does not allow remote updates. You will need to grab a new gz or download the latest nikto_core.plugin
  • 2003-05-04:  Proud to see Nikto has been ranked #16 in Fyodor's "Top 75 Security Tools" survey! Not only did Nikto make it towards the top of the list, but it madethe front page of Slashdot.org to boot (actual article/discussion).
  • 2003-03-23:  Nikto's nikto_core.plugin (main code) has been updated, along with the addition of a new plugin which tests default ids/passwords against certain authentication realms. As of this release, Nikto package versions will be noted with the core version, as in Nikto 1.23 c1.04. This will aid in tracking updates which do not require a new install. The current updates only require running Nikto with -update, or downloading the new plugins/dbs.
  • 2003-03-06:  Added the Netscape /.perf plugin check to the Nessus distro. You can see some of our other plugins here.
  • 2003-01-01:  Celebrate the new year (and Nikto's first year!) with the release of Nikto 1.23! This version fixes multiple bugs and adds new features and support including username guessing (Apache), static auth cookies, static base directories, proxy id/password prompting, and more. Check out the details or just download it.
  • 2002-11-25:  In NetScreen's Malicious URL filter, if a segmented request for a blocked pattern is fragmented in the middle of the pattern, it will not be matched. See the complete advisory here.
  • 2002-09-24:  Shana's Informed Filler and Designer v3.05 may use random hard drive data as padding when encrypted files are created. You can read the details here.
  • 2002-09-01:  Mike Shema, Bradley C. Johnson and Keith Jones have released Anti-Hacker Tool Kit, which has about six pages on Nikto and detailed usage instructions. A PDF is also available from Foundstone that has excerpts from the book, including the Nikto section.
  • 2002-08-11:  Nikto 1.21 released! This upgrade includes an important bug fix for scanning or updating through proxies. All 1.20 users should upgrade to this version. See the Nikto page for more details.
  • 2002-08-11:  Nikto 1.20 released! This new version includes two new plugins: password file guessing and Google hunting. Text output format is much enhanced, SSL details are printed and multiple minor bugs have been fixed. See the Nikto page for more details.
  • 2002-08-01:  OSVDB (Open Source Vulnerability Database) and ISIS (Internetworked Security Information Services Initiative) have both been announced at BlackHat. Please see what you can do to help out either project, as future Nikto databases will hopefully be derived from entries in the OSVDB database rather than Nikto-only DBs.
  • 2002-07-13:  Joel Scambray & Mike Shema have just released the next book in their Hacking Exposed series: Hacking Exposed: Web Applications, which lists Nikto in the scanning software section, and says that Nikto is their "favorite free scanner today".
  • 2002-05-26:  Nikto 1.10 is now available. This version has a lot of additional features from the previous, so it is recommended that everyone upgrade.
  • 2002-05-20:  Sorry for the down-time (for some folks), had a bad entry for a DNS server... all better now.
  • 2002-05-09:  Zel from FireWallMonkeys.com points this link to more Nikto info on StarWars.com... Lucas gives credit. They've also got some pretty cool pics on the main page (reload).
  • 2002-05-08:  RFP has released Whisker 2.0. It's pretty cool, but be aware that it's "undocumented and unsupported" at this time.
  • 2002-04-26:  Quite a few Nikto updates to look for default Apache 2.0 files, so get the newest databases.
  • 2002-04-23:  Nikto 1.10 BETA 3 is now available and supports many new features over 1.018 and improvements over BETA 2. Check it out.
  • 2002-04-12:  Nikto has been added to the Biatchux distribution, which is a cool (free) bootable CD to create an environment for forensics, incident analysis/response and vulnerability testing. It has a load of tools included.
  • 2002-04-07:  Michel Arboi has updated the Nikto wrapper for Nessus to work with 1.100 BETA 2. See the CVS tree to get it.
  • 2002-04-07:  Nikto 1.100 BETA 2 is now available and supports many new features over 1.018. Check it out.
  • 2002-03-26:  Rain Forest Puppy has put his talks from HackExpo 2002 online, in which Nikto got itself a slide, along with other cool tools nmap, nessus and ethereal. You can see the whole presentation here (they're all good, but specifically it's "HackExpo - Tips and tools").
  • 2002-03-13:  Our good friend David has written his first Nessus plugin, which checks for misconfigured NTP servers. Check out the CVS tree.
  • 2002-02-24:   Thanks to Michel Arboi, Nessus now has a wrapper for Nikto! It's available in the CVS tree.
  • 2002-01-15:   @Stake has a blurb on "Commercial vs. Open Source Web Inspection Tools" in their news, mentioning CGIAudit, ScreamingCobra, and Nikto. OpenSource wins again!
General: