Nikto 2.03 is here!


Only a month late (personal life et al) and nikto 2.03 is now here. This is an important release as it is the first release of Nikto not under the benevolent gaze of Sullo.

This is a point release to update the databases and fix a few bugs, many of which may be found under the CHANGES document (or you can check on Assembla).

In essence, what has changed:

  • Nikto can now take greppable nmap input directly on the command line.
  • Nikto can take a range of ports (e.g. 80-82).
  • Ports that are not open are now reported.
  • Nikto can now read hosts from stdin, by specifying "-host -".
  • HTML and XML reports don't produce duplicates.
  • Allow multiple HTTP methods to work out whether the server is HTTP or not.
  • Fix for a nasty bug where defined variables (e.g. cgi-bin directories) are not read properly.
  • Updates to allow HTML output to validate properly as XHTML.

The current roadmap can be seen on Assembla.

Please, try out, break and report bugs and suggestions...