CIRT.net

Nikto 2.1.2 introduces some much needed status reporting, along with some new interactive features.

First up, the Display mode "P" will print a progress report to STDOUT every 500 tests (configurable in nikto.conf or via -Plugins). During a scan, you'll see something like this:

We're happy to announce the immediate availability of Nikto 2.1.2!

Nikto is an open source web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6400 potentially dangerous files/CGIs, checks for outdated versions
of over 1000 servers, and version specific problems on over 270 servers.

In addition to the usual laundry list of minor bug fixes, 2.1.2 contains some new functionality and improvements,
including:

When facing off against a WebDAV enabled server, there are two things to
find out quickly: can you upload files, and if so, can you execute code?

DAVTest attempts help answer those questions... as well as automatically uploading shells when possible.

Read more at the Sunera Security Blog.

The default password database has been updated with a few new features!

Ever have to pentest a CMS and need to puzzle out what plugins and themes it has? Or ever see a cool site you know is running CMS-X but wonder what modules and themes they used? It can be tedious at best, or impossible at worst, to figure it out.

CMS Explorer was written just for that--to figure out what components (plugins and themes) CMS sites are using. The initial release works really well with Wordpress and Drupal, and has fledgling support for Mambo/Joomla! (fledgling because there is no central repo of components).

Michel Chamberland has released a search add-on for Firefox that allows you to directly search the default password database directly. It's pretty straight-forward, but I like things that save time... and this does.

Grab it here.