Nikto 2.1.1 available!

I'm happy to announce the immediate availability of Nikto 2.1.1!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers.

In addition to bug fixes, 2.1.1 contains some new functionality, including:

  • New remote file inclusion (RFI) testing
  • Over 2300 new RFI tests (courtesy RSnake/OSVDB)
  • Sending of each test ID in the User-Agent

Nikto Award for Best IT Security Tools for 2009

Nikto has won a "Best IT Security Tools for 2009" award in the open source category for application scanners. An award is a testament to the great work Dave has done in 2009 to keep Nikto updated, accurate and relevant even as the web is changing at lightning speeds.

Nikto 2.1.0 release

It's final time to stop procrastinating: Nikto 2.1.0 is here!

This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable. Changes include:

  • Rewrite to the plugin engine allowing more control of the plugin structure and making it easier to add plugins

  • Rewrite to the reporting engine allowing reporting plugins to cover more and also ensuring that output is written if Nikto is quit before finishing


Jabra, author of Nikto's XML output format, has just released Nikto::Parser (along with several other security tool parsers). This perl module takes in a Nikto XML file (or runs Nikto directly) and creates an easily accessible interface to the data.

Here's an example reading in a saved scan file.

Using printers to hold files

I've had this little proof of concept tool sitting around for a while: it essentially acts as an ftp-like front end for storing files on a network aware printer.

Most modern printers are not only network aware, but they generally have an embedded hard disk, used to store fonts, templates and even jobs. The de facto standard for communicating with printers is PCL - an ASCII with escape codes system that has existed since the 1980s.

New tool: mp3 duplicate finder

The find_mp3_duplicates PERL script is designed to do one thing: find duplicate audio files, based on the audio content, from two distinct directory trees. It was made to help merge two somewhat-overlapping music collections.

It uses the MP3::Info module to extract the audio portion of the file, and then generates an md5 hash of the audio portion

See full description for more info.