Recently all new Nikto development has moved from Assembla to GitHub!

In Nikto 2.1.1, the facillity to call only specific plugins was added. This was mainly designed as a debugging and development feature so that it is easier to test one plugin without running all of the tests. This was a very simple plugin string that consisted of a simple comma separated list of plugin names.

In Nikto 2.1.2 it was discovered that this facillity was of more use than previously thought and could fix one of the basic flaws with the current plugin system: that of passing parameters to the plugin, something that had been hacked via using -mutate-options.

Nikto 2.1.2 introduces some much needed status reporting, along with some new interactive features.

First up, the Display mode "P" will print a progress report to STDOUT every 500 tests (configurable in nikto.conf or via -Plugins). During a scan, you'll see something like this:

Jabra, author of Nikto's XML output format, has just released Nikto::Parser (along with several other security tool parsers). This perl module takes in a Nikto XML file (or runs Nikto directly) and creates an easily accessible interface to the data.

Here's an example reading in a saved scan file.

Only a month late (personal life et al) and nikto 2.03 is now here. This is an important release as it is the first release of Nikto not under the benevolent gaze of Sullo.

This is a point release to update the databases and fix a few bugs, many of which may be found under the CHANGES document (or you can check on Assembla).

In essence, what has changed:

I have been meaning to make this post for a while now...

I'm happy to announce that Nikto has a new lead developer! He goes by the name "Dave" but I think his parents actually named him "deity." Whatever you decide to call him, please welcome him to the club and make sure he knows the secret handshake.