04.17.2007
nikto_core.plugin 1.39
- Fix check/send update code for improperly setting IP instead of name in Host header. Thanks Mattias for pointing this out.
03.05.2007
nikto_core.plugin 1.38
- Fix -x option, now -Pause (Thanks Jericho)
nikto_realms.plugin 1.03
nikto_headers.plugin 1.12
- Add -P for requests that don't use fetch()
02.11.2007
nikto 1.36
- Bug fixes in redirection messages/handling
- Added -404 option to skip pages with certain content, to help cut false-positives. (A. Ramos/ unsec.net)
nikto_put_del_test.plugin 1.00
- Added
nikto_apacheusers.plugin 1.03
- Bug fix for regex error
nikto_headers.plugin
- Give info on more headers (Jericho)
nikto_httpoptions.plugin
- Check the Public header as well as Allow (Jericho)
02.16.2006
nikto_outdated.plugin 1.14
- Encode spaces in strings that may be sent as updates.
nikto_outdated.plugin 1.36
- Add -P0 to nmap call, thanks to Richard van den Berg for pointing this out.
09.07.2005
nikto_headers.plugin
- Don't alert on the host's actual IP if it's returned in a header.
07.26.2005
nikto_core.plugin
- Output a warning for HTML output as a result of OSVDB-17886.
05.27.2005
nikto_core.plugin 1.31
- Set the $CONFIG{MAX_WARN} bit to use the variable on the error instead of a fixed num, thanks to Nicolas Gregoire for pointing this out.
05.20.2005
Database Updates
- Multiple msgs updates from david.maciejak@kyxar.fr
- Multiple test updates from burak.dayioglu@pro-g.com.tr
nikto_core.plugin 1.31
- Bugfix: fingerprint was not including leading /. Thanks Axel Meerschaert for the report.
- Bugfix: NMAPOPTS was not being used, thanks to David Rhoades for patching.
- Added additional content checking to reduce false positives, thanks to Pavel Kankovsky
nikto.pl 1.14
- Added -config option to specify a config file, thanks to Pavel Kankovsky
09.09.2004
nikto_core.plugin 1.29
- Bugfix: moved processing of -root items into fetch() to catch *all* cases, from Erik Cabetas
- Bugfix: fixed namespace issues with %FILES which could cause havoc in mutate mode, from Erik Cabetas
- Bugfix: Fixed reverse DNS lookup--noted by Eduardo Cruz.
- Add some normalizations to the -root option variable, suggested by Erik Cabetas
nikto_mutate.plugin 1.07
- Bugfix: removed usage of -root items in favor of placement in fetch()
nikto_outdated.plugin 1.13
- Bugfix: fixed regex issue on banner. thanks Alexander Ehlert for pointing it out
nikto_realms.plugin 1.02
- Bugifx: fixed some realms not being tested due to hash collisions
07.24.2004
nikto_core.plugin 1.28
- Fix a namspace violation which could allow nikto's path to be sent during certain mutation combinations. Found by Erik Cabetas.
- Add some normalizations to the -root option variable, suggested by Erik Cabetas
06.07.2004
nikto_core.plugin 1.27
- Mis-pasted line, pointed to by Erik Cabetas
06.03.2004
nikto_core.plugin 1.26
- Added error if -F specified without -o, from Erik Cabetas
- Bugfix: server category match no longer matches partial strings, from Erik Cabetas
06.02.2004
nikto_core.plugin 1.25
- Cleaned up comment/line parsing routines in multiple places, from Erik Cabetas
- Tightened some for loops with real values instead of guessing, from from Erik Cabetas
- Removed duplicate bit of code, from Erik Cabetas
- Addded error message if no host is specified, from Erik Cabetas
- Added more robust output file type checking (txt/htm/cvs), from Erik Cabetas
- Added more debug statements regarding which CGI directories will be scanned, from Erik Cabatas
12.17.2003
nikto_core.plugin 1.20
- Fixed BID links, thanks Richard Tortorella for the report.
10.27.2003 Nikto 1.32 release
nikto_core.plugin 1.19
- Removed unecessary 'use IO::Socket' call from resolve()
- Removed unecessary counters
- Replaced some slow foreach counters
- Moved proxy_check earlier, before port_scan, so it will be set first
- Removed -allcgi option in favor of -CGIdir, which can specify to test 'all', 'none' or a specific directory.
- Bugfix: testing through proxy by making sure host name is set instead of ip, thanks to Fabrice Annic for the catch
- Bugfix: a regex/logic/if error in test_target, thanks Pavel Kankovsky for the bug report. 401/302 messages will now report regardless of test/pass fail.
- Bugfix: -dbcheck now identifies duplicates without relying on message text, thanks Jericho / Attrition.org for pointing this out
nikto.pl 1.12
- Rearranged order of get_banner & setup so that it would be called right
nikto_headers.plugin 1.08
- Added DAAP header check
10.02.2003
nikto_core.plugin 1.18
- Fixed get_banner to properly handle multi host/port scans
10.01.2003
nikto_outdated.plugin 1.12
- Fixed improper matching in version evals, reported by Paul Bakker
09.30.2003
nikto_core.plugin 1.17
- Reordered loop code to make -f scans faster.
- Added a skip for "(Win32)" in the version updates back to cirt.net
nikto_outdated.plugin 1.11
- Stripping () from version strings
09.24.2003 Nikto 1.31 release
nikto_core.plugin 1.16
- Fixed a bug in resolve() that may prevent name lookups when host files used
- Fixed a bug in resolve() where scan would exit if 1 name resolution from host file failed
- Changed set_targets so that if the -h value exists as a file it reads that instead of resolving it as a name. This eliminates need for .csv or .txt file name endings.
- Added auto or semi-auto update of version strings to CIRT.net. This is done through a simple GET request. Controlled via config.txt's UPDATES variable.
*ABSOLUTELY NO* server info is sent... only versions from HTTP headers, i.e. "Apache/4.0". Thanks to Jericho for feedback/ideas.
- Added a host counter output at end & for every 10 hosts
- Set CHANGES.txt download only on *code* updates, not DBs
- Added MAX_WARN to config.txt for warning level on OK/Moved messages, thanks Jericho for the suggestion.
- Added PROMPTS to config.txt to allow user control of prompting--good for unattended scans
- Added a regex test to dbcheck() better catch errors in server_msgs.db
- Thanks again to Jericho for many updated tests/information.
- Cleaned up port scan code
- Fixed/improved scanning through proxies
nikto_outdated.plugin 1.09
- Added support for sending updates of version strings to CIRT.net. See nikto_core.plugin version 1.15 notes.
LW.pm - 1.8
- Updated to LW.pm v1.8, see the change log included with it (www.wiretrip.net/rfp/).
nikto.pl - 1.10
- Implemented versioning on nikto.pl (!), many changes to support core 1.15
- Put 'require LW.pm' down *after* we know where it is.. duh. Thanks J Barber (ussysadmin.com) for the suggestion. Also changed it 'require' vs 'use' so in the future I can update it, if necessary.
- Hosts are now tested in the same order as the appear in an input file
08.18.2003
nikto_outdated.plugin 1.08
- Fixed nasty regex bug in the version eval, and made more efficient. Pointed out by fr0stman, thx Zeno for assistance
07.22.2003
nikto_headers.plugin 1.07
- Added Host header back after delete in IIS Content-Location check. Thanks to Abdi Ponce for the bug report & debug.
nikto_httpoptions.plugin 1.04
- Changed PROPPATCH, TRACK, TRACE messages. Changed PROPFIND message, thanks to Jericho for tracking down some good info on it. Added SEARCH message.
nikto_core.plugin 1.14
- Added
tags to the HTML output for browser-neatness
- Removed a stray debug print
07.03.2003
- Thanks to Jeremy Bae for many Jeus Webserver tests.
06.29.2003
nikto_core.plugin 1.13
- changed some &function calls to function() to keep $_ from being passed down another level.. thanks to zeno for the heads-up.
nikto_headers.plugin 1.05
- fixed the IIS4 content-location check as it had a tendency to fail miserably...
06.29.2003
nikto_core.plugin 1.12
- changed output of dump_request to be more like normal request text
06.29.2003
nikto_core.plugin 1.11
- bug fix for scanning through proxies
06.19.2003
nikto_core.plugin 1.10
- added 'csv' to file formats in -help output (doh!)
- minor speedups
06.17.2003
nikto_user_enum_apache.plugin 1.02
- Bugfix: some user names not tested (zz, zzz, etc.)
- Major rewrite for speed improvements
nikto_user_enum_cgiwrap.plugin 1.01
- Bugfix: some user names not tested (zz, zzz, etc.)
- Major rewrite for speed improvements
06.16.2003
nikto_core.plugin 1.09
- dbcheck option enhanced: check that all plugins are in the order file
- dbcheck option enhanced: check that all plugins have properly named sub calls
- update option enhanced: retrieves updated CHANGES.txt file with code updates
- Bugfix: resolve() did not properly catch invalid IP addresses. Reported by Rick Tortorella.
06.12.2003
nikto_core.plugin 1.08
- Removed iprint() entirely (finally)
- Made "Needs Auth" links active in HTML output
05.30.2003
nikto_core.plugin 1.07
- Bugfix:
05.30.2003
nikto_core.plugin 1.06
- Added number of elapsed seconds to final host/port output
- Bugfix: Changed CAN/CVE link to point to cve.mitre.org instead of ICAT
- Bugfix: Duplicate port 80 in nmap options if -p not specified but 80 specified in hosts file
05.28.2003
nikto_core.plugin 1.05
- Bugfix: -update code prevented automatic updates. Found & fixed by Keith Young. Also reported by Paul Worshaw.
05.27.2003
Nikto 1.30 release
General changes
- removed nikto_google.plugin entirely (may add better plugin later)
- major "under the hood" changes to make things easier to maintain, read & modify
- killed as many global vars as I could stand in favor of a few global hashes (CLI input, etc.)
- added $CURRENT_HOST_ID and $CURRENT_PORT as globals--these are the pointers to "where you are" (mostly as in $TARGETS)
- added the ability to have basic conditional items for tests, i.e. "200!index" to designate a response of "200" but the
content does not contain "index" (suggested by Paul Woroshow).
- added -V option, which displays versions of all code files & databases (suggested by Jericho)
- specifying -ssl now forces *all ports* on *all servers* to use ssl. best that can be done for now.
- added multi-host support via a text file with port specification in the file or via CLI
- all new save file routines
- unbuffered file output to keep partial/cancelled run data
- removed the -w option in favor of -F with multiple formats
- added support for NTLM authentication
- added cgiwrap plugin
nikto_core.plugin 1.05
- Many updates to support multiple host scans
- Added UA for update agents
- Changed all %SERVER hash refs to either %CLI or %TARGETS
- Removed %BANNERS (now in %TARGETS)
- Added set_targets() to handle various target input methods
- Bugfix: non-SSL ports not found after first SSL port found on a host
- Bugfix: authentication realms were not checked with the proper root if -r was specified on the CLI
- Bugfix: can't call 'fprint' if core plugin is not found (duh!). Found by Erwin Paternotte.
nikto_user_enum_cgiwrap.plugin 1.00
- added
nikto_mutate.plugin 1.05
- change for using %CLI
nikto_passfiles.plugin 1.01
- change for using %CLI
nikto_user_enum_apache.plugin 1.01
- change for using %CLI
- renamed from 'nikto_userenum.plugin'
nikto_msgs.plugin 1.03
- minor changes for multi-host support
plugins_order.txt 1.03
- removed nikto_google.plugin
02.23.2003
nikto_core.plugin 1.04
- Added a work around for servers that answer with blank www-authenticate headers with invalid id/pass combos
nikto_realms.plugin 1.00
- Added to distro
realms.db 1.00
- Added to distro
plugins_order.txt 1.02
- Added nikto_realms.plugin
01.22.2003
nikto_httpoptions.plugin 1.03
- standardized wording, added TRACE option, added more description to WebDAV msgs (thanks Jericho at attrition.org).
01.22.2003
nikto_core.plugin 1.03
- fixed a bug with matching proper server categories, thanks to Paul Woroshow.
01.17.2003
nikto_core.plugin 1.02
- fixed the GetOptions only looking for "-gener" instead of "-generic", thanks to Michel Arboi
01.02.2003
nikto_core.plugin 1.01
- fixed proxy authentication not prompting for -update option
01.01.2003
Nikto 1.23
- added nikto_plugin_order.txt to force plugin order to something we want rather than alpha
- added nikto_core.plugin & removed most functions from nikto.pl
- added -cookies option
- enhanced db syntax error checking (spurred by syntax problems Thomas Reinke found)
- started using the LW 1.6 libraries
- fixed infinite loop output problem (no longer wrapping long lines)
- removed usage from saved output (too long)
- remove nikto_frontpage.plugin and put checks in scan_database.db
- moved server categories from scan_database.db to servers.db
- got rid of the leading "c," requirement from scan_database.db
- added STATIC-COOKIE config item as suggested by Eyal Udassin
- made CLI options case sensitive (to support more options, hosts files, etc)
- added Javier Fernandez-Sanguino Pen~a's Apache user enumeration plugin
- added -r (-root) file prepend as suggested by Eyal Udassin
- many DB typo fixes from Jay Swofford
- fixed a regex bug in nikto_robots.plugin and nikto_apacheusers.plugin
- new update location (path) to better support upgrades that don't effect db syntax
08.21.2002
Nikto 1.21
- Fixed all the proxy code--none of it was working due to where it was set in the initialization.
- Added -update to the help output. Not sure why it wasn't there.
08.12.2002
Nikto 1.20
- Re-packaged to take out a testing line from LW.pm. Thanks to D Rhoades for the catch
08.11.2002
Nikto 1.20
- Moved all mutate options to plugins
- Added password file mutate plugin
- Added better error messages if problems arise
- Test for false-positives on all CGI directories
- Added -useproxy CLI
- Printing SSL certs the server accepts
- Fixed port sorting if -f is used
- Forked 1.20DCX edition for DefCon 10 CD: difference is only output
- Fixed a bug where "findonly" was referenced as "findports" (thanks J DePriest)
- Added properly wrapped text output in saved files
05.25.2002
Nikto 1.100
- stopped nikto from dying if no config.txt file found
- added Apache user enumeration plugin
- added robots.txt plugin
- set false-positive message to display at end of run as well as during
-
04.23.2002
Nikto 1.10BETA_3
- fixed CAN/CVE links, added BID/CA/MS links (suggested by Jericho).
- prints total number of 'issues' found (suggested by Jericho).
- fixed proxy usage in the cirt.net update function.
- updated to use LW 1.4, which fixes an SSL infinite loop problem.
- fixed 401 auth suppression (broken in beta 2).
- added robots plugin to examine robots.txt & add items found to the mutate check
-
03.31.2002
Nikto 1.10BETA_2
- fixed the config.txt DEFAULTHTTPVER variable setting so it really works
- made proxy_check run only once per session
- removed all reference to "nikto" in the scan_database.db
-
03.23.2002
Nikto 1.10BETA_1
- renamed plugins from .pl to .plugin, just for clarity. but they're still perl files
- allowed nikto.pl to update plugins the same as .db files
- usage of LW 1.2
- countless "under the hood" type things
- lowercase-incoming-headers to more easily handle case sensitive nonsense
- compartmentalized a LOT more code to make things easier to read
- created config.txt file configuration w/o midifying nikto.pl itself
- added user_scan_database.db so that it won't get ovwr-written if the user adds checks
- enabled RFP's LibWhisker anti-ids options
- change "check," to "c," in scan_database, just to save a little bandwidth on cirt.net :)
- added plugin to check HTTP methods
- created a 'mutate' mode for really brute force finding stuff on servers
- added the ability to set default CLI options via config file
- added PLUGINDIR config variable
- added plugin to check other HTTP headers (just x-powered-by for now)
- added ability for nikto to auto-determine ssl v non-ssl on a port
- added port scanning ability (with or without nmap)
- added ability to send message via the update script's versions.txt file. I don't know why, but it may be handy to let folks know if a new beta is out, or something.
- implemented the virtual host headers as patched by Pasi Eronen
-
01.17.2002
Nikto 1.018
- Added /mpcgi/ to the @CGIDIRS array based on some suggestions.
- Fixed a bug in the auth_check function (thanks RFP), and cleaned up error reporting on failed auths
-
01.12.2002
Nikto 1.017
- Fixed a bug where the data portion of a request did not reset to null after some checks (thanks to Phil Brass for pointing me at it & letting me test against his server).
-
01.10.2002
Nikto 1.016
- Add dump_*hash functions
- Added pause (-x) in scan loop
- Fixed a bug which caused a major slowdown
- Added load_conf for setup for configuration files (future)
- Fixed http vs. https links in output files
-
01.08.2002
Nikto 1.015
- Fixed a bug (?) in Libwhisker PR4 (will check v1 code...)
- Corrected an error which caused a few false-positives (404 really IS not found :)
01.07.2002
Nikto 1.014
- Removed comment filtering from lines in scan_database.db to accommodate SSI includes
- Fixed quoting removal for data portions in checks (so " is valid).
-
01.06.2002
Nikto 1.013
- Made major globabl variable changes, moved tons of them to hashes
- Wrote some basic plugin writing documentation & added 'docs' directory
-
01.03.2002
Nikto 1.012
- Added extended output for scan archival reasons (suggested by Steve Saady)
- Changed host auth failure to a warning, not stoppage
- Added "data" portion to scan_database.db
- Added @IP and @HOSTNAME substitutions for scan_database.db checks (will be replaced by actual IP/hostname)
- in case they are needed in the future.
- Added JUNK() to scan_database.db checks to facilitate future buffer-overflows (non-DoS), and future DoS plugins
- Added Proxy-agent as valid the same as Server result strings
- Changed -l to -n ("nolookup") to be more accurate
-
01.02.2002
Nikto 1.011
- Added proxy auth for db update requests (oops).
- Started .xxx version numbering scheme to make life easier
- Fixed href tags in HTM output (< and > encoding and target host/ip)
- Added "caseless" WWW-Authenticate finding (for iPlanet Proxy)
-
12.31.2001
Nikto 1.01
- Added regex to remove comments from scan_database.db in case they ever exist
- Fixed extra 'Host:' line being sent to server (duh).
- Fixed non 'GET' request data posting (duh).
- Added -timeout option
12.27.2001
Nikto 1.00
- Finalized beta version for release