viernes, 5 de febrero de 2010

Nueva versión 2.1.1 de Nikto



Hoy les dejo un post mas bien corto pero importante. El 30 de Enero pasado los muchachos de CIRT liberaron la versión 2.1.1 de Nikto. Esta es una excelente herramienta de auditoría, por lo que les recomiendo a todos aquellos interesados en la auditora de seguridad que lo descarguen, y para aquellos que ya lo tienen que lo actualicen.

Les dejo los links de descarga:

Descarga: Version 2.1.1 .gz o .bz2







Y a continuación les dejo el changelog (registro de cambios):

2010-02-01 Nikto 2.1.1
  • Ticket 117: Fixed SKIPPORTS
  • Ticket 116: Moved User-Agent string to nikto.conf
  • Ticket 116: Added dynamic variables to User-Agent (Testid, Evasion methods)
  • Ticket 95: Added support for OSVDB, now the fun bit of filling it in
  • Ticket 111: Basic syntax checks for all databases
  • Ticket 109: Added an extra optional element to xml output to contain the SSL date. Need to do similar for html, txt and csv
  • Ticket 106: Shorts authentication being successful if an error is returned
  • Ticket 107: Support for short reads in LW2.5
  • Ticket 98: If -Format is missed guess the format based on file extension in -output. Default is none if -output is omitted.
  • Ticket 96: Multiple index file enhancements for groups and better unique file identification
  • Ticket 103: content in xml report is now wrapped in CDATA
  • Ticket 110: Mutate now respects db variables
  • Ticket 97: Fix for response caching
  • Ticket 99: Spelling disagreements between Brits and Americans
  • Added @RFIURL to nikto.conf for a remote file include location, and supporting code.
  • Added ~2300 RFI tests from the combined RSnake/OSVDB list
  • Removed NMAP and NMAPOPTS from nikto.conf as it is no longer used/supported
  • Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates
  • Upgrade to LibWhisker 2.5
  • Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer)
  • Added support to select plugins via -Plugins and -list-plugins option to list current plugins
  • Major bug fix for proxy usage
  • Don't report p3p header as unusual
  • Various changes to aid future binary db usage for mutates
  • Various changes to aid future multi-threading
  • Fix for multiple index files


Ximo

2 comentarios:

  1. Changos,si fuera auditor me hubiese descargado esta cosa...pero soy un simple mortal.Abrazo!

    ResponderEliminar
  2. Jaja, siempre hay una primera vez para todo Milio!

    ResponderEliminar