Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

his release contains a number of important bug fixes, as well as new functionality and improvements, which have been added to the development branch over the last 19 months.

New features:

• Save full response on positive, plaintext & JSON
• -maxtime maximum execution time per host (seconds)
• -until run until specified time or duration
• -IgnoreCode option to allow db_404_strings @CODE from the command line
• Replay saved JSON requests with replay.pl
• Client SSL certificate support
• Output file name now takes '.' which will auto-generate name
• Content parsing to add items to db_variables values for enhanced testing
• robots.txt lines are now added to db_variables values for enhanced testing.

New checks:

• Check for wildcards in crossdomain.xml and clientaccesspolicy.xml
• Find IPs in HTTP headers
• Checked for sites parked at hosting providers or advertising pages
• Parsed robots.txt now checks for listed files (for content search, etc.)
• nikto_favicon.plugin checks for icons in tags.

Enhancements:

• Fix bugs/minor enhancements in: XML reports, robots.txt parsing, wildcard certificate matching, banner parsing, tons more!
• Default to use Net::SSL instead of Net::SSLeay as a result of too many memory issues in SSLeay
• CSV reports include the same info as other reports
• HTML reports include more meta information.