changes.txt

来自「Ubuntu packages of security software。 相」· 文本 代码 · 共 410 行 · 第 1/2 页

07.26.2005
	nikto-core.plugin 
		- Output a warning for HTML output as a result of OSVDB-17886.
		
05.27.2005
    nikto_core.plugin 1.31
		- Set the $CONFIG{MAX_WARN} bit to use the variable on the error instead of a fixed num, thanks to Nicolas Gregoire for pointing this out.

05.20.2005
	Database Updates
		- Multiple msgs updates from david.maciejak@kyxar.fr
		- Multiple test updates from burak.dayioglu@pro-g.com.tr
    nikto_core.plugin 1.31
        - Bugfix: fingerprint was not including leading /. Thanks Axel Meerschaert for the report.
        - Bugfix: NMAPOPTS was not being used, thanks to David Rhoades for patching.
        - Added additional content checking to reduce false positives, thanks to Pavel Kankovsky
    nikto.pl 1.14
        - Added -config option to specify a config file, thanks to Pavel Kankovsky

09.09.2004
	nikto_core.plugin 1.29
        - Bugfix: moved processing of -root items into fetch() to catch *all* cases, from Erik Cabetas
        - Bugfix: fixed namespace issues with %FILES which could cause havoc in mutate mode, from Erik Cabetas
        - Bugfix: Fixed reverse DNS lookup--noted by Eduardo Cruz.
        - Add some normalizations to the -root option variable, suggested by Erik Cabetas        
        
	nikto_mutate.plugin 1.07
		- Bugfix: removed usage of -root items in favor of placement in fetch()

	nikto_outdated.plugin	1.13
	    - Bugfix: fixed regex issue on banner. thanks Alexander Ehlert for pointing it out

	nikto_realms.plugin	1.02
        - Bugifx: fixed some realms not being tested due to hash collisions

07.24.2004
	nikto_core.plugin	1.28
		- Fix a namspace violation which could allow nikto's path to be sent during certain mutation combinations. Found by Erik Cabetas.
		- Add some normalizations to the -root option variable, suggested by Erik Cabetas

06.07.2004 
	nikto_core.plugin	1.27
		- Mis-pasted line, pointed to by Erik Cabetas
		

06.03.2004 
	nikto_core.plugin	1.26
		- Added error if -F specified without -o, from Erik Cabetas
		- Bugfix: server category match no longer matches partial strings, from Erik Cabetas

06.02.2004 
	nikto_core.plugin	1.25
		- Cleaned up comment/line parsing routines in multiple places, from Erik Cabetas
		- Tightened some for loops with real values instead of guessing, from from Erik Cabetas
		- Removed duplicate bit of code, from Erik Cabetas
		- Addded error message if no host is specified, from Erik Cabetas
		- Added more robust output file type checking (txt/htm/cvs), from Erik Cabetas
		- Added more debug statements regarding which CGI directories will be scanned, from Erik Cabatas
		
12.17.2003 
	nikto_core.plugin	1.20
       - Fixed BID links, thanks Richard Tortorella for the report.

10.27.2003 Nikto 1.32 release
	nikto_core.plugin	1.19
       - Removed unecessary 'use IO::Socket' call from resolve()
       - Removed unecessary counters
       - Replaced some slow foreach counters
       - Moved proxy_check earlier, before port_scan, so it will be set first
       - Removed -allcgi option in favor of -CGIdir, which can specify to test 'all', 'none' or a specific directory.
       - Bugfix: testing through proxy by making sure host name is set instead of ip, thanks to Fabrice Annic for the catch
       - Bugfix: a regex/logic/if error in test_target, thanks Pavel Kankovsky for the bug report. 401/302 messages will now report regardless of test/pass fail.
       - Bugfix: -dbcheck now identifies duplicates without relying on message text, thanks Jericho / Attrition.org for pointing this out
       
	nikto.pl	1.12
       - Rearranged order of get_banner & setup so that it would be called right

	nikto_headers.plugin	1.08
       - Added DAAP header check

10.02.2003
	nikto_core.plugin	1.18
       - Fixed get_banner to properly handle multi host/port scans

10.01.2003
	nikto_outdated.plugin	1.12
       - Fixed improper matching in version evals, reported by Paul Bakker

09.30.2003
	nikto_core.plugin	1.17
       - Reordered loop code to make -f scans faster.
       - Added a skip for "(Win32)" in the version updates back to cirt.net

	nikto_outdated.plugin	1.11
       - Stripping () from version strings

09.24.2003  Nikto 1.31 release
	nikto_core.plugin	1.16
       - Fixed a bug in resolve() that may prevent name lookups when host files used
       - Fixed a bug in resolve() where scan would exit if 1 name resolution from host file failed
       - Changed set_targets so that if the -h value exists as a file it reads that instead of resolving it as a name. This eliminates need for .csv or .txt file name endings.
       - Added auto or semi-auto update of version strings to CIRT.net. This is done through a simple GET request. Controlled via config.txt's UPDATES variable.
         *ABSOLUTELY NO* server info is sent... only versions from HTTP headers, i.e. "Apache/4.0". Thanks to Jericho for feedback/ideas.
       - Added a host counter output at end & for every 10 hosts
       - Set CHANGES.txt download only on *code* updates, not DBs
       - Added MAX_WARN to config.txt for warning level on OK/Moved messages, thanks Jericho for the suggestion.
       - Added PROMPTS to config.txt to allow user control of prompting--good for unattended scans
       - Added a regex test to dbcheck() better catch errors in server_msgs.db
       - Thanks again to Jericho for many updated tests/information.
       - Cleaned up port scan code
       - Fixed/improved scanning through proxies

	nikto_outdated.plugin	1.09
       - Added support for sending updates of version strings to CIRT.net. See nikto_core.plugin version 1.15 notes.

    LW.pm - 1.8
       - Updated to LW.pm v1.8, see the change log included with it (www.wiretrip.net/rfp/).
       
    nikto.pl - 1.10
       - Implemented versioning on nikto.pl (!), many changes to support core 1.15
       - Put 'require LW.pm' down *after* we know where it is.. duh. Thanks J Barber (ussysadmin.com) for the suggestion. Also changed it 'require' vs 'use' so in the future I can update it, if necessary.
       - Hosts are now tested in the same order as the appear in an input file
       

08.18.2003
	nikto_outdated.plugin	1.08
	    -  Fixed nasty regex bug in the version eval, and made more efficient. Pointed out by fr0stman, thx Zeno for assistance
           
07.22.2003
	nikto_headers.plugin	1.07
       - Added Host header back after delete in IIS Content-Location check. Thanks to Abdi Ponce for the bug report & debug.

	nikto_httpoptions.plugin	1.04
       - Changed PROPPATCH, TRACK, TRACE messages. Changed PROPFIND message, thanks to Jericho for tracking down some good info on it.  Added SEARCH message.
       
	nikto_core.plugin	1.14
       - Added <title> tags to the HTML output for browser-neatness
       - Removed a stray debug print
       
07.03.2003
       - Thanks to Jeremy Bae for many Jeus Webserver tests.

06.29.2003
	nikto_core.plugin	1.13
       - changed some &function calls to function() to keep $_ from being passed down another level..  thanks to zeno for the heads-up.
       
	nikto_headers.plugin	1.05
       - fixed the IIS4 content-location check as it had a tendency to fail miserably...

06.29.2003
	nikto_core.plugin	1.12
       - changed output of dump_request to be more like normal request text

06.29.2003
	nikto_core.plugin	1.11
       - bug fix for scanning through proxies

06.19.2003
	nikto_core.plugin	1.10
       - added 'csv' to file formats in -help output (doh!)
       - minor speedups

06.17.2003
	nikto_user_enum_apache.plugin	1.02
       - Bugfix: some user names not tested (zz, zzz, etc.)
       - Major rewrite for speed improvements

	nikto_user_enum_cgiwrap.plugin	1.01
       - Bugfix: some user names not tested (zz, zzz, etc.)
       - Major rewrite for speed improvements

06.16.2003
	nikto_core.plugin	1.09
       - dbcheck option enhanced: check that all plugins are in the order file
       - dbcheck option enhanced: check that all plugins have properly named sub calls
       - update option enhanced: retrieves updated CHANGES.txt file with code updates
       - Bugfix: resolve() did not properly catch invalid IP addresses. Reported by Rick Tortorella.

06.12.2003
	nikto_core.plugin	1.08
       - Removed iprint() entirely (finally)
       - Made "Needs Auth" links active in HTML output
       
05.30.2003
	nikto_core.plugin	1.07
       - Bugfix: 

05.30.2003
	nikto_core.plugin	1.06
       - Added number of elapsed seconds to final host/port output
       - Bugfix: Changed CAN/CVE link to point to cve.mitre.org instead of ICAT
       - Bugfix: Duplicate port 80 in nmap options if -p not specified but 80 specified in hosts file

05.28.2003
	nikto_core.plugin	1.05
       - Bugfix: -update code prevented automatic updates. Found & fixed by Keith Young. Also reported by Paul Worshaw.
  
05.27.2003
	Nikto 1.30 release
    General changes
        - removed nikto_google.plugin entirely (may add better plugin later)
        - major "under the hood" changes to make things easier to maintain, read & modify
        - killed as many global vars as I could stand in favor of a few global hashes (CLI input, etc.)
        - added $CURRENT_HOST_ID and $CURRENT_PORT as globals--these are the pointers to "where you are" (mostly as in $TARGETS)
        - added the ability to have basic conditional items for tests, i.e. "200!index" to designate a response of "200" but the