|
|
|
@3
|
5 years |
sullo |
perltidy
|
|
|
|
@2
|
5 years |
sullo |
perltidy
|
|
|
|
@1
|
5 years |
sullo |
Initial 2.02 repo creation
|
|
|
|
@879
|
6 months |
sullo |
Add case insensitive check for secure cookie
|
|
|
|
@878
|
6 months |
sullo |
Accidentally removed case insensitivity for httponly
|
|
|
|
@877
|
6 months |
sullo |
Increase version numbers as a result of pushing to the update dir.
|
|
|
|
@876
|
6 months |
sullo |
Fix comment for strict transport security
|
|
|
|
@875
|
6 months |
deity |
Check for Strict-Transport-Security header
|
|
|
|
@874
|
6 months |
sullo |
Add check for /fastenv
|
|
|
|
@873
|
7 months |
deity |
Quick fix to make the check for HttpOnly? case insensitive and stop it …
|
|
|
|
@872
|
7 months |
sullo |
Note the Banner line more clearly so it can be easily parsed out
|
|
|
|
@871
|
7 months |
sullo |
add test for sitecore login
|
|
|
|
@870
|
7 months |
sullo |
print status before pausing
|
|
|
|
@869
|
7 months |
sullo |
Axis java test page
|
|
|
|
@868
|
7 months |
sullo |
fix post vs put
|
|
|
|
@867
|
7 months |
sullo |
Jboss auth bypass check
|
|
|
|
@866
|
7 months |
sullo |
buydomains.com
|
|
|
|
@865
|
8 months |
sullo |
checks for weblogic uddi explorer
|
|
|
|
@864
|
8 months |
deity |
Quick fix for typo in reporting of response from the x-frame-options …
|
|
|
|
@863
|
8 months |
deity |
Some basic tests for the Umbraco CMS
|
|
|
|
@862
|
8 months |
sullo |
Check for phpmyadmin backdoor
|
|
|
|
@861
|
8 months |
sullo |
Correct FSF address
|
|
|
|
@860
|
8 months |
sullo |
Check for forbidden for CGI dirs. Not sure when that went away, but it …
|
|
|
|
@859
|
8 months |
sullo |
Who knows if it's hard to exploit any more?
|
|
|
|
@858
|
8 months |
sullo |
More common headers
|
|
|
|
@857
|
8 months |
sullo |
Update date
|
|
|
|
@856
|
8 months |
sullo |
Minor changes.
Some code to be used in future report writing.
|
|
|
|
@855
|
8 months |
sullo |
Updated test's match with info from Aaron Bishop
|
|
|
|
@854
|
8 months |
sullo |
more strings and strings
|
|
|
|
@853
|
8 months |
sullo |
Disabling check for non-empty OPTIONS request as it FPs a lot for …
|
|
|
|
@852
|
8 months |
sullo |
Cleanup some variable naming for consistency and to avoid future …
|
|
|
|
@851
|
8 months |
sullo |
Fix improper notification that auth succeeded--a response/result var name …
|
|
|
|
@850
|
8 months |
sullo |
Adding back. My bad!
|
|
|
|
@849
|
8 months |
sullo |
Fix validation error with html entity
|
|
|
|
@848
|
8 months |
sullo |
This is not needed
|
|
|
|
@847
|
8 months |
sullo |
Fix some xml errors in the docs.
Add info in -Save and remove info on …
|
|
|
|
@846
|
8 months |
sullo |
Remove include of Data::Dumper
|
|
|
|
@845
|
8 months |
sullo |
Increment version numbers for release.
Tidy some files.
Strip dead code …
|
|
|
|
@844
|
8 months |
sullo |
Document replay.pl under the -Save help text
|
|
|
|
@843
|
8 months |
sullo |
Use LW hashes right and make proxy actually work.
|
|
|
|
@842
|
8 months |
sullo |
Added needed proxy support.
Remove unneeded nikto_core.plugin. …
|
|
|
|
@841
|
8 months |
sullo |
Replay a saved request.
|
|
|
|
@840
|
8 months |
sullo |
More user submitted db_outdated updates
|
|
|
|
@839
|
9 months |
sullo |
Lots of version updates submitted by users.
|
|
|
|
@838
|
9 months |
sullo |
Copy of the -Single code; to be used for replaying saved sessions
|
|
|
|
@837
|
9 months |
sullo |
More MobileAdmin? checks and versions
|
|
|
|
@836
|
9 months |
sullo |
Checks for Ektron CMS vulnerabilities.
|
|
|
|
@835
|
9 months |
sullo |
Tests for RoveIT Mobile Admin installation and available database.
|
|
|
|
@834
|
9 months |
sullo |
New tests
|
|
|
|
@833
|
9 months |
sullo |
Add NSF tests from files found by rcarr
|
|
|
|
@832
|
9 months |
sullo |
Reduce false positives for test 001074. Thanks to Aaron Bishop for …
|
|
|
|
@831
|
9 months |
sullo |
Completely remove (near useless) cache functionality
|
|
|
|
@830
|
9 months |
deity |
D'oh, forgot about 403!
|
|
|
|
@829
|
9 months |
deity |
Fixed pages within robots.txt check as it didn't actually report anything!
|
|
|
|
@828
|
9 months |
deity |
Fixed a case where Nikto would report no Clickjacking headers when no …
|
|
|
|
@827
|
9 months |
sullo |
s/with/without/, thanks Steve Werby for pointing this out
|
|
|
|
@826
|
9 months |
sullo |
Move where the auth display is set to avoid an earlier return bypassing …
|
|
|
|
@825
|
9 months |
sullo |
Ticket 233: Fix bad values in robots.txt from causing crashes
|
|
|
|
@824
|
9 months |
sullo |
Change cache to include full request and response
|
|
|
|
@823
|
9 months |
deity |
Updated so that init always returns a plugin header so that -list-plugins …
|
|
|
|
@822
|
9 months |
deity |
Minimised the chance of multiple cookie issues and added a new check for …
|
|
|
|
@821
|
9 months |
sullo |
Ticket 261: Update CSV report to include banner info and put data into …
|
|
|
|
@820
|
9 months |
deity |
oops; missed a CDATA!
|
|
|
|
@819
|
9 months |
sullo |
And maybe send the right number of arguments to add_vuln
|
|
|
|
@818
|
9 months |
sullo |
Fix some request/response confusion from recent changes
|
|
|
|
@817
|
9 months |
deity |
Another test to identify installed software
|
|
|
|
@816
|
9 months |
sullo |
Fix false pos
|
|
|
|
@815
|
9 months |
sullo |
accidentally checked in updates=auto
|
|
|
|
@814
|
9 months |
sullo |
Including JSON-PP source to not require JSON installation. …
|
|
|
|
@813
|
9 months |
deity |
Added a \n to the end of the response for those times when the web server …
|
|
|
|
@812
|
9 months |
deity |
Fix for #252 by URL encoding stuff rather than using CDATA when it's going …
|
|
|
|
@811
|
9 months |
sullo |
Add test for OTRS installer
|
|
|
|
@810
|
9 months |
sullo |
Add IP to CSV output.
Test changes.
|
|
|
|
@809
|
9 months |
sullo |
Seems ternary oper in perl won't work in a concat string like that. How …
|
|
|
|
@808
|
9 months |
sullo |
Major bug fix with how headers are accessed after returned from nfetch(). …
|
|
|
|
@807
|
9 months |
sullo |
Remove FP prone test
|
|
|
|
@806
|
9 months |
sullo |
Documented -Save mode
|
|
|
|
@805
|
9 months |
sullo |
make uncommon header check work (%request vs %result) and add two bits of …
|
|
|
|
@804
|
9 months |
deity |
Fix to ensure that headers_sent is a hashref, not a scalarref (e.g. "")
|
|
|
|
@803
|
9 months |
deity |
Fix for #258.
Also fixed the check for internal IP addresses in HTTP …
|
|
|
|
@802
|
9 months |
sullo |
Lots of changes for Ticket #1, which also will fix other bugs & problems …
|
|
|
|
@801
|
9 months |
sullo |
Added test
|
|
|
|
@800
|
10 months |
deity |
Added commerce-server-software header
|
|
|
|
@799
|
10 months |
deity |
Removed nikto_crossdomain.plugin as it's been merged with …
|
|
|
|
@798
|
10 months |
deity |
Fixed clashing tid with clientaccesspolicy and crossdomain checks. Also …
|
|
|
|
@797
|
10 months |
deity |
Check for X-Frame-Options added
|
|
|
|
@796
|
10 months |
sullo |
Documenting the -output . auto-generation
|
|
|
|
@795
|
10 months |
sullo |
Fix parsing of hostname/ePO name from McAfee? ePO agent section
|
|
|
|
@794
|
10 months |
sullo |
Updated FSF address, thanks Johannes Weberhofer
|
|
|
|
@793
|
10 months |
sullo |
Ticket 250: Make digininja happy.
|
|
|
|
@792
|
10 months |
sullo |
Add missing items to changes
|
|
|
|
@791
|
10 months |
deity |
Fix for #249. Nikto CSV format doesn't really do commenting properly.
|
|
|
|
@790
|
10 months |
sullo |
Catching up on changes:
- etag moved to postfetch
- removed Single mode
- …
|
|
|
|
@789
|
10 months |
deity |
Fix for #248 (sorry, I blame Sullo).
|
|
|
|
@788
|
10 months |
deity |
Fix for #161
|
|
|
|
@787
|
10 months |
sullo |
Removing
|
|
|
|
@786
|
10 months |
deity |
Commented out test 1251 to work around 243
|
|
|
|
@785
|
10 months |
deity |
Removed the global request and result hashes. Finally fixes #57.
|
|
|
|
@784
|
10 months |
deity |
More getting rid of direct $request hackery. Only nikto.pl to clean up …
|
|
|
|
@783
|
10 months |
deity |
Removal of legacy direct LibWhisker? hacking on the internal IP address …
|
|
|
|
