Section: .. / UNIX / cgi-scanners /
| /// File Name: |
nikto-2.01.tar.gz |
Description:
|
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Multiple enhancements. | | File Size: | 233930 | | Last Modified: | Dec 14 13:00:16 2007 |
| MD5 Checksum: | 8af0dca235bbca9bf86b7017229a825f |
|
| /// File Name: |
nikto-2.00.tar.gz |
Description:
|
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Version 2 adds many enhancements to reduce false positives, server fingerprinting, scan tuning, HTML report templates, optimizations and more. | | File Size: | 232564 | | Last Modified: | Nov 12 23:12:52 2007 |
| MD5 Checksum: | 64814606e342d3988093c7b8af9779c4 |
|
| /// File Name: |
nikto-1.36.tar.bz2 |
Description:
|
Nikto is a perl open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2400 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Nikto 1.36 has been released. This version adds a new option for setting a 404 string from the command line, a new plugin to test PUT/DELETE methods, new header checks and obligatory bug fixes. | | File Size: | 174696 | | Last Modified: | Feb 14 15:47:49 2007 |
| MD5 Checksum: | 3baff72d534228575556e8cf5d34e49c |
|
| /// File Name: |
nestea.tgz |
Description:
|
Nestea is a CGI scanner that also looks for forbidden files and directories. It has a database of 2097 vulnerabilities and it takes about 10 minutes to completely scan a host.
| | Author: | Slick | | File Size: | 22929 | | Last Modified: | Nov 20 15:53:01 2005 |
| MD5 Checksum: | 46f15302a0a1fefcedea90065c36b59a |
|
| /// File Name: |
nikto-1.35.tar.gz |
Description:
|
Nikto is a perl open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2400 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Has patches from Pavel Kankovsky to support multiple config files and to reduce false positives. Also includes updated databases and several bug fixes. | | File Size: | 190033 | | Last Modified: | May 30 17:40:45 2005 |
| MD5 Checksum: | 908f6b5c670434324633db48bd4537cd |
|
| /// File Name: |
hsh-gen.tar.gz |
Description:
|
hsh-gen is a script used to create shell wrappers to assist in exploitation of remote execution via directory traversal attacks on cgi scripts.
| | Author: | nummish | | Homepage: | http://www.0x90.org | | File Size: | 4259 | | Last Modified: | Jul 16 13:12:00 2004 |
| MD5 Checksum: | 32d966d86a9386fbf00c78e70f9a165a |
|
| /// File Name: |
x1bpackV1.tar.gz |
Description:
|
The x1b pack is a series of scripts written by the author as an exercise into socket programming with perl. Included are a port scanner with banner grabbing capabilities, a DNS service enumeration script with zonetransfer, some brute forcing utilities, a CGI web scanner, and a couple of other utilities.
| | Author: | Lawrence Lavigne | | File Size: | 6439775 | | Last Modified: | Jun 7 17:02:08 2004 |
| MD5 Checksum: | a4f30b7624eda9bcedf87bc0ca6758fe |
|
| /// File Name: |
nikto-1.31.tar.gz |
Description:
|
Nikto 1.31 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | LibWhisker 1.8, additional configuration options, enhanced multiple-host scanning, and multiple bug fixes and more. | | File Size: | 166796 | | Last Modified: | Sep 29 16:34:42 2003 |
| MD5 Checksum: | cb6719d7e0fd4659cb826f821f01cd64 |
|
| /// File Name: |
nikto-1.30.tar.gz |
Description:
|
Nikto 1.30 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Now has multiple host/port scanning, username guessing via cgiwrap, NTLM auth support, CSV output format & more. | | File Size: | 137459 | | Last Modified: | May 28 04:37:12 2003 |
| MD5 Checksum: | fdc8fb9aa86e090ee104903d3b2e0a28 |
|
| /// File Name: |
nikto-1.23.tar.gz |
Description:
|
Nikto 1.23 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) over 2000 remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | Changes: | Now has Apache username guessing, static auth cookies, static base directories, proxy id/password prompting and bug fixes. | | File Size: | 123976 | | Last Modified: | Jan 5 03:06:01 2003 |
| MD5 Checksum: | 59b561c2e086167c4469bd21e3e44bff |
|
| /// File Name: |
wmap1.3.tar.gz |
Description:
|
Wmap v1.3 is a cgi scanner that attempts to be smarter than most. To increase the chance of finding useful stuff, wmap has a file containing interesting Directories (dirs.db) and other file containing common cgi dirs (dircgis.db) to search for. If a directory is found is added to the test. This include all the directories that are found in the html tags. For each directory found, not only scans for vulnerable CGI's (cgis.db) it scan for interesting files (ex. passwords.tmp) included in the file (file.db) and does an http PUT scan.
| | Author: | ET | | Homepage: | http://pwp.007mundo.com/etorres1 | | Changes: | Many bug fixes. | | File Size: | 31702 | | Last Modified: | Dec 28 22:20:59 2002 |
| MD5 Checksum: | c6ea4d3cb5c9499182cb736b26942b2c |
|
| /// File Name: |
cst1_4.tar.gz |
Description:
|
CST is a java based web scanner that scans using a database of scripts (user editable). The sample databases included contains +1600 possibly vulnerable scripts/dirs. You can scan with or without a proxy server. The scanner has 11 different Anti-IDS tactics and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a wait time between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. A full and comprehensive manual is included.
| | Author: | Toxic Ocean | | Homepage: | http://www.blackhat.be | | File Size: | 30076 | | Last Modified: | Dec 28 20:19:01 2002 |
| MD5 Checksum: | dd65552d1d225d11a0cddb0db3755a27 |
|
| /// File Name: |
libwhisker-1.6.tar.gz |
Description:
|
Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing. Function reference available here. Changelog available here.
| | Author: | RFP | | Homepage: | http://www.wiretrip.net | | Changes: | Major fixes - All users should upgrade. | | File Size: | 78668 | | Last Modified: | Dec 6 05:34:26 2002 |
| MD5 Checksum: | 06ac9f0f28d5269c893937e03d342c64 |
|
| /// File Name: |
whisker-2.1.tar.gz |
Description:
|
Whisker is a high quality URL scanner which is used to search for known vulnerable CGIs on websites. Whisker does this by both scanning the the CGIs directly as well as crawling the website in order to determine what CGIs are already currently in use. Whisker is scriptable and is easily tailored to do lots of flexible web scanning. Very stealthy. Implemented anti-IDS techniques. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host, Proxy, and SSL support.
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | Changes: | Tons of changes - so many it's not worth individually documenting. Added the newbie.help guided configuration walkthrough. Fixed bugs. | | File Size: | 62861 | | Last Modified: | Dec 6 05:23:17 2002 |
| MD5 Checksum: | cb51d20dad52350c93845fdc6829d577 |
|
| /// File Name: |
iss.c |
Description:
|
This tool can be used to scan IIS servers for the unicode directory traversal vulnerability.
| | Author: | Rammstein | | File Size: | 7329 | | Last Modified: | Sep 25 17:40:51 2002 |
| MD5 Checksum: | 9992afec563d973be3af36bcfa97c9f1 |
|
| /// File Name: |
cuinapache.c |
Description:
|
ChecaUserinApache - A utility that makes use of the 401 error page in Apache to verify whether or not a user exists on that system.
| | Author: | m4rc3l0 | | File Size: | 2556 | | Last Modified: | Sep 10 00:35:06 2002 |
| MD5 Checksum: | 241c60d5e695ce71f4548828fc12ccdd |
|
| /// File Name: |
IISscan2002.pl |
Description:
|
IISscan2002.pl scans for over 97 IIS strings and gets past certain IIS 4 an IIS 5 unicode charter set hot fixes as well as the ability to get cmd.exe access on open IIS servers vulnerable to the unicode flaw.
| | Author: | Thomas O'Connor | | Homepage: | http://www.thomasoconnor.net | | File Size: | 14211 | | Last Modified: | Sep 5 02:25:03 2002 |
| MD5 Checksum: | 8e660cf2c10b6fc3f34c06024fbd8443 |
|
| /// File Name: |
arirang-1.6.tar.gz |
Description:
|
Arirang is a powerful webserver security scanner with many features. Checks over 700 vulnerabilities including the apache chunking bug, IIS .ida buffer overflow, and more. Documentation available here. This is the FreeBSD, OpenBSD, and NetBSD version. Linux and Solaris version available here.
| | Author: | Pilot | | Homepage: | http://www.monkey.org/~pilot/arirang | | File Size: | 54170 | | Last Modified: | Sep 5 01:16:35 2002 |
| MD5 Checksum: | 286cff103eef8a264fefb481230fd9cf |
|
| /// File Name: |
cgivti2.V2.pl |
Description:
|
Cgivti2.V2.pl uses a webserver host list provided by the user to scan for cgi, vti, msadc and several other vulnerabilities. Like cgivti.V2.pl, this script is easily configured to include other vulnerabilities.
| | Author: | Lawrence Lavigne | | Homepage: | http://neoerudition.net | | File Size: | 3035 | | Last Modified: | Aug 30 00:56:54 2002 |
| MD5 Checksum: | f743fb6b423ff1082ef30ebbdbd6c7ad |
|
| /// File Name: |
cgivti.V2.pl |
Description:
|
This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services. Version 2 allows for Class C IP generation done "On The Fly" and a timeout scheme added thanks to MaB of Efnets #programmers.
| | Author: | Lawrence Lavigne | | Homepage: | http://neoerudition.net | | File Size: | 2058 | | Last Modified: | Aug 29 02:36:18 2002 |
| MD5 Checksum: | 23a078671cbcdad1c38669a40867f812 |
|
| /// File Name: |
nikto-1.20.tar.gz |
Description:
|
Nikto 1.20 is a PERL, open source web server scanner which supports SSL. Nikto checks for (and if possible attempts to exploit) remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site. New this version: password file guessing, Google file-hunting, SSL details and bug fixes.
| | Author: | Sullo | | Homepage: | http://www.cirt.net/code/nikto.shtml | | File Size: | 107361 | | Last Modified: | Aug 11 19:18:35 2002 |
| MD5 Checksum: | e437a187ba945390d38dee5a70350623 |
|
| /// File Name: |
cgivti.pl |
Description:
|
This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services.
| | Author: | Lawrence Lavigne | | Homepage: | http://neoerudition.net | | File Size: | 10333 | | Last Modified: | Aug 9 01:47:23 2002 |
| MD5 Checksum: | 4b4ba0f298dbced006bf1f5245830a0e |
|
| /// File Name: |
Webr00t.pl |
Description:
|
Webr00t.pl is used to discover hidden directories and 'interesting' files on webservers. Use it when pentesting applications and servers to find that one directory or script left by mistake.
| | Author: | B-root | | File Size: | 10535 | | Last Modified: | Apr 9 00:46:54 2002 |
| MD5 Checksum: | 7d5ede423488f8c303c751ca8974ca9f |
|
| /// File Name: |
libwhisker-1.3.tar.gz |
Description:
|
Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing.
| | Author: | RFP | | Homepage: | http://www.wiretrip.net/rfp/p/doc.asp/i7/d21.htm | | File Size: | 62681 | | Last Modified: | Mar 31 01:25:32 2002 |
| MD5 Checksum: | 321791a97018d7ea19009201f1d6f59c |
|
| /// File Name: |
wmap1.2.tar.gz |
Description:
|
Wmap v1.2 is a cgi scanner that attempts to be smarter than most. To increase the chance of finding useful stuff, wmap has a file containing interesting Directories (dirs.db) and other file containing common cgi dirs (dircgis.db) to search for. If a directory is found is added to the test. This include all the directories that are found in the html tags. For each directory found, not only scans for vulnerable CGI's (cgis.db) it scan for interesting files (ex. passwords.tmp) included in the file (file.db) and does an http PUT scan.
| | Author: | ET | | Homepage: | http://pwp.007mundo.com/etorres1 | | File Size: | 17151 | | Last Modified: | Feb 19 01:26:34 2002 |
| MD5 Checksum: | db909b7bb866f015d9152671a46a299f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
