Re: Nikto/Wikto scripts?

[security curmudgeon <jericho () attrition org>]

: I was wondering if anyone has created/used any type of script (or better 
: program)for nikto or wikto.  The problem as many have with nikto is all 
: of its false positives.  Is there any way to automatically validate its 
: findings or some other tool that performs the same tests and gets better 
: more accurate results.  It is very time consuming trying to validate 20+ 
: different hosts, when most of them spit back false positives.

Nikto 2 (currently beta) has a much better engine and set of rules that 
help detect the web servers giving odd replies, leading to the false 
positives. Initial testing shows a huge improvement for this. Hopefully 
Sullo can find some more time soon to get it released. I'd also encourage 
people to help contribute signatures to make it even more thorough =)

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------