this is a very good decision, because like you brought up, there are very good reasons to use msf as well
and I look forward for the next release update to see how smoothley it integrates.

Let’s see how long it takes that msf/Rapid7 will spawn hist first commercial edition and to integrate all
non-sense exploits as many other competitors

/brtw2003

@anton – This is definitely something we are looking at for 2010, although at this time I have no specifics on our plans in this area that I can offer.

@Michael – This may be relating to things we are looking at for 2010. I would like to understand your comment and use further. Could you contact me at fred.pinkett (at) coresecurity dot com?

Thanks for your comment! I’m not sure if you meant me personally or Core. I can’t comment on whether or not Core will contribute to the Nikto database (mostly because I don’t know), so I’ll answer your question assuming that you meant me personally.

In short, I don’t plan on working to expand the Nikto database. While Nikto’s known vulnerability database is useful, I think that when you’re talking about testing web applications, you are most likely to encounter custom web applications, for which signatures of known vulnerabilities don’t help. If you have a tool which attempts to discover previously unknown vulnerabilities in web applications, it will work against commercially packaged applications (popular and otherwise) as well as custom applications. Where I think Nikto REALLY shines is in its ability to find unlinked pages and backup files in a website, which does not require much in the way of maintenance on signature files.

That said, I DO hold a very strong belief that information security professionals of any sort need to contribute to the community and I’m constantly working on doing that in a number of different ways. Most recently, I’ve been doing some security research which has turned up a number of new vulnerabilities (and which I’m sure relates to undiscovered vulnerabilities in products I’ve never even heard of). I plan to release this research to the public so that everyone can benefit from it and perhaps use my research in ways I haven’t thought of. I think I can benefit the security community as a whole more significantly this way.

I hope I’ve adequately answered your question!

–
Dan Crowley

Nikto has a very nice engine and, actually, it is my favorite tool too. However, the signatures are not really updated and the coverage is just not perfect…Any comments about it?

-Luca

So, I decided to try it out on my MacBook Pro (sold to me in November of 2007).
To my non-surprise, I found it impossible to use either Intego Internet Security Barrier, nor Little Snitch anti-spyware, to block the traffic going to this website.

I had to go into the routing-table in “Terminal” (i. e. Unix) to re-direct traffic to this website to 0.0.0.0 .

Do you think that this site is receiving messages on the normal browser ports — if so, are people’s cookies possibly being passed to this site ?

This post was mentioned on Twitter by mosesrenegade: something funny about seeing the metasploit logo on the core web site: http://bit.ly/3hLROZ (interesting pov) (via @hdmoore)…

FreeCAP is for proxying applications that don’t have native proxy support. It was mentioned in case you wanted to use it for other applications that don’t have native proxy support – you could follow the same procedure but add the proxy settings to FreeCAP instead. I see it sounds out of context in the text – sorry to confuse you – you don’t need it for proxying Core.

Steve