20 lines
1.2 KiB
Plaintext
20 lines
1.2 KiB
Plaintext
Nikto is an Open Source (GPL) web server scanner which performs comprehensive
|
|
tests against web servers for multiple items, including over 6700 potentially
|
|
dangerous files/programs, checks for outdated versions of over 1250 servers,
|
|
and version specific problems on over 270 servers. It also checks for server
|
|
configuration items such as the presence of multiple index files, HTTP server
|
|
options, and will attempt to identify installed web servers and software. Scan
|
|
items and plugins are frequently updated and can be automatically updated.
|
|
|
|
Nikto is not designed as a stealthy tool. It will test a web server in the
|
|
quickest time possible, and is obvious in log files or to an IPS/IDS. However,
|
|
there is support for LibWhisker's anti-IDS methods in case you want to give it
|
|
a try (or test your IDS system).
|
|
|
|
Not every check is a security problem, though most are. There are some items
|
|
that are "info only" type checks that look for things that may not have a
|
|
security flaw, but the webmaster or security engineer may not know are present
|
|
on the server. These items are usually marked appropriately in the information
|
|
printed. There are also some checks for unknown items which have been seen
|
|
scanned for in log files.
|