Technologies
Nikto
Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible and is fairly noisy in doing so. However, it is designed to be relatively safe. It will not test for SQL injections, etc., but it will find interesting files/programs on a web server that might lead to further compromise.
Nikto’s main features include:
- Checks for over 6700 potentially dangerous files/programs
- Checks for outdated versions of over 1250 servers
- Checks for version-specific problems on over 270 servers
- Performs server configuration checks, such as the presence of multiple index files and HTTP server options
- Attempts to identify installed web servers and software
Nikto is often used by penetration testers, security professionals, and system administrators to identify and address potential security vulnerabilities in web servers. It can be run from the command line and provides detailed reports of its findings, making it easier for users to understand the security posture of their web servers and take appropriate action to mitigate any identified risks.