Nikto is an Open Source web server scanner that conducts comprehensive tests to identify multiple items on web servers.
The scan items and plugins are frequently updated, ensuring that users can stay abreast of any new security issues. The software is designed to be user-friendly and allows for automatic updates if necessary.
Nikto is not known as an overly stealthy tool. It is built to test a web server in the shortest time possible and is quite obvious in log files. However, Nikto supports LibWhisker's anti-IDS methods in case a user wants to try them out.
While most checks in Nikto are security problems, some items are marked as "info-only" type checks that target areas where there might not be a security flaw. However, webmasters or security engineers may not know that these items are present on the server, and Nikto helps identify them.
Some of the key features of Nikto include the use of rfp's LibWhisker as a base for all network functionality. Nikto's main scan database is in CSV format for easy updates. It also determines "OK" vs "NOT FOUND" responses for each server if possible, and CGI directories are determined for each server if possible.
Nikto also offers SSL support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL), output to file in plain text, HTML, or CSV, and generic and "server type" specific checks. It also features Plugin support, standard PERL, checks for outdated server software, and proxy support (with authentication).
Other key features of Nikto include multiple IDS evasion techniques, users adding a custom scan database, support for automatic code/check updates (with web access), and multiple host/port scanning (scan list files). The software also offers a username guessing plugin via the cgiwrap program and Apache ~user methods.
What's new in this release is that Nikto has added an -config option to specify a config file (from Pavel Kankovsky), enhanced content checking to reduce false positives (from Pavel Kankovsky), and more explicit licensing to code/databases. Overall, Nikto is a tool that every webmaster or security professional should have in their arsenal.
Version 1.35: N/A