Nikto - Open Source Web Server Scanner
Tuesday, November 27, 2012
0
comments
Nikto is a popular open source web server scanner. This tool is used to find vulnerabilities on web servers. It comes with more than 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers. It also checks for misconfigurations and other server related issues.These are the main features of Nikto
- SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's
- Perl/NetSSL)
- Full HTTP proxy support
- Checks for outdated server components
- Save reports in plain text, XML, HTML, NBE or CSV
- Template engine to easily customize reports
- Scan multiple ports on a server, or multiple servers via input file (including nmap output)
- LibWhisker's IDS encoding techniques
- Easily updated via command line
- Identifies installed software via headers, favicons and files
- Host authentication with Basic and NTLM
- Subdomain guessing
- Apache and cgiwrap username enumeration
- Mutation techniques to "fish" for content on web servers
- Scan tuning to include or exclude entire classes of vulnerability
- checks
- Guess credentials for authorization realms (including many default id/pw combos)
- Authorization guessing handles any directory, not just the root
- directory
- Enhanced false positive reduction via multiple methods: headers,
- page content, and content hashing
- Reports "unusual" headers seen
- Interactive status, pause and changes to verbosity settings
- Save full request/response for positive tests
- Replay saved positive requests
- Maximum execution time per target
- Auto-pause at a specified time
- Checks for common "parking" sites
- Logging to Metasploit
- Thorough documentation
Download / Home Page
Categories:
Web Scanners
0 comments:
Post a Comment