Scan Your Web Server for Vulnerabilities With Nikto WebServer Scanner

Written By Sam on 26 December 2009

Nikto is a very useful Web server scanner that can be used to test your Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks and it also captures and prints any cookies received. Nikto uses Whisker/libwhisker for much of its underlying functionality which can run on any platform with Perl installed.

Nikto web server scanner performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Features of Nikto Web Server Scanner

  • Allows fingerprinting web servers via favicon.ico files
  • Supports 404 checking for each file type
  • Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
  • Scan tuning to include or exclude entire classes of vulnerability checks
  • Uses LibWhisker 2, which has its own long list of enhancements
  • A “single” scan mode that allows you to craft an HTTP request by hand
  • Authorization guessing handles any directory, not just the root directory
  • Reports can be generated in HTML, XML, CSV and TXT formats.

You can install Nikto by typing “sudo apt-get install nikto” at the command prompt.

2 Responses to “Scan Your Web Server for Vulnerabilities With Nikto WebServer Scanner”

  1. Hello

    I would like to suggest another free alternatives to nikto. It is called ZeroDayScan. It is a free web security scanning service. You just need to provide site name and wait for a report.

    Best regards,
    ZeroDayScan team

  2. Nikto is an excellent piece of software. I would also recommend checking out the Golem Technologies website security scanner which is easier to use and even incorporates some aspects of the Nikto scan.

Leave your response!