We have discussed about Nikto in detail here
“Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.”
List of changes made in Nikto 2.1.1:
- Fixed SKIPPORTS
- Moved User-Agent string to nikto.conf
- Added dynamic variables to User-Agent (Testid, Evasion methods)
- Added support for OSVDB, now the fun bit of filling it in
- Basic syntax checks for all databases
- Added an extra optional element to xml output to contain the SSL date. Need to do similar for html, txt and csv
- Shorts authentication being successful if an error is returned
- Support for short reads in LW2.5
- If -Format is missed guess the format based on file extension in -output. Default is none if -output is omitted.
- Multiple index file enhancements for groups and better unique file identification
- Content in xml report is now wrapped in CDATA
- Mutate now respects db variables
- Fix for response caching
- Spelling disagreements between Brits and Americans
- Added @RFIURL to nikto.conf for a remote file include location, and supporting code.
- Added ~2300 RFI tests from the combined RSnake/OSVDB list
- Removed NMAP and NMAPOPTS from nikto.conf as it is no longer used/supported
- Reporting: simplify xml/html code, fix a bug when a space is in the uri, and load ony needed templates
- Upgrade to LibWhisker 2.5
- Enable 2 new LW evasion tacticts (carriage return or binary value as request spacer)
- Added support to select plugins via -Plugins and -list-plugins option to list current plugins
- Major bug fix for proxy usage
- Don’t report p3p header as unusual
- Various changes to aid future binary db usage for mutates
- Various changes to aid future multi-threading
- Fix for multiple index files
Video tutorial how to use Nikto:
Download Nikto version 2.1.1here
Searches leading to this post:nikto tutorial, nikto 2 example, nikto 2 tutorial
You must log in to post a comment.