Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.
Nikto is PERL software designed to find many types of web server problems, including:
Server and software misconfigurations
Default files and programs
Insecure files and programs
Outdated servers and programs
Nikto is built on LibWhisker and can run any platform which has a PERL runtime, and supports SSL, proxies, host authentication, IDS evasion and more. It can be updated automatically from the command-line, and supports the optional submission of updated version data back to the maintainers.
Features
Uses rfp's LibWhisker as a base for all network funtionality
Main scan database in CSV format for easy updates
Fingerprint servers via Favicon.ico files
Determines "OK" vs "NOT FOUND" responses for file type, if possible
Determines CGI directories for each server, if possible
Switch HTTP versions as needed so that the server understands requests properly
SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL)
Output to file in plain text, HTML or CSV
Plugin support (standard PERL)
Checks for outdated server software
Proxy support (with authentication)
Host authentication (Basic)
Watches for "bogus" OK responses
Attempts to perform educated guesses for Authentication Realms
Captures/prints any Cookies received
Mutate mode to "go fishing" on web servers for odd items
Builds Mutate checks based on robots.txt entries (if present)
Scan multiple ports on a target to find web servers (can integrate Nmap for speed, if available)
Multiple IDS evasion techniques
Users can add a custom scan database
Supports automatic code/check updates (with web access)
Multiple host/port scanning (scan list files)
Username guessing plugin via the cgiwrap program and Apache ~user methods.
