In the field of web application security there are so many tools available to measure the security of a web application, these tools available for different operating system and can use to find out the bug on a web application. In the era of these tools we have nikto also.
Nikto is not a new tool, it is used by a large community to find the vulnerability on a web application.
- Nikto is open source
- It can check a web server for over 6400 potentially dangerous files/CGIs.
- It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers
- It checks the plug in and misconfiguration files.
- It find out the default files and programs
- It find out the insecure files and programs
- Full HTTP proxy support
- Apache user name enumeration
- Logging to metasploit
- Secure Socket Layer support (SSL)
- Subdomain brute forcing (guessing)
- Easy to update
- Save report on multiple format
- A operating system that has perl install in it
- OpenSSL: http://www.openssl.org/
- ActiveState Perl: http://www.activestate.com/
- The basic scan requires a host to scan, you can use a IP of the server of just host name.
$ perl nikto.pl -h [target host]
- For help
$ perl nikto.pl -H
- If you want to check different port than use
$ perl nikto.pl -h [target host] -p [port number]
- If you want this test via proxy than you can use by this command
$ perl nikto.pl -h [target host] -useproxy http://localhost:8080/
- Now for updating nikto use