 |
| Web Penetration Testing using Nikto |
Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.
Examine a web server to find potential problems and security vulnerabilities, including:
Server and software misconfigurations
Default files and programs
Insecure files and programs
Outdated servers and programs
Nikto is built on LibWhisker (by RFP) and can run on any platform which has a PERL environment. It supports SSL, proxies, host authentication, IDS evasion and more. It can be updated automatically from the command-line, and supports the optional submission of updated version data back to the maintainers.
The name “Nikto” is taken from the movie “The Day the Earth Stood Still”, and of course subsequent abuse by Bruce Campbell in “Army of Darkness”. More information on the pop-culture popularity of Nikto can be found at http://www.blather.net/blather/2005/10/klaatu_barada_nikto_the_day_th.html
No comments:
Post a Comment