Tutorial – Reveal The Holes In Your Webserver: Nikto 1.35
Revealing The Holes In Your Webserver With Nikto v1.35
[url=http://www.cirt.net/code/nikto.shtml]Nikto[/url] is an advanced web vulnerability scanner, which can help you expose the potential holes in your webserver (and thus allow you to fix them before malicious users attempt to exploit them). It is written in [url=http://perl.com]Perl[/url] and uses the [url=http://sourceforge.net/projects/whisker/]LibWhisker[/url] library, which means that it can be expanded upon fairly easily (it also means that it depends on Perl and the LibWhisker library!)
What does Nikto do, exactly? Well, not only does it search for [i]potentially[/i] vulnerable files, but also for directories which may contain “interesting” information, and a myriad of other things. It supports proxies, SSL, character encoding, portscanning (it can use nmap if you have it installed), and much more. That is not all – it gives a lot of detail on each ‘hole,’ its output format is perfect (and, even then, it allows you to save the output as txt, CSV or HTML), and it is very easy to use. All in all, it is an excellent tool to test your webserver and help you spot and fix any holes – and that is why I have written this tutorial, to help you get as much as you can out of it in the shortest amount of time.
for the full tutorial go here