Nikto Version 2.00 released
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired
Nikto version 2 contains many enhancements over the first version. Some of the major new features include:
- Fingerprinting web servers via favicon.ico files
- 404 checking for each file type
- Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
- Scan tuning to include or exclude entire classes of vulnerability checks
- Expanded scan database can have multiple positive or negative triggers, to allow AND/OR/NOT for flexible checks
- Uses LibWhisker 2, which has its own long list of enhancements
- A "single" scan mode that allows you to craft an HTTP request by hand
- Updated and greatly enhanced documentation
- Authorization guessing handles any directory, not just the root directory
- New HTML report
- Basic template engine so that HTML reports can be easily customized
- An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
- ... and countless tweaks/bugfixes/optimizations ..
Post scriptum
Compliance Mandates
|