Security Dashboard
Nikto Version 2.00 released
Wednesday 14 November 2007
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desiredNikto version 2 contains many enhancements over the first version. Some of the major new features include:
Fingerprinting web servers via favicon.ico files
404 checking for each file type
Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
Scan tuning to include or exclude entire classes of vulnerability checks
Expanded scan database can have multiple positive or negative triggers, to allow AND/OR/NOT for flexible checks
Uses LibWhisker 2, which has its own long list of enhancements
A "single" scan mode that allows you to craft an HTTP request by hand
Updated and greatly enhanced documentation
Authorization guessing handles any directory, not just the root directory
New HTML report
Basic template engine so that HTML reports can be easily customized
An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
... and countless tweaks/bugfixes/optimizations ..
POSTSCRIPTUM
RELATED ARTICLES
Application Scanner, Nikto, Recon and Scanning, Vulnerability Scanner, 1 September 2008 : Nikto updated to v2.035 February 2008 : MacNikto v1.01 boosting OSX with Nikto capabilities13 January 2008 : Nikto v2.02 released11 December 2007 : Nikto v2.01 released14 November 2007 : Nikto Version 2.00 released
