Websites are a critical part of almost every business or organization in the world. From your nearby florist to global brands, almost everyone uses a website as part of their branding.

Unfortunately, websites are also one of the most unsecured gateways through which an attacker can exploit your company.

Since most websites are not backed by strong technical teams, it is important to understand website and web application security to protect your organization.

Introducing Nikto

Nikto is an open source web server and web application scanner. Nikto can perform comprehensive tests against web servers for multiple security threats, including over 6700 potentially dangerous files/programs. Nikto can also perform checks for outdated web servers software, and version-specific problems.

Nikto was written and maintained by Sullo, CIRT, Inc. It is written in Perl and was originally released in late 2001.

It is currently maintained by David Lodge (you can find his blog here), though other contributors have been involved in the project as well.

Here are some of the cool things that Nikto can do:

• Find SQL injection, XSS, and other common vulnerabilities
• Identify installed software (via headers, favicons, and files)
• Guess subdomains
• Includes support for SSL (HTTPS) websites
• Saves reports in plain text, XML, HTML or CSV
• “Fish” for content on web servers
• Report unusual headers
• Check for server configuration items like multiple index files, HTTP server options, and so on
• Has full HTTP proxy support
• Guess credentials for authorization (including many default username/password combinations)
• Is configured with a template engine to easily customize reports
• Exports to Metasploit

#nikto #web-development #webdev #security