Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files or CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is free software, but the data files it uses to drive the program are not.[2] Version 1.00 was released December 27, 2001.
Original author(s) | Chris Sullo |
---|---|
Stable release | 2.5.0[1]
/ December 3, 2023 |
Written in | |
Operating system | Unix-like |
Available in | English |
Type | Vulnerability scanner |
License | GNU GPL v2 |
Website | http://www.cirt.net/Nikto2 |
Features
editNikto can detect over 6700 potentially dangerous files or CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files and HTTP server options, and will attempt to identify installed web servers and software.[3] Scan items and plugins are frequently updated and can be automatically updated.
Variations
editThere are some variations of Nikto, one of which is MacNikto. MacNikto is an AppleScript GUI shell script wrapper built in Apple's Xcode and Interface Builder, released under the terms of the GPL. It provides easy access to a subset of the features available in the command-line version, installed along with the MacNikto application.[4][5]
References
edit- ^ "Release Nikto 2.5.0". GitHub. 2023-12-03. Archived from the original on 2024-04-08. Retrieved 2024-04-08.
- ^ "Data file distributed with Nikto with non-Open Source licence notice at the top". Archived from the original on 2016-08-09. Retrieved 2009-01-30.
- ^ "Exploring Web Server Vulnerabilities with Nikto". LKDR Tech. Retrieved 2024-07-03.
- ^ "MacNikto". Archived from the original on 2023-02-19. Retrieved 2007-01-02.
- ^ "Yet another Nikto GUI". 18 July 2014.