Nikto

Nikto performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Nikto is written in Perl and verifies server configurations for duplicate index files, HTTP server options and installed web server software.

It provides feedback, allowing admins to have their server up to date at all time.

Features:

• SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL)
• Full HTTP proxy support
• Checks for outdated server components
• Save reports in plain text, XML, HTML, NBE or CSV
• Template engine to easily customize reports
• Scan multiple ports on a server, or multiple servers via input file (including nmap output)
• LibWhisker's IDS encoding techniques
• Easily updated via command line
• Identifies installed software via headers, favicons and files
• Host authentication with Basic and NTLM
• Subdomain guessing
• Apache and cgiwrap username enumeration
• Mutation techniques to "fish" for content on web servers
• Scan tuning to include or exclude entire classes of vulnerability checks
• Guess credentials for authorization realms (including many default id/pw combos)
• Authorization guessing handles any directory, not just the root directory
• Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
• A "single" scan mode that allows you to craft an HTTP request by hand
• Reports "unusual" headers seen
• Interactive status, pause and changes to verbosity settings
• Logging to Metasploit
• Thorough documentation

What is new in this release:

• Parsing of nmap greppable output now checks any port description matching http
• Fix a potential for false positives or negatives with version matches
• Not all udb* files were loaded properly
• Server name not properly printed in update/submission output
• Variable consolidation & memory usage cleanup
• Move message on -root from notices to target host info (suggestion from YGN)
• Automatically escape invalid regexes in databases at run-time, so no dying
• Added nikto_ssl.plugin to check cert's CN vs hostname
• Add basic retry on error in nfetch()
• Change how db_404_strings are used by moving where they are checked to reduce FP
• Fix missing url sent to rm_active_content during error mapping--should prevent many FPs
• Make nikto_multiple_index.plugin only look at 200 responses