Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is built on LibWhisker and can run any platform which has a Perl environment, and supports SSL, proxies, host authentication, IDS evasion and more.
Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
Installation:
OpenSuSe user can install nikto using "1-click" installer - here
Ubuntu / Debian: $ sudo apt-get install nikto
Using Nikto:
The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.1.2 on TCP port 80: nikto -h 192.168.1.2
To check on a different port, specify the port number with the -p (-port) option. This will scan the IP 192.168.0.1 on TCP port 443:
nikto -h 192.168.1.2 -p 443Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:
nikto -h https://192.168.0.1:443/Updating
Nikto can be automatically updated, To update to the latest plugins and databases, simply run Nikto with the -update command: nikto -update
If updates are available, you will see a list of the files getting downloaded.
2 comments:
I couldn't find it on Ubuntu.
apt-get intstall nikto
returned
E: Couldn't find package nikto
@austin
The reason you cannot find the package is because you do not have the correct repo enabled.
In debian it is the non-free repo.
Here is my sources list, change yours then
apt-get update
apt-get install nikto
--------------------
deb http://www.mirrorservice.org/sites/ftp.debian.org/debian/ lenny main contrib non-free
deb-src http://www.mirrorservice.org/sites/ftp.debian.org/debian/ lenny main contrib non-free
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
--------------------
Post a Comment