Nikto is an Open Source (GPL) web server scanner which can check for more than 6,700 potentially dangerous files or programs, for outdated versions of more than 1,250 servers, and for version-specific issues on more than 270 servers. Additionally, it will look at server configuration concerns such as multiple index files and various HTTP server options, and will even attempt to identify installed web servers and software.

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS.

However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Running tests such as those offered by Nitko is vital – hackers are increasingly turning their sights on web server vulnerabilities to find a route into an organisation, and everything from insecure WordPress implementations to outdated Apache servers have reportedly been targeted.

See the documentation for a full list of features and how to use them.

Hat tip to makeuseof.