Nikto is an awesome perl script which will test your web server for vulnerabilities. For example, it will tell you if you have any gaping holes in your configuration that would allow attackers to run known exploits. It will also show you interesting things that could potentially be used as attack points. Once you run it on your server, you get a nice readable list of warnings and red flags.

Next step of course is to sit your ass down, log into the server and figure out what triggered nikto, and how (if possible) to disable it. The less results you get from a scan, the better off you are, because the bad guys will essentially use the same exact tool to compose their hit list.

Passing Nikto scans of course does not make you safe. But it may make you safeer by exposing big security holes you might have missed.

I would say that it should be the second tool in your security testing toolbox next to the good old nmap.

This entry was posted in random stuff and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *