Running security scan on your website? Then you might be looking for a tool for the same.
There are pretty good open source tools available to do this. One of them is Nikto2 . This is a great tool which packed with a lot of features which can scan for over 3500 kinds of potentially intrusive files and CGIs. It makes a comprehensive check on various files and tells whether the file is secure or has a security vulnerability. Nikto scan process is designed to run the scan in the shortest possible time frame.
The latest version, Nikto 2, has a lot of enhancements. Some of the newest features are :
* Fingerprinting web servers via favicon files
* Reduction of false positives to a great extent
* Reports outdated software from
* Apache expect headers to check for XSS vulnerabilities.
* Tuning the scanner so that we do not need to run the same scan every time and focus upon areas of crisis.
* Single scan mode that allows you to simulate requests for testing.
* Provision for HTML requests and various templates for generating HTML reports.
* Provision for users to make additions to the scan database.
* Support for upgrading code automatically.
There are a lot more features and a very expansive documentation available for this software, which can be understood easily by a novoice. With all these features you can pin-point the flaws in your Web server and make it more secure, in turn also keeping your database safe to a greater extent.
Simple command that I run is as follows:
# nikto -host
Happy Hacking!
