Nikto is an Open Source (GPL) web server scanner designed to find various default and insecure files, configurations and programs on any type of web servers. It can perform comprehensive tests against web servers for multiple items, including over “6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.”
Nikto is built on LibWhisker2 (byRFP) and can run on any platform which has a Perl environment. It supports SSL, proxies, host authentication, IDS evasion and more. It can also be updated automatically from the command-line, and supports the optional submission of updated version data back to the maintainers.
The Nikto 1.00 Beta was originally released on December 27th, 2001 by Chris Sullo, followed very quickly by the release of 1.01. Over a two year span Nikto’s code became the most popular freely available web vulnerability scanner, and by 2007 several improvements had been contributed. In 2008, David Lodge officially joined the development team and assumed leadership of the project while Chris Sullo worked on another project. In 2009, Chris rejoined the Nikto development team and both he and David continue to improve Nikto’s capabilities.
For more information on Nikto, visit http://www.cirt.net/nikto2