Nikto Web Vulnerability Scanner

Nikto Help

This online scan of a web site and server uses the well known Nikto Scanning Tool.

Nikto is a tool for testing your web server and web site. It checks the web server and web site for security issues using a database of URL based checks.

Enter the Web Host Target as :
www.mywebsitetotest.com or an IP address 10.3.12.31

HackerTarget.com – Nikto Web Scan Sample Report

—————————————————————————
- Nikto 1.36/1.39 – www.cirt.net
+ Target IP: xx.126.xx.110
+ Target Hostname: www.testsite.com
+ Target Port: 80
+ Start Time: Sun Jul 29 14:48:24 2007
—————————————————————————
- Scan is dependent on “Server” string which can be faked, use -g to override
+ Server: Apache
+ Server: Apache/1.3.29 (Unix) mod_perl/1.28 PHP/4.3.4
+ No CGI Directories found (use ‘-C all’ to force check all possible dirs)
+ /robots.txt – contains 19 ‘disallow’ entries which should be manually
viewed (added to mutation file lists) (GET).
+ Apache/1.3.29 appears to be outdated (current is at least
Apache/2.0.47). Apache 1.3.28 is still maintained and considered secure.
+ mod_perl/1.28 appears to be outdated (current is at least 1.99_10)
+ PHP/4.3.4 appears to be outdated (current is at least 4.3.4RC2)
+ /.htaccess – Contains authorization information (GET)
+ /.htpasswd – Contains authorization information (GET)
+ /phpBB2/includes/db.php – Some versions of db.php from phpBB2 allow
remote file inclusions. Verify the current version is running. See
http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET)
+ /\”>

Free Web Mail addresses such as gmail accounts are restricted to reduce abuse of the system. A valid membership is required to use free email addresses.


Server and Web Site are tested using the Nikto Security Scanner in this online scan.

Note that you must have permission to scan the site you nominate. This is an aggressive scan and it is possible that it will upset listening services, fill up log files and trigger IDS.

Enter the url of the web server you wish to test; this scan can take up to 20 mins to complete. Results will be emailed upon completion.

Nikto Web Server Security Scan

Enter details to begin a scan of your nominated web server.







captcha






About Nikto

The Nikto web server scanner is a security tool that will test a web site for thousands of possible security issues. Including dangerous files, mis-configured services, vulnerable scripts and other issues. It is open source and structured with plugins that extend the capabilities. These plugins are frequently updated with new security checks.

Nikto is by no means a stealthy tool. It will fill up a web server’s access log and error logs with thousands of entries as it performs each test. This noise is actually an excellent way to test any Intrusion Detection system that is in place. Any web server, host based intrusion detection (HIDS) or network based intrusion detection (NIDS) should detect a Nikto scan.

Custom scans can be initiated using IDS bypass methods from libwhisker, however the scan online scan we provide is a default (no evasion) scan.