Nikto is designed to examine web servers and look for items in multiple categories: - misconfigurations - default files and scripts - insecure files and scripts - outdated software It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP functionality, and can perform checks in HTTP or HTTPS. It also supports basic port scanning and will determine if a web server is running on any open ports. Nikto checks and code can be automatically udpated from the main distribution server by using the 'update' option (see below) to ensure Nikto is checking the most recent vulnerabilities. Nikto will also load user defined checks at startup if they are placed in a file named 'user scan database.db' in the plugins directory. Unlike scan database.db, this file will not be over-written if the -update option is used. This should always be used if you add your own checks (and you should send those checks to [email protected]). Nikto leaves a footprint on a server it scans--both in an invalid 404 check and in the User-Agent header. This can be changed by forcing the $NIKTO{fingerprint} and $NIKTO{useragent} to new values in the source code, OR, if any IDS evasion (-e) option is used. Note that it's pretty obvious when Nikto is scanning a server anyway--the large number of invalid requests sticks out a lot in the server logs, although with an IDS evasion technique it might not be extremely obvious that it was Nikto.
wnikto32.exe