Sullo writes
"
Nikto is an open source (GPL) web server scanner which performs tests
against web servers for multiple items, including over 3500 po
tentially dangerous files/CGIs, versions on over 900 servers, and
version specific problems on over 250 servers.
Version 2 adds a ton of enhancements, including:
– Fingerprinting web servers via favicon.ico files
– 404 error checking for each file type
– Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
– Scan tuning to include or exclude entire classes of vulnerability checks
– Uses LibWhisker 2, which has its own long list of enhancements
– A "single" scan mode that allows you to craft an HTTP request manually
– Basic template engine so that HTML reports can be easily customized
– An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
– Optimizations, bug fixes and more…
Source & info:
http://www.cirt.net/code/nikto.shtml
