howtoforge.org — This tutorial will show you how to set up the free web server security scanner tool, Nikto. This tool will probe your Apache set-up for vulnerabilities, so you can get an idea of what holes may exist in your configuration. This tutorial will get you so far as installing the tool, and running your first scan.
Aug 13, 2006 View in Crawl 4
sentinel88Aug 14, 2006
Simply post your IP here. I'm sure many Digg users would dutifully test your setup for vulnerabilities.Test my server: 72.14.203.104
colklinkAug 14, 2006
huh..huhuhuh...you said "probe"....
xenlabAug 14, 2006
@warmcatThe typo'd URL was corrected in the article. Thanks for spotting that.
xenlabAug 14, 2006
@gmillerdthe evasion flag takes longer, but it allowed me to test my Snort/BASE installation and ruleset. It blocked everything Nikto threw at it, which says something about Snort, I suppose.
xenlabAug 14, 2006
Nessus is the king. Since it also goes after vulnerabilities in the O/S. However, Nessus is not entirely free (you can download a demo version). Nikto is a good alternative for at least testing your web server, which for most people is most public attack surface area they have.
xenlabAug 14, 2006
If you set up a PERL environment on your dev box, you can run Nikto (it's just a PERL script). At the minimum you can try CYGWIN (www.cygwin.com) and go at it like that.