Web Server Vulnerability Scan with Nikto 50 Credits
About this tool
This is an online interface for the well known Nikto vulnerability scanner which can be used to find specific web vulnerabilities on your target server.
The vulnerability scanner discovers various issues that are potential security problems for your web server. The types of issues Nikto can identify are:
- Fingerprint the web server type and version
- Report old versions of server software if it contains known vulnerabilities
- Discover web server configuration problems (directory listing, backup files, old configuration files, etc)
- Identify specific web applications that are running on the web server
- Check for known application vulnerabilities
Warning: This is an active scanning tool which generates a high amount of noise in the network. Most correctly configured IDSs will detect this scan as attack traffic. Do not use it if you don't have proper authorization from the target website owner.
- Target URL: This is the url of the website that will be scanned. The tool does not follow any redirects so the exact url will be scanned. If you want to scan only a certain directory or path, you can add it in the url like: http://www.mycompany.com/base_directory/. All urls must start with http or https.
How it works
This interface calls Nikto on the backend to perform the scanning with the proper parameters. Nikto implements multiple techniques for fingerprinting server software and for identifying server side vulnerabilities. It uses a signature database which is periodically updated and each signature contains a specific request that identifies an unique vulnerability.
Nikto sends a significant amount of HTTP requests to the target server in order to probe each signature from the database. However, it is not likely to generate a denial of service effect.