diff options
| author | Brenton Earl <brent@exitstatusone.com> | 2017-05-03 08:26:55 +0700 |
|---|---|---|
| committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2017-05-03 08:26:55 +0700 |
| commit | 9d0665d6d68ca6418394fcc9b699fa676f33070f (patch) | |
| tree | 14ddcfa9ae0837f360d1ca0af31a819999faabc3 /network/nikto/README | |
| parent | 7904ef32572290008886f0770e4953eb49288ca0 (diff) | |
network/nikto: Updated for version 2.1.6.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/nikto/README')
| -rw-r--r-- | network/nikto/README | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/network/nikto/README b/network/nikto/README index 130a4bb34fc7..0174ffe58d84 100644 --- a/network/nikto/README +++ b/network/nikto/README @@ -1,14 +1,19 @@ -Nikto is an Open Source (GPL) web server scanner which performs -comprehensive tests against web servers for multiple items, including -over 3500 potentially dangerous files/CGIs, versions on over 900 servers, -and version specific problems on over 250 servers. Scan items and plugins -are frequently updated and can be automatically updated (if desired). +Nikto is an Open Source (GPL) web server scanner which performs comprehensive +tests against web servers for multiple items, including over 6700 potentially +dangerous files/programs, checks for outdated versions of over 1250 servers, +and version specific problems on over 270 servers. It also checks for server +configuration items such as the presence of multiple index files, HTTP server +options, and will attempt to identify installed web servers and software. Scan +items and plugins are frequently updated and can be automatically updated. -WARNING: if you're updating from 2.03 to 2.1.0 keep in mind that -the configuration file have been changed from the old location -/etc/nikto/config.txt (a debianism I introduced to work around the -config.txt unspecified location) to the newer, official /etc/nikto.conf. -Speaking of debianism: I removed the symolic link /usr/bin/nikto creation, -upgradepkg will not rm it but newer installs will not have it anymore. If -you like the link and want to retain it in future updates, just uncomment -the needed lines inside the SlackBuild. +Nikto is not designed as a stealthy tool. It will test a web server in the +quickest time possible, and is obvious in log files or to an IPS/IDS. However, +there is support for LibWhisker's anti-IDS methods in case you want to give it +a try (or test your IDS system). + +Not every check is a security problem, though most are. There are some items +that are "info only" type checks that look for things that may not have a +security flaw, but the webmaster or security engineer may not know are present +on the server. These items are usually marked appropriately in the information +printed. There are also some checks for unknown items which have been seen +scanned for in log files. |