Checking Your Website Security with Nikto

Introduction

To verify your configuration file and test potential security vulnerabilities, here's a practical Perl script called Nikto. These are the most well-known security audit applications similar to Nikto:

• WebScarab/ProxMon
• WebInspect by SPI Dynamics
• Wikto
• Exploit-me
• Paros Proxy

Installation and Configuration

Here's the documentation I found:

Apache Security Testing

For those who don't want to recompile packages:

1

aptitude install nikto

Then it's simple, as described in the documentation:

1

nikto -h localhost

Resources

• ProxyStrike a new transparent proxy for web application auditing