MacNikto: Working with the Nikto Web Server Security Scanner on the Mac
by Otto Jackson - Tuesday, 21 August 2007.
Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.

What enables you to use Nikto on Mac OS X is MacNikto, a free AppleScript GUI shell script wrapper built in Apple's Xcode and Interface Builder. It provides a subset of the features available in Nikto, bundled into this installer package. Features include:
  • Automatic scanning configuration based on server identification
  • Full scanning override, useful for when a server masquerades as another make in order to deflect certain scan attempts
  • Inline reporting and printing
  • Automatic export and reader launch of reports in HTML, CSV and TXT formats
  • Nikto database update check
  • Port range setting
  • Full Help documentation
  • Nikto 1.36/1.37 installer included.
MacNikto comes as an Universal Binary and you need to install it, however this is just a matter of a few clicks. Once located in your Applications folder you can start scanning.



The interface is truly simple and it enables you to start working immediately. All you need to enter is the IP or URL of your website, define a few options and MacNikto will do its magic.



As the author notes, each scan may take some time and MacNikto's interface may become unresponsive during the scan so be patient. Your Internet connection speed can also be an issue here so if you're a dial-up user, you might have to wait quite a bit.

Once the scan is over you'll get the output in the form of TXT file that will show you what MacNikto found. An example of this file can be seen here. Naturally, sensitive information has been stripped.

Do keep in mind that this tool is to be used on servers that you have permission to scan so be responsible. Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it's fairly obvious in log files.

Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //