What enables you to use Nikto on Mac OS X is MacNikto, a free AppleScript GUI shell script wrapper built in Apple's Xcode and Interface Builder. It provides a subset of the features available in Nikto, bundled into this installer package. Features include:
- Automatic scanning configuration based on server identification
- Full scanning override, useful for when a server masquerades as another make in order to deflect certain scan attempts
- Inline reporting and printing
- Automatic export and reader launch of reports in HTML, CSV and TXT formats
- Nikto database update check
- Port range setting
- Full Help documentation
- Nikto 1.36/1.37 installer included.
The interface is truly simple and it enables you to start working immediately. All you need to enter is the IP or URL of your website, define a few options and MacNikto will do its magic.
As the author notes, each scan may take some time and MacNikto's interface may become unresponsive during the scan so be patient. Your Internet connection speed can also be an issue here so if you're a dial-up user, you might have to wait quite a bit.
Once the scan is over you'll get the output in the form of TXT file that will show you what MacNikto found. An example of this file can be seen here. Naturally, sensitive information has been stripped.
Do keep in mind that this tool is to be used on servers that you have permission to scan so be responsible. Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it's fairly obvious in log files.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.