Saturday, May 19, 2007

Webserver vulnerability scanners

Having hit by few problems related to web server vulnerability, I turned to check what open source tools are available for checking my server. I quickly got got to this link. Out of the list, the one that caught my attention was Nikto. This is a based on Whisker/libwhisker for much of its underlying functionality.

So I quickly used my FC5 machine to run this. Its not like other scripts where you have to delve into the documentation to get them working. Nikto just needs a -host and -port parameters. That's nice. It ran 1900+ tests in just less than 8 seconds. hmmm.. this makes me skeptical now(anything that takes very less to complete and gives all positive results always makes me think this way). Well how do I really check what it is doing? Thankfully, Nikto has -verbose option to display all the tests that it has performed and its results. I plan to use its ssl option sometime later and check how it works..

Don't upload just Share

No comments: