Year and a half it took hackers Chris Sylla and David Lodge, to release a new version of the scanner Nikto 2.1.5.
It also displays the unique challenges for the more than 270 versions of the servers. The scanner also identifies common errors in web server configuration, including the presence of multiple index files, HTTP-server option, and then tries to make the most complete list of versions and modules on the server. List of objects for scanning Nikto is implemented as a plugin and is updated frequently (these plugins are not open source).
Nikto scanner is designed to operate in secret mode: it scans quickly, recording the results in the log. Version 2.1.5 fixes a few bugs, as well as new functions and new types of tests (complete list). Among the most important – recognizing IP in HTTP-headers, automatic check of available files after parsing robots.txt, check the icons in, check vulnerabilities with crossdomain.xml and clientaccesspolicy.xml. Among the new features of the program – to set the maximum time to scan the host (in seconds) to mask the scan, repeat saved JSON-requests using replay.pl, support for SSL-certificates on the client side, more advanced testing by automatically adding variables in db_variables after parsing robots . txt or other pages.
Download Nikto 2.1.5 can here