commandlinefu.com is the place to record those command-line gems that you return to again and again.
You can sign-in using OpenID credentials, or register a traditional username and password.
Subscribe to the feed for:
This is wonderful perl script to check the web server security and vulnerability .Get it from here :http://www.cirt.net/nikto2
Here are some key features of "Nikto":
? Uses rfp's LibWhisker as a base for all network funtionality
? Main scan database in CSV format for easy updates
? Determines "OK" vs "NOT FOUND" responses for each server, if possible
? Determines CGI directories for each server, if possible
? Switch HTTP versions as needed so that the server understands requests properly
? SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL)
? Output to file in plain text, HTML or CSV
? Generic and "server type" specific checks
? Plugin support (standard PERL)
? Checks for outdated server software
? Proxy support (with authentication)
? Host authentication (Basic)
? Watches for "bogus" OK responses
? Attempts to perform educated guesses for Authentication realms
? Captures/prints any Cookies received
? Mutate mode to "go fishing" on web servers for odd items
? Builds Mutate checks based on robots.txt entries (if present)
? Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available)
? Multiple IDS evasion techniques
? Users can add a custom scan database
? Supports automatic code/check updates (with web access)
? Multiple host/port scanning (scan list files)
? Username guessing plugin via the cgiwrap program and Apache ~user methods
There is 1 alternative - vote for the best!
If you can do better, submit your command here.
You must be signed in to comment.