<p dir="ltr">Nikto performs a set of tests for pages on the web server and the configuration of its responses. The tuning option allows these the number of tests to be cut down, e.g. to known pages that have SQL injection.</p>
<p dir="ltr">Where this differs from a web application scanner is that Nikto will only check for what it knows.</p>
<p dir="ltr">To be honest web server scanner is a pointless label anyway. It's a tool that should be run as part of a set of tools (e.g. nmap, sslscan, sqlmap, burp) used during a test. It's not mutually exclusive with other tools.<br>
</p>
<div class="gmail_quote">On 4 Jan 2014 17:00, "raymond lukanta" <<a href="mailto:raymond_pluto@hotmail.com">raymond_pluto@hotmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">I have a question about Nikto capabilities. <div>In the Nikto description, it is said that Nikto is a web server scanner. But, in the -Tuning option (<a href="http://cirt.net/nikto2-docs/options.html#id2741238" style="font-size:12pt" target="_blank">http://cirt.net/nikto2-docs/options.html#id2741238</a><span style="font-size:12pt">), there're a test for SQL injection and XSS. Actually, it makes me confused.</span></div>
<div><span style="font-size:12pt"><br></span></div><div>I need explanation why Nikto do the test for SQL injection and XSS. Because <span style="font-size:12pt">I think, injection and XSS is web application related (CMIIW).</span></div>
<div><br></div><div><br></div><div>Thanks.</div><div><br><font><span style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif">--</span><br style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif">
<span style="line-height:17px;color:rgb(79,129,189);font-family:Arial,sans-serif">Raymond</span></font></div> </div></div>
<br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div>