[Nikto-discuss] Nikto Capabilities

a resident.deity at gmail.com
Sun Jan 5 03:34:59 CST 2014


Nikto performs a set of tests for pages on the web server and the
configuration of its responses. The tuning option allows these the number
of tests to be cut down, e.g. to known pages that have SQL injection.

Where this differs from a web application scanner is that Nikto will only
check for what it knows.

To be honest web server scanner is a pointless label anyway. It's a tool
that should be run as part of a set of tools (e.g. nmap, sslscan, sqlmap,
burp) used during a test. It's not mutually exclusive with other tools.
 On 4 Jan 2014 17:00, "raymond lukanta" <raymond_pluto at hotmail.com> wrote:

> I have a question about Nikto capabilities.
> In the Nikto description, it is said that Nikto is a web server scanner.
> But, in the -Tuning option (
> http://cirt.net/nikto2-docs/options.html#id2741238), there're a test for
> SQL injection and XSS. Actually, it makes me confused.
>
> I need explanation why Nikto do the test for SQL injection and XSS.
> Because I think, injection and XSS is web application related (CMIIW).
>
>
> Thanks.
>
> --
> Raymond
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20140105/9386fdcc/attachment-0001.html>


More information about the Nikto-discuss mailing list