Wikto - Nikto for Windows

Wikto - Nikto for Windows with some extra features.

Author

Roelof Temmingh
Gareth Phillips < gareth(at)sensepost(dot)com >
Ian de Villiers < ian(at)sensepost(dot)com >

License, version & release date

License : GPLv3
Version : 2.1.0.0
Release Date : 2008/12/15

Description

Wikto is Nikto for Windows - but with a couple of fancy extra features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework.

Wikto to quickly and easily perform web server assessments.

Before we start we need to know what Wikto does and what it does not do. Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site.So – Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. Oh – and Wikto is not just Nikto for Windows. The Nikto scan is only of its many functions (and it does the Nikto scans totally different than Nikto does).

Requirements

WinHTTrack (www.httrack.com)
HTTprint (www.net-square.com)
.Net Framework

Additional Resources

http://www.sensepost.com/cms/resources/labs/tools/pentest/wikto/using_wikto.pdf


More information with Installation 
http://searchsecurity.techtarget.com/tip/Screencast-How-to-use-Wikto-for-Web-server-assessment