Existing Nikto Plug-ins

Existing Nikto Plug-ins

Nikto is an open-source web server scanner that performs comprehensive tests against web servers to identify potential vulnerabilities. Nikto supports a range of plug-ins that extend its functionality and enable users to customize its scans.

Here are some of the existing Nikto plug-ins:

  1. Auth Brute: This plug-in performs brute-force attacks against web server authentication mechanisms to test for weak or easily guessable passwords.
  2. Caching: This plug-in checks if the server is properly configured to handle caching, which can have implications for performance and security.
  3. Cookie: This plug-in tests if the web server is properly handling cookies, which can be used to hijack user sessions.
  4. SSL: This plug-in performs checks on the SSL/TLS implementation of the server to detect weak ciphers, certificate issues, and other potential security issues.
  5. File Limit: This plug-in tests if the server has any file limits configured that can be exploited by attackers to exhaust system resources.
  6. Injection: This plug-in checks for common injection vulnerabilities such as SQL injection, LDAP injection, and command injection.
  7. Outdated: This plug-in scans for outdated software and known vulnerabilities in the web server and its components.
  8. Proxy: This plug-in tests if the server is properly configured to handle proxy requests and if it’s vulnerable to proxy abuse.
  9. Redirect: This plug-in checks if the server is vulnerable to HTTP response splitting attacks through improperly configured redirections.
  10. Headers: This plug-in analyzes the headers returned by the server to detect any potential security issues such as cross-site scripting (XSS) or clickjacking vulnerabilities.

Overall, Nikto’s plug-ins enable users to customize their web server scans to detect a wide range of vulnerabilities and security issues.

Apply for Network Security Open Source Software Developer Certification Now!!

https://www.vskills.in/certification/network-security-open-source-software-developer-certification

Back to Tutorial

Nikto Under the Hood
Adding Custom Entries to the Plug-in Databases

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Hello 👋
Can we help you?