CIRT.net

Michel Arboi and Brian Martin have written a long post on Tenable's blog detailing exactly how to get Nessus to run Nikto automatically. This has been a question that's come up time and again on the mailing lists, so hopefully this will help everyone out.

InformIT has a series on turning the OLPC into a "Hacker's Toolkit," which of course includes the Usual Suspects of tools (including Nikto) used by those evil hackers. The article is a bit cheesy in places, but I'm impressed the OLPC can run the toolset as described. Not bad for $188.

Projects
These projects are related to Nikto, or incorporate/use the Nikto databases in some fashion.

• SCRT Webshag - "Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing." Webshag incorporates the Nikto scan database.
• LibWhisker - RFP's most excellent PERL HTTP+ library (and Nikto's HTTP internals).

Here are some books Nikto is discussed in. In no particular order.

Harry Anderson's Introduction to Nessus drops a nice line for Nikto (and nmap & Hydra), calling them the "best applications in their class".

How Hackers Break In To Enterprise Networks--A Step-By-Step Demo in InterNet Week. The article describes a pen-test performed by a consultant, and one of the tools used is Nikto. Originally posted: 2003-09-08