Communication Security: Web Based Services • Chapter 5  329

                 options can generate over 70,000 requests to a server, possibly causing it to crash.
                 With this in mind, Nikto is an extremely useful tool in auditing your site, and
                 identifying where potential problems may exist in your CGI scripts and programs.
                    As seen in Figure 5.19, Nikto is a CGI script itself that is written in Perl, and
                 can easily be installed on your site. Once there, you can scan your own network for
                 problems, or specify other sites to analyze. It is Open Source, and has a number of
                 plug-ins written for it by third parties to perform additional tests. Plug-ins are pro-
                 grams that can be added to Nikto’s functionality, and like Nikto itself, they are also
                 written in Perl (allowing them to be viewed and edited using any Perl editing soft-
                 ware). In itself, Nikto performs a variety of comprehensive tests on Web servers,
                 using its database to check for over 3,200 files/CGIs that are potentially dangerous,
                 versions of these on over 625 servers, and version specific information on over 230
                 servers. It provides an excellent resource for auditing security and finding vulnera-
                 bilities in Web applications that use CGI, and is available as a free download from
                 http://www.cirt.net/code/nikto.shtml.

                 Figure 5.19 Nikto Perl Script









































                                                                              www.syngress.com