Navigation



Wikto Scanner Download – Web Server Security Tool

Last updated: April 26, 2020 | 15,148 views

Wikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Wikto Scanner Download - Web Server Security Tool


It’s Nikto for Windows basically with some extra features written in C# and requires the .NET framework.

What is Wikto

Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site. So – it will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself.

How does Wikto work?

To understand the Wikto component of the application you need to understand what Nikto is. Nikto is a text based web server vulnerability scanner written in PERL by the good guys at CIRT. Nikto scans for over 3000 potential problems on a web server. It is beyond the scope of the document to explain what types of checks it performs – you can read all about on the Nikto post.

Like the BackEnd miner, the scanner has the ability to perform fuzzy logic on the responses thereby greatly reducing the occurrence of false positives. It also has the ability to import directories from both the BackEnd miner and the Googler.

Wikto vs Nikto


Wikto is not just Nikto for Windows. The Nikto scan is only of its many functions (and it does the Nikto scans totally different than Nikto does).

It also has additional functionality including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring.

Wikto Web Security Scanner Requirements

To get the most out of the app you also need to install the following:

  1. WinHTTrack – A web mirroring tool (you can use the default install)
  2. HTTprint – A web server fingerprinting tool (by default, Wikto looks for this in the c:\Tools directory, but you can configure it)

You can download Wikto here:

Or read more here.

Share86
Tweet
Share29
Buffer13
WhatsApp
Email
128 Shares
Posted in: Hacking Tools


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
April 30, 2022 - 30 Shares
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
January 24, 2022 - 15 Shares
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
January 5, 2022 - 20 Shares
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
December 30, 2021 - 16 Shares
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
August 31, 2021 - 293 Shares
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
July 7, 2021 - 205 Shares


3 Responses to Wikto Scanner Download – Web Server Security Tool

  1. TeeOne September 5, 2017 at 11:14 pm #

    Deadlink for HTTPrint. New link found through Google is http://www.net-square.com/httprint.html Cheers…

    • Darknet September 6, 2017 at 2:36 pm #

      Thanks! have updated the post with the new links.

  2. TeeOne September 5, 2017 at 11:16 pm #

    WinHTTrack link is https://www.httrack.com/page/2/