Nov 16th, 2010
Security Tools Nessus and Nikto
Nessus
The official website at the following URL: http://www.nessus.org/
Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
Nikto
Nikto can be found at the following URL: http://cirt.net/nikto2
Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems.
If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.