Hi guys. Here’s a neat, FREE software called Wikto by Sensepost which allows you and I to quickly perform web server assessments. Wikto will
- find interesting directories and files on the web site
- look for sample scripts that can be abused
- find known vulnerabilities in the web server implementation itself
So I tested it out in rangit.com and found around 30 light vulnerabilities. I was a bit shocked to find such a list. Really. There were a few requests that hackers can use to execute SQL Injections. Scary but REAL. Remember, with this tool you can scan any website for their vulnerabilities. Here’s a screenshot of mine.
To use Wikto you need to get 2 other things.
After successfully installing all 3 softwares, go to Wikto’s ‘SystemConfig’ tab. There are 4 important things to configure for Wikto to work.
Locate the HTTrack folder and point to the file ‘httrack.exe’ in your program files.
Create a new folder for storing data. I created one in C: and named it ‘Temp’. After creating, point to it.
Locate HTTPrint folder and point to the file called ‘win32’.
Click on the button and download the latest database for scanning. This is essential for first timers.
After that, go to the ‘Wikto’ tab and enter a website. Click ‘Start Wikto’. Basic tests commands will be carried out from NiktoDB. Watch the scanned vulnerabilities appear one by one.
The solution would be to talk to your web host about the scan results. Show what you’ve found and and see what your web host says.
Web server assessment tool