How To Know If My Website Is Secure


Hi guys. Here’s a neat, FREE software called Wikto by Sensepost which allows you and I to quickly perform web server assessments. Wikto will

  • find interesting directories and files on the web site
  • look for sample scripts that can be abused
  • find known vulnerabilities in the web server implementation itself

So I tested it out in and found around 30 light vulnerabilities. I was a bit shocked to find such a list. Really. There were a few requests that hackers can use to execute SQL Injections. Scary but REAL. Remember, with this tool you can scan any website for their vulnerabilities. Here’s a screenshot of mine.

wikto scan

To use Wikto you need to get 2 other things.

  1. WinHTTrack
  2. HTTprint

After successfully installing all 3 softwares, go to Wikto’s ‘SystemConfig’ tab. There are 4 important things to configure for Wikto to work.

wikto sysconfig

  1. HTTrack
  2. Locate the HTTrack folder and point to the file ‘httrack.exe’ in your program files.

  3. Cache
  4. Create a new folder for storing data. I created one in C: and named it ‘Temp’. After creating, point to it.

  5. HTTPrint
  6. Locate HTTPrint folder and point to the file called ‘win32′.

  7. NiktoDB
  8. Click on the button and download the latest database for scanning. This is essential for first timers.

After that, go to the ‘Wikto’ tab and enter a website. Click ‘Start Wikto’. Basic tests commands will be carried out from NiktoDB. Watch the scanned vulnerabilities appear one by one.

The solution would be to talk to your web host about the scan results. Show what you’ve found and and see what your web host says.

Sensepost Wikto
Web server assessment tool

Share on FacebookTweet about this on TwitterPin on PinterestShare on StumbleUponShare on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>