MacNikto

The MacNikto 1.01 update bundles the latest version of Nikto. [Nikto 1.36 | Nikto Changes]

Additionally, some minor GUI interface and Help tweaks/updates; the Auto-save checkbox now self-selects when a report save location is set to save you a step.

Posted by: lewis Francis at February 17, 2007 8:11 PM

Help Net Security recently published an article called MacNikto: Working with the Nikto Web Server Security Scanner on the Mac.

Posted by: lewis Francis at September 6, 2007 1:38 PM

Other than pushing the Report Format pop-up a couple pixels, looks like the current version of MacNikto works as expected on Leopard.

FYI: all users should update the Nikto database using the Update DB button under the Advanced tab. This brings the database up to v 1.39 and adds some new tests.

Posted by: Lewis Francis at October 27, 2007 10:33 PM

Just a quick note that MacNikto 1.1 will be posted offering Nikto 2 support, along with a few interface tweaks, once Nikto 2.03 is released.

I worked on Nikto 2.x support in April but ran into a bug that will be fixed in 2.03; also found that Nikto 2.03 will require a complete reinstall due to changes in the core application, so it seems to make sense to hold off.

In the mean time, if you really want MacNikto to run Nikto 2.x tests, and are comfortable with command-line operations, you can try following instructions posted by Jordan to update the Nikto installation provided by MacNikto 1.0x installers. Note that auto/full scans and port ranges will not work, and database updates likely will not function once Nikto 2.03 is released.

Posted by: Lewis Francis at June 29, 2008 9:42 PM

Congrats, an gui interface for a great Un*x Tool, and only for mac users. Tally Ho!

Posted by: Mr. Howard R. Hughes, JR. at July 25, 2008 7:13 AM

Am I'm still the only user to post a comment on this wonderful tool? Keep up the good work Lewis!

Posted by: Mr. Howard R. Hughes, JR. at September 8, 2008 7:53 AM

MacNikto 1.1 with Nikto 2.03 support is now available for download.

Changes:

• Updated to support Nikto 2.03 release
• Added support for Nikto 2's new XML export feature
• Now preserves settings between launches
• Now prompts for a Nikto database update on first run
• Added checkbox for SSL-only testing
• Added checkbox for Find-only testing
• Added custom MacNikto config so that Terminal users can use their own config file w/o conflict
• Streamlined report workflow by auto-selecting save/launch options when save location has been set
• Added Nikto component versions sheet view
• For privacy considerations, no longer automatically submits new server types by default
• Removed auto/full controls as these are now redundant in Nikto 2.x
• Fixed error when printing while on tabs other than the Scan tab
• Minor interface tweaks, better error trapping, help and copyright updates

Let me know if you find anything odd or unexpected. Thanks!

Posted by: Lewis Francis at September 19, 2008 11:43 PM

Why do I need to write my password to install it?

Posted by: rod at January 8, 2009 9:57 AM

It's required in order to install the Nikto files at /usr/local/.

Posted by: lewis Francis at January 8, 2009 10:55 AM

Likely the same reason that one needs to enter an admin password to update the database. I would have to question the reason why though. Can't the update files just be placed in the user's home directory insteed of a system folder? Correct me if I'm wrong, but doesn't the command line version for other BSD based systems not require admin privileges just to update. As always keep up the good work Lewis!

Posted by: Mr. Howard R. Hughes, JR. at January 10, 2009 7:32 AM

True, the configuration file can be set to point to a plugins folder in a user's home directory, but then you'd always have to be logged in as that user in order to run the app.

IIRC, the old version of Nikto/MacNikto on Tiger didn't require authentication to update files; when I started working on MacNikto 1.1/Nikto 2.x on Leopard, I found I did. Not sure why; I was more interested in seeing how I could accommodate authentication in Applescript/Xcode than I was in finding out what caused the change in behavior. ;)

Posted by: Lewis Francis at January 11, 2009 5:06 PM

Just a note to say MacNikto appears to work fine under Snow Leopard.

Posted by: Lewis Francis at October 13, 2009 8:57 AM

sir,please update with nikto 2.1 :)

Posted by: bojinov at January 19, 2010 10:03 AM

I've actually created a Nikto 2.1.0 installer that will allow an already installed MacNikto to use the new Nikto scripts and databases -- the only difference is a new MacNikto config file -- however, I've not officially released it because 2.1.1 is due out imminently. If you can't wait, contact me directly and I'll give you the url to the 2.1.0 installer or modified config file if you prefer to install Nikto yourself.

Posted by: Lewis Francis at January 19, 2010 11:31 AM

ANy updates coming for this? Still a great, great tool

Posted by: at January 27, 2010 7:37 PM

Still waiting for Nikto 2.1.1 to drop. As for MacNikto updates, anything I should add?

Posted by: Lewis francis at January 29, 2010 12:06 PM

FYI, it looks like Nikto 2.1.1 was released yesterday.

Posted by: Peter at February 3, 2010 1:45 AM

This is a very nice program! One minor issue: if the scan text file is in a directory with a space in it, the program doesn't run. Looks like the spaces just need to be escaped when the parameters are passed to perl.

Posted by: Micah at February 8, 2010 3:48 PM

Thanks Micah, that issue + support for Nikto 2.1.1 has been added to a new version that's currently in testing -- hope to have it online by the end of the week. Drop me a line at lewis at lewisfrancis dot com if any of you are interested in helping test the next version. Thanks in advance!

Posted by: Lewis Francis at February 11, 2010 12:57 AM

MacNikto 1.1.1 with Nikto 2.1.1 support is now available for download.

Changes:

• Updated to support Nikto 2.1.1 release
• Fixed bug with save locations that included spaces in the file path (thanks, Micah!)
• Minor help tweaks and copyright updates

Let me know if you find anything odd or unexpected. Thanks!

Posted by: Lewis Francis at February 15, 2010 9:44 PM

Just trying MacNikto (v1.1.1).

How do you scan a web site protected by htaccess username and password?

I tried the syntax http://username:[email protected] but MacNikto seems stuck.

Posted by: Thierry Thelliez at March 8, 2010 2:30 PM

Hey Thierry, I used that exact same method last week and it worked fine, although it may well have taken longer than usual -- try letting it run while you work on other tasks.

Posted by: Lewis Francis at March 8, 2010 2:41 PM

A new installer for MacNikto 1.1.1 bundling the recently updated Nikto 2.1.2 is now available for download. No changes to MacNikto itself were necessary.

Check CIRT.net's changelog for a list of Nikto 2.1.2's fixes, optimizations and new features.

As usual, let me know if you find anything odd or unexpected. Thanks!

Posted by: Lewis Francis at July 26, 2010 10:22 PM

Hi thx for your job, could you update your sofware.
Nikto 2.1.4 is release.

Thx and congretulation for all :)

Posted by: it expert at February 20, 2011 6:05 AM

Thanks for the reminder. Looks like just dropping in the 2.1.4 bits doesn't work like it has for previous versions -- scanning functions but exporting reports do not, so it may take a while for me to free up the time to figure out why.

Meanwhile, if you don't need formatted report exporting (you can always copy and paste a scan result from the report field), download Nikto 2.1.4 and copy the new bits over to /usr/local/nikto, making sure to leave the macnikto_config.txt file alone, and, except for the aforementioned report exporting, it should allow you to scan using the newer Nikto build and tests. You can always reinstall the current version of MacNikto if you wish to go back.

Posted by: Lewis Francis at February 23, 2011 11:23 AM

Ok, I think I see what's happening -- Nikto 2.1.4 has deprecated -findonly and has changed the behavior so that one can no longer export reports when the Find Only option is enabled.

Since I'm not sure if this is an intended new behavior of the deprecated feature or a bug, I'm going to post a Nikto Trac ticket before I make any changes to MacNikto.

Those of you who decide to manually update to Nikto 2.1.4 in the meantime, just remember to disable MacNikto's Find Only option to avoid getting the "Reinstall MacNikto" error message.

Posted by: Lewis Francis at February 23, 2011 4:51 PM

I have just updated with nikto 2.1.4 and the text version without exporting reports works fine, although the -C all option doesn't work either

Posted by: NecronoiD at March 1, 2011 5:40 AM

New version shortly, working so far as expected on Leopard and Snow Leopard MacIntels. Need to test Tiger and PPC; Panther doesn't like the installer for some reason so I may let that go.

Posted by: Lewis Francis at March 3, 2011 11:36 PM

MacNikto 1.2 with Nikto 2.1.4 support is now available for download.

Changes:

• Updated to support Nikto 2.1.4 release
• Added support for MSF and NBE export formats introduced in Nikto 2.1.2 and 2.1.3
• As I no longer have machines that can compile to older OSen, MacNikto 1.2 is supported only for Leopard and Snow Leopard Macs (OS X .5-.6)
• Minor help tweaks and copyright updates

As usual, let me know if you find anything odd or unexpected. Thanks!

Posted by: Lewis Francis at March 6, 2011 9:53 PM

MacNikto 1.2 appears to work just fine in Lion (OS X.7) -- let me know of any issues you run across. Cheers!

Posted by: Lewis Francis at July 27, 2011 10:14 PM

I'm unable to install it, after clicking on Install it just ask for the password and then come back to the install screen.

Posted by: Marcelo at November 7, 2011 4:38 PM

Hey Marcelo, sorry I missed your comment -- drop me a line at lewis at lewisfrancis dot com and I'll try to help you figure out what's wrong. It'll be helpful to know what OS and processor type you are trying to install upon.

Posted by: Lewis Francis at January 18, 2012 11:39 PM

Looks like MacNikto works fine with Mountain Lion (OS X.8) -- let me know of any issues you run across.

NOTE to new Mountain Lion users: As the app is unsigned, Mountain Lion's Gatekeeper will not allow you to open the installer unless you disable the security feature either in System Preferences or by opening via right-mouse-clicking on the app and answering the prompt. For more information, refer to this Macworld Gatekeeper article.

Posted by: Lewis Francis at August 14, 2012 3:45 PM

Just uploaded a new installer bundled with Nikto 2.1.5 -- let me know if there are any issues.

Posted by: Lewis Francis at December 20, 2012 6:00 PM

thanks for your work! Will be possible to update it with the latest version of database?

Cheers!

Posted by: Fugitif at April 9, 2013 10:50 AM

MacNikto supports database updating in the Advanced tab. Cheers!

Posted by: Lewis Francis at May 1, 2013 10:14 PM

Name:


Email Address:


URL:

Remember personal info?
YesNo
Comments:

Voigt-Kampf verification (needed to reduce spam):