Problem solve Get help with specific problems with your technologies, process and projects.

Screencast: How to use Wikto for Web server assessment

Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool.

Wikto may not test for SQL injections, but it is still an essential tool for penetration testers who are looking for vulnerabilities in their Internet-facing Web servers.

This month, Peter Giannoulis of The demonstrates how Wikto can display the good and bad directories contained on a Web server. Also, see for yourself what other kinds of information can be gathered about a specific website, and which plug-ins will allow you to get the most out of the free tool.


For more information about the tool you've seen here:

Want more screencasts? Make sure to check out our other demonstrations of today's security tools.

Watch in full-screen!

See Peter Gianoullis' Wikto demo in a larger window. 


About the author: 
Peter Giannoulis, GSEC, GCIH, GCIA, GCFA, GCFW, GREM, CISSP, is an information security consultant in Toronto, Ontario. He currently maintains, which provides organizations streaming video on how to configure and troubleshoot many of today's top security products. He also serves as a technical director for GIAC.

This was last published in August 2008

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.