Wikto, which apparently borrowed its name from Nikto (a Unix-based assessment tool), is a free and open source windows-based web scanner that searches a windows server environment for potential security issues. Unlike web application scanners that focus on the scripting code, Wikto looks at the web server setup and searches for security problems.
Features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework.
Wikto may not test for SQL injections, but it is still an essential tool for penetration testers who are looking for vulnerabilities in their Internet-facing Web servers.