sullo
commented
8 years ago Sorry for the delay, but this falls into the realm of a crawling web security tool, which Nikto isn't. There are some checks for backup files in the db_tests but they are not based on the files actually seen on the server at this point.
Hello, I miss a functionality in nikto. For example when a page is written in PHP and we know the file is config.php, nikto should try config.php~, config.php.old (and more).
What do you think about this?
Regards,