Certified Ethical Hacker (CEH v10) — Question 98

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Answer options

• A. Armitage
• B. Nikto
• C. Metasploit
• D. Nmap

Correct answer: B

Explanation

The correct answer is B, Nikto, as it is specifically designed to identify vulnerabilities and misconfigurations in web servers. While Metasploit (C) is a powerful exploitation framework, it does not primarily focus on scanning for misconfigurations. Armitage (A) is a graphical interface for Metasploit, and Nmap (D) is used for network scanning, not specifically for web application vulnerabilities.