Yesterday, we took a look at a web application security testing tool, and there are many other tools like it available both for a fee and for free. But there are not many tools available that actually test the web server itself and even fewer that are designed to test a Windows server.
Wikto, which apparently borrowed its name from Nikto (a Unix-based assessment tool), is a free and open source windows-based web scanner that searches a windows server environment for potential security issues. Unlike web application scanners that focus on the scripting code, Wikto looks at the web server setup and searches for security problems.
Wikto relies on the .NET environment, and you will need to have .NET installed in order to use it. Full documentation is available on the project’s website. You can download it for free from their website as well.