One of the first steps of one ethical hacker ή penetration tester when testing a web application, it is to identify the vulnerabilities associated with it. One of the tools for this purpose is the well known Nikto.
Nikto is a very simple one, . a tool written in Perl language and its purpose is to check a website (ie a web application) for security vulnerabilities. As a result, it returns the vulnerabilities that an attacker can exploit and trash it. website.
Although very simple to use, it is a tool that can be detected, since any website that uses an Intrusion Detection System (IDS) will be able to detect it.
How to install it
As you can imagine, Nikto is pre-installed on Kali Linux so you won't need to download or install it. You will find it in the "Vulnerability Analysis" category.
Ubuntu & Debian
Install Nikto on Ubuntu by running the following commands in a terminal. :
|sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nikto -y
Follow the procedure below to install Nikto in an environment Windows:
- Install the perl interpreter from here.
- Download it Nikto's compressed folder.
- Extract the contents of the folder from step 2. at the location of your choice.
- Open a command prompt with administrator permissions.
- To check that Perl is installed correctly, run perl -v
- Then browse to Nikto's site (Step 3) and
- Run the following command to start the scan: perl nikto.pl -h www.site.com
How to use it
To see the available parameters that we can use with Nikto, just open a terminal and type nikto –help. The result of the command is shown below:
|root @ kali: ~ # nikto –help
Unknown option: help -config + Use this config file
-Display + Turn on / off display outputs
-dbcheck check database and other key files for syntax errors
-Format + save file (-o) format
-Help Extended help information
-host + target host / URL
-id + Host authentication to use, format is id: pass or id: pass: realm
-list-plugins List all available plugins
-output + Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins + List of plugins to run (default: ALL)
-port + Port to use (default 80)
-root + Prepend root value to all requests, format is / directory
-ssl Force ssl mode on port
-Tuning + Scan tuning
-timeout + Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost + Virtual host (for Host header)
+ requires a valueNote: This is the short help output. Use -H for full help text.
In the examples below, we ran Nikto scans on a site we use for testing purposes (IP: 192.168.142.130).
|nikto -h <IP or hostname>|
We see the vulnerabilities that Nikto returns to the screen below.
|nikto -h <IP or hostname> -ssl|
In the above command we selected the parameter -ssl to perform the scan for the 443 (HTTPS) door.
Nikto enables us to run a scan to check for a specific vulnerability. The different types of vulnerabilities we can include in our controls are:
0 - File Upload
1 - Interesting File / Seen in logs
2 - Misconfiguration / Default File
3 - Information Disclosure
4 - Injection (XSS / Script / HTML)
5 - Remote File Retrieval - Inside Web Root
6 - Denial of Service
7 - Remote File Retrieval - Server Wide
8 - Command Execution / Remote Shell
9 - SQL Injection
a - Bypass Authentication
b - Software Identification
c - Remote Source Inclusion
The Tuning x option allows us to reverse our choice and check for all other vulnerabilities except the one we set. B.C.:
|nikto -Tuning x 6 <IP or hostname>|
The different formats we can use to store scan results are:
- csv - Comma-separated-value
- htm - HTML Format
- msf + - Log to Metasploit
- nbe - Nessus NBE format
- txt - Plain text (default if not specified)
- xml - XML Format
So the following command will save the results of our scan to an xml file:
|nikto -h <IP or hostname> -o results.xml|
Another option we can use is anonymous scanning. This will be done by redirecting the web traffic to make it through proxy. First we need to modify the nikto config file by running the following command:
Going to the proxy settings we need to update the values accordingly (proxy IP address and door):
|# Proxy settings - still must be enabled by -useproxy
PROXYHOST = address_IP_proxy
PROXYPORT = door_number
We can now run our scan anonymously with the following command:
|nikto -useproxy -h <IP or hostname>|
How did Nikto look to you? Will you use it? We look forward to your comments ...