Sunday, September 20, 03:33
Home security Nikto: How to find web vulnerabilities with the open source tool

Nikto: How to find web vulnerabilities with the open source tool

One of the first steps of one ethical hacker ή penetration tester when testing a web application, it is to identify the vulnerabilities associated with it. One of the tools for this purpose is the well known Nikto.

Nikto is a very simple one, . a tool written in Perl language and its purpose is to check a website (ie a web application) for security vulnerabilities. As a result, it returns the vulnerabilities that an attacker can exploit and trash it. website.

Although very simple to use, it is a tool that can be detected, since any website that uses an Intrusion Detection System (IDS) will be able to detect it.

How to install it

As you can imagine, Nikto is pre-installed on Kali Linux so you won't need to download or install it. You will find it in the "Vulnerability Analysis" category.

Ubuntu & Debian

Install Nikto on Ubuntu by running the following commands in a terminal. :

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nikto -y

Windows

Follow the procedure below to install Nikto in an environment Windows:

  1. Install the perl interpreter from here.
  2. Download it Nikto's compressed folder.
  3. Extract the contents of the folder from step 2. at the location of your choice.
  4. Open a command prompt with administrator permissions.
  5. To check that Perl is installed correctly, run perl -v

vulnerabilities

  1. Then browse to Nikto's site (Step 3) and
  2. Run the following command to start the scan: perl nikto.pl -h www.site.com

How to use it

To see the available parameters that we can use with Nikto, just open a terminal and type nikto –help. The result of the command is shown below:

root @ kali: ~ # nikto –help
Unknown option: help -config + Use this config file
-Display + Turn on / off display outputs
-dbcheck check database and other key files for syntax errors
-Format + save file (-o) format
-Help Extended help information
-host + target host / URL
-id + Host authentication to use, format is id: pass or id: pass: realm
-list-plugins List all available plugins
-output + Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins + List of plugins to run (default: ALL)
-port + Port to use (default 80)
-root + Prepend root value to all requests, format is / directory
-ssl Force ssl mode on port
-Tuning + Scan tuning
-timeout + Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost + Virtual host (for Host header)
+ requires a valueNote: This is the short help output. Use -H for full help text.

In the examples below, we ran Nikto scans on a site we use for testing purposes (IP: 192.168.142.130).

nikto -h <IP or hostname>

We see the vulnerabilities that Nikto returns to the screen below.

Nobody

nikto -h <IP or hostname> -ssl

In the above command we selected the parameter -ssl to perform the scan for the 443 (HTTPS) door.

vulnerabilities

Nikto enables us to run a scan to check for a specific vulnerability. The different types of vulnerabilities we can include in our controls are:

0 - File Upload

1 - Interesting File / Seen in logs

2 - Misconfiguration / Default File

3 - Information Disclosure

4 - Injection (XSS / Script / HTML)

5 - Remote File Retrieval - Inside Web Root

6 - Denial of Service

7 - Remote File Retrieval - Server Wide

8 - Command Execution / Remote Shell

9 - SQL Injection

a - Bypass Authentication

b - Software Identification

c - Remote Source Inclusion

The Tuning x option allows us to reverse our choice and check for all other vulnerabilities except the one we set. B.C.:

nikto -Tuning x 6 <IP or hostname>

The different formats we can use to store scan results are:

  • csv - Comma-separated-value
  • htm - HTML Format
  • msf + - Log to Metasploit
  • nbe - Nessus NBE format
  • txt - Plain text (default if not specified)
  • xml - XML ​​Format

So the following command will save the results of our scan to an xml file:

nikto -h <IP or hostname> -o results.xml

Another option we can use is anonymous scanning. This will be done by redirecting the web traffic to make it through proxy. First we need to modify the nikto config file by running the following command:

Nano /etc/nikto/config.txt

Going to the proxy settings we need to update the values ​​accordingly (proxy IP address and door):

# Proxy settings - still must be enabled by -useproxy
PROXYHOST = address_IP_proxy
PROXYPORT = door_number

We can now run our scan anonymously with the following command:

nikto -useproxy -h <IP or hostname>

How did Nikto look to you? Will you use it? We look forward to your comments ...

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

The Windows 10 Android streaming app is available on some devices

Last month, Microsoft announced that Samsung Galaxy smartphones will be able to stream from Android apps to Windows ...

Hackers throw dimokratianews.gr because he insulted Erdogan!

Hacker dimokratianews.gr _ The website dimokratianews.gr was hacked by Turkish hackers because it published a news headline that the Turkish government said offended ...

How to control your data consumption on Android!

Most people need to keep a close eye on data consumption to avoid any surprises in their account. So it is very important ...

What technological innovations determine the future of cybersecurity?

The advancement of technology beyond the facilities it offers, increasing both the speed and the quality of safety performance, ...

Microsoft Outlook: How to block emails from specific senders?

Have you ever received emails from people you do not want? If so, Microsoft ...

US: Department of Commerce abolishes TikTok on September 20th

As announced today by the US Department of Commerce, it will proceed to ban the download of the popular Chinese application TikTok and WeChat, ...

Group Tabs: Chrome will automatically create group Tabs

Google wants to rid users of manually creating tabs from users, so the Chromium team is testing it ...

Pinephone: The version with Manjaro Linux is now available for preorder

A few hours earlier, PINE64 announced that the new Pinephone 'Manjaro Community Edition' is now available for ...

Error allows remote code to run on Apple devices

Bugs found on iPhone, iPad and iPod have been fixed by Apple through new updates for iOS systems ...

The CEO of cyber fraud company NS8 has been arrested for fraud

The CEO of the NS8 cyber fraud company has been arrested and charged with defrauding the company's investors.