Sunday, July 5, 22:08
Home security Nikto: How to find web vulnerabilities with the open source tool

Nikto: How to find web vulnerabilities with the open source tool

One of the first steps of one ethical hacker ή penetration tester when testing a web application, it is to identify the vulnerabilities associated with it. One of the tools for this purpose is the well known Nikto.

Nikto is a very simple one, . a tool written in Perl language and its purpose is to check a website (ie a web application) for security vulnerabilities. As a result, it returns the vulnerabilities that an attacker can exploit and trash it. website.

Although very simple to use, it is a tool that can be detected, since any website that uses an Intrusion Detection System (IDS) will be able to detect it.

How to install it

As you can imagine, Nikto is pre-installed on Kali Linux so you won't need to download or install it. You will find it in the "Vulnerability Analysis" category.

Ubuntu & Debian

Install Nikto on Ubuntu by running the following commands in a terminal. :

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nikto -y

Windows

Follow the procedure below to install Nikto in an environment Windows:

  1. Install the perl interpreter from here.
  2. Download it Nikto's compressed folder.
  3. Extract the contents of the folder from step 2. at the location of your choice.
  4. Open a command prompt with administrator permissions.
  5. To check that Perl is installed correctly, run perl -v

vulnerabilities

  1. Then browse to Nikto's site (Step 3) and
  2. Run the following command to start the scan: perl nikto.pl -h www.site.com

How to use it

To see the available parameters that we can use with Nikto, just open a terminal and type nikto –help. The result of the command is shown below:

root @ kali: ~ # nikto –help
Unknown option: help -config + Use this config file
-Display + Turn on / off display outputs
-dbcheck check database and other key files for syntax errors
-Format + save file (-o) format
-Help Extended help information
-host + target host / URL
-id + Host authentication to use, format is id: pass or id: pass: realm
-list-plugins List all available plugins
-output + Write output to this file
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins + List of plugins to run (default: ALL)
-port + Port to use (default 80)
-root + Prepend root value to all requests, format is / directory
-ssl Force ssl mode on port
-Tuning + Scan tuning
-timeout + Timeout for requests (default 10 seconds)
-update Update databases and plugins from CIRT.net
-Version Print plugin and database versions
-vhost + Virtual host (for Host header)
+ requires a valueNote: This is the short help output. Use -H for full help text.

In the examples below, we ran Nikto scans on a site we use for testing purposes (IP: 192.168.142.130).

nikto -h <IP or hostname>

We see the vulnerabilities that Nikto returns to the screen below.

Nobody

nikto -h <IP or hostname> -ssl

In the above command we selected the parameter -ssl to perform the scan for the 443 (HTTPS) door.

vulnerabilities

Nikto enables us to run a scan to check for a specific vulnerability. The different types of vulnerabilities we can include in our controls are:

0 - File Upload

1 - Interesting File / Seen in logs

2 - Misconfiguration / Default File

3 - Information Disclosure

4 - Injection (XSS / Script / HTML)

5 - Remote File Retrieval - Inside Web Root

6 - Denial of Service

7 - Remote File Retrieval - Server Wide

8 - Command Execution / Remote Shell

9 - SQL Injection

a - Bypass Authentication

b - Software Identification

c - Remote Source Inclusion

The Tuning x option allows us to reverse our choice and check for all other vulnerabilities except the one we set. B.C.:

nikto -Tuning x 6 <IP or hostname>

The different formats we can use to store scan results are:

  • csv - Comma-separated-value
  • htm - HTML Format
  • msf + - Log to Metasploit
  • nbe - Nessus NBE format
  • txt - Plain text (default if not specified)
  • xml - XML ​​Format

So the following command will save the results of our scan to an xml file:

nikto -h <IP or hostname> -o results.xml

Another option we can use is anonymous scanning. This will be done by redirecting the web traffic to make it through proxy. First we need to modify the nikto config file by running the following command:

Nano /etc/nikto/config.txt

Going to the proxy settings we need to update the values ​​accordingly (proxy IP address and door):

# Proxy settings - still must be enabled by -useproxy
PROXYHOST = address_IP_proxy
PROXYPORT = door_number

We can now run our scan anonymously with the following command:

nikto -useproxy -h <IP or hostname>

How did Nikto look to you? Will you use it? We look forward to your comments ...

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

Bitcoin scam attracts people with "bait" celebrities!

A bitcoin multi-stage scam exposed and used personally identifiable information (PII) to deceive users by prompting them to sign up for a ...

iPhone: What to do to boost your security?

One of the most important features of iOS is security. Rarely does a malicious application pass to ...

COVID-19: New research looks for antibodies in blood donors

The American Red Cross is examining the blood that has come from donations, and is looking for COVID-19 antibodies that will give it ...

Digital Transformation and Business: What Does Its Failure Mean?

Digital transformation is usually a way for businesses to outperform their competitors and get rid of methods that ...

Covaxin: India releases COVID-19 vaccine in August

The whole planet is waiting for the release of the vaccine for coronavirus, while clinical trials have begun in many countries around the world ....

iOS 13.5.1: iPhone users report battery issues

Have you noticed any changes to your iPhone lately? Maybe, for example, the battery runs out quickly ...

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.
00:03:03

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...