Nikto : tool to scan the security of a web server

By Anonymous -
Nikto : is a free tool and open-source code in Perl language, which can scan a web server and display all potential vulnerabilities.

nikto

Nikto is one of the tools in the embedded Kali Linux distribution.
 

 Nikto : tool to scan the security of a web server

During scanning, Nikto is able to:

  •      Check if the server version is obsolete and the software and modules that are used by it.
  •      Scanner directories, which may contain sensitive information,
  •      Testing nearly 6,000 vulnerable files / CGI,
  •      Moreover, Nikto supports SSL connections.

Installing Nikto

Archlinux / Manjaro :

yaourt -S nikto 

Ubuntu / Linux Mint : 

sudo apt-get install nikto
 

Using Nikto

current use :

  • To launch a Simple scan:

      nikto -h [URL] 

[URL]= l’url de votre choix. A savoir, par défaut Nikto scanne sur le port 80. 

  • Scan on port 443:  

nikto -h [URL] -p 443

ou

nikto -h https://[URL]:443/
  • Scan on multiple ports at the same time:
nikto -h [URL] -p 20,21,25,443

Use behind a proxy:

To use Nikto behind a proxy, you must edit your configuration file:

  • Archlinux / Manjaro:
sudo nano /usr/share/nikto/nikto.conf
  • Ubuntu /Linux Mint :
sudo nano /etc/nikto/config.conf 

Specify the proxy:

# Proxy settings -- still must be enabled by -useproxy
PROXYHOST=proxy.domaine.tld
PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword
 
 
 
ProxyHost: URL or proxy server IP
ProxyPort: the proxy port
Proxyuser: the user if necessary
ProxyPass: the user's password if needed
 
 

  • Use Nikto behind a proxy:
    nikto  -h [URL] -useproxy

  •  A little more complex example:
nikto -h http://[URL]:443/ -F txt -o scan.txt -useproxy
 
 
Nikto will scan the URL on port 443 via a proxy and send the result to the scan.txt file.
 

conclusion


Nikto is a handy program to scan for security vulnerabilities in your web server and its performance is fast enough (depending on the host hardware architecture).
BHowever, beware of crafty who would use Nikto to scanner friends web sites to make them a bad joke by detecting one or more security vulnerabilities on their websites, Nikto is discoverable in the logs and obviously with the IP of the person who scans 
 
 
 
 

Comments

Post a Comment

Ask me anything here...

Popular posts from this blog

Gove confirms mandatory housebuilding targets for councils will be abolished in face of Tory rebellion – UK politics live

By Anonymous -
Levelling up secretary confirms government will change levelling up bill after number of Tory MPs tabled rebel amendment Starmer is now taking questions. Q: [Beth Rigby from Sky] When people are struggling with the cost of living, you are talking about constitutional issues. This might look to people as if you are out of touch. Are you talking to Westminster about stuff that won’t happen. What in this will improve people’s lives from day one of a Labour government? When you come to the next election, it may be that the Scottish National party will have a one-line manifesto and want a one-issue general election. But we have done a huge amount of research on Scottish public opinion and people want a better health service immediately, people want living standards improved immediately, people want jobs for young people immediately, people want better housing immediately and people of course want change in the way that we are suggesting immediately. People up and down this country are cryin...
Read more

Kotak Mahindra Bank Recruitment 2022 Released for Graduate Candidates And Apply Online

By Anonymous -
Image
Kotak Mahindra Bank Recruitment 2022 Released for Graduate Candidates And Apply Online Kotak Mahindra Bank Recruitment 2022 Released for Fresher & Graduate Candidates. The Kotak Mahindra Bank has released latest notification for the post of Asst Acquisition Manager on the Official Website. Any Interested candidates can apply to Kotak Mahindra bank for the post of Asst Acquisition Manager. Kotak Mahindra Bank Recruitment 2022 Kotak Mahindra Bank Recruitment Details 2022 Organisation - Kotak Mahindra Bank Post Name - Asst Acquisition Manager Apply Starting Date - 16.05.2022 Last Date to Apply - 30.06.2022 Mode of Apply - Only Online Status - Job Notification Released Job Role For Kotak Mahindra Bank Recruitment 2022: Acquisition of a new client (NTB) through external personal efforts for the bank's current account, savings account products. Getting customers from individuals, small businesses, trusts, associations, societies, corporates. Revenue generation, customer acquisition, ...
Read more