Web vulnerability Scanner Tool For Kali Linux - NIKTO


Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto allows pentesters, hackers and developers to examine a web server to find potential problems and security vulnerabilities , including:

  • Server and software misconfigurations.
  • Default files and programs.
  • Insecure files and programs.
  • Outdated servers and programs.

There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server.

These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

See the documentation for a full list of features and how to use them.

  • SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s Perl/NetSSL).
  • Full HTTP proxy support.
  • Checks for outdated server components.
  • Save reports in plain text, XML, HTML, NBE or CSV.
  • Template engine to easily customize reports.
  • Scan multiple ports on a server, or multiple servers via input file (including nmap output).
  • LibWhisker’s IDS encoding techniques.
  • Easily updated via command line.
  • Identifies installed software via headers, favicons and files.
  • Host authentication with Basic and NTLM.
  • Subdomain guessing.
  • Apache and cgiwrap username enumeration.
  • Mutation techniques to "fish" for content on web servers.
  • Scan tuning to include or exclude entire classes of vulnerability checks.
  • Guess credentials for authorization realms (including many default id/pw combos).
  • Authorization guessing handles any directory, not just the root directory.
  • Enhanced false positive reduction via multiple methods: headers.
  • page content, and content hashing.
  • Reports "unusual" headers seen.
  • Interactive status, pause and changes to verbosity settings.
  • Save full request/response for positive tests.
  • Replay saved positive requests.
  • Maximum execution time per target.
  • Auto-pause at a specified time.
  • Checks for common "parking" sites.
  • Logging to Metasploit.
  • Thorough documentation.

Nikto Features :-

During web app scanning, different scenarios might be encountered. Nikto supports a wide variety of options that can be implemented during such situations.

The following is an overview of the included options in Nikto:

-Cgidirs: This option is used to scan specified CGI directories. Users can filter "none" or "all" to scan all CGI directories or none. A literal value for a CGI directory such as "/cgi-test/" may also be specified (note that a trailing slash is required). If this is option is not specified, all CGI directories listed in config.txt will be tested.

-config: This option allows the pentester, hacker, or developer to specify an alternative config file to use instead of the config.txt located in the install directory.

-Display: One can control the output that Nikto shows. Reference numbers are used for specification. Multiple numbers may be used as well. The allowed reference numbers can be seen below:

  • Show redirects
  • Show cookies received
  • Show all 200/OK responses
  • Show URLs which require authentication

-evasion: pentesters, hackers and developers are also allowed to specify the Intrusion Detection System evasion technique to use. This option also allows the use of reference numbers to specify the type of technique. Multiple number references may be used:

  • Random URI encoding (non-UTF8)
  • Directory self-reference (/./)
  • Premature URL ending
  • Prepend long random string
  • Fake parameter
  • TAB as request spacer
  • Change the case of the URL
  • Use Windows directory separator (\)

-Format: One might require output/results to be saved to a file after a scan. This option does exactly that.The -o (-output) option is used; however, if not specified, the default will be taken from the file extension specified in the -output option. Valid formats are:

csv – for a comma-separated lists

htm – for an HTML report

txt – for a text report

xml – for an XML report


-host: This option is used to specify host(s) to target for a scan. It can be an IP address, hostname, or text file of hosts.

-id: For websites that require authentication, this option is used to specify the ID and password to use. The usage format is "id:password".

-list-plugins: This option will list all plugins that Nikto can run against targets and then will exit without performing a scan. These can be tuned for a session using the -plugins option.


The output format is:

Plugin name

full name – description

-no404: This option is used to disable 404 (file not found) checking. This reduces the total number of requests made to the web server and may be preferable when checking a server over a slow internet connection or an embedded device. However, this will generally lead to more false positives being discovered.

-plugins: This option allows one to select the plugins that will be run on the specified targets. A comma-separated list should be provided which lists the names of the plugins. The names can be found by using -list-plugins.


There are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run. The default is ALL.

  • -port: This option specifies the TCP port(s) to target. To test more than one port on the same host, one can specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). If not specified, port 80 is used.
  • -Pause: This option can be used to prevent tests from being blocked by a WAF for seeming too suspicious. It defines the seconds to delay between each test.
  • -timeout: It is sometimes helpful to wait before timing out a request. This option specifies the number of seconds to wait. The default timeout is 10 seconds.
  • -useproxy: This option is used in the event that the networks connected to require a proxy. This option asks Nikto to use the HTTP proxy defined in the configuration file.
  • -update: This option updates the plugins and databases directly from cirt.net.


Lets Start with Web vulnerability scanner tool

Step 1 :-You need to type Nikito tool by executing this command in terminal window of kali linux.

Nikito -h

Web vulnerability scanner tool for Kali Linux - NIKTO


Step 2 :- Then Enter your Target Website.

Here I have used "techtrick.in" for demo purpose.

nikito -h www.techtrick.in -Tuning 9

Web vulnerability scanner tool for Kali Linux - NIKTO


For References :-




Thank you for reading this article. Do let me know for any queries in comment section below.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Reader Comments [9]

pokermaret

Good article! We are linking to this great content on our site.
Keep up the good writing.

07-Jul-2019

Reply

login poker88

Hello would you mind stating which blog platform you're working with?
I'm planning to start my own blog in the near future but I'm having a difficult time selecting
between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs and I'm looking for something unique.
P.S Apologies for getting off-topic but I had to ask!

11-Jul-2019

Reply

joker123 apk download

I constantly spent my half an hour to read this webpage's content
all the time along with a cup of coffee.

20-Jul-2019

Reply

ocean king mermaid

Is similar to a towel you'd fold over your when escaping .
of the sauna, only longer as well as shimmery. Don't play on the
site a person never heard about. I love Keanu Reeves, in a manly kind of way.

30-Jul-2019

Reply

qqdewa

I was curious if you ever thought of changing the page layout of your website?
Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could
connect with it better. Youve got an awful lot of text for
only having one or two pictures. Maybe you could space it out better?

13-Aug-2019

Reply

daftar capsa susun

I have been surfing online greater than 3 hours lately,
yet I by no means discovered any interesting article like
yours. It is lovely worth sufficient for me. In my opinion, if all website owners and bloggers made just right content
material as you did, the internet will be much more useful than ever before.

13-Aug-2019

Reply

daftar qqdewa

Hey I know this is off topic but I was wondering if you knew of any widgets
I could add to my blog that automatically tweet my newest
twitter updates. I've been looking for a plug-in like this for quite some time and was hoping maybe you
would have some experience with something like this.

Please let me know if you run into anything. I truly enjoy
reading your blog and I look forward to your new updates.

25-Aug-2019

Reply

ocean king fish market

Researching your niche first is firstly paramount to all your success around the net.
In order to get ranked higher in Google you have a need to
find out how much competition possess to.

26-Aug-2019

Reply

liburpoker agen

Hey! Do you know if they make any plugins to help with Search Engine
Optimization? I'm trying to get my blog to rank for some targeted keywords but I'm not
seeing very good results. If you know of any please share.
Appreciate it!

30-Aug-2019

Reply

Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..