Web vulnerability Scanner Tool For Kali Linux - NIKTO

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto allows pentesters, hackers and developers to examine a web server to find potential problems and security vulnerabilities , including:

• Server and software misconfigurations.
• Default files and programs.
• Insecure files and programs.
• Outdated servers and programs.

There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server.

These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

See the documentation for a full list of features and how to use them.

• SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s Perl/NetSSL).
• Full HTTP proxy support.
• Checks for outdated server components.
• Save reports in plain text, XML, HTML, NBE or CSV.
• Template engine to easily customize reports.
• Scan multiple ports on a server, or multiple servers via input file (including nmap output).
• LibWhisker’s IDS encoding techniques.
• Easily updated via command line.
• Identifies installed software via headers, favicons and files.
• Host authentication with Basic and NTLM.
• Subdomain guessing.
• Apache and cgiwrap username enumeration.
• Mutation techniques to "fish" for content on web servers.
• Scan tuning to include or exclude entire classes of vulnerability checks.
• Guess credentials for authorization realms (including many default id/pw combos).
• Authorization guessing handles any directory, not just the root directory.
• Enhanced false positive reduction via multiple methods: headers.
• page content, and content hashing.
• Reports "unusual" headers seen.
• Interactive status, pause and changes to verbosity settings.
• Save full request/response for positive tests.
• Replay saved positive requests.
• Maximum execution time per target.
• Auto-pause at a specified time.
• Checks for common "parking" sites.
• Logging to Metasploit.
• Thorough documentation.

Nikto Features :-

During web app scanning, different scenarios might be encountered. Nikto supports a wide variety of options that can be implemented during such situations.

The following is an overview of the included options in Nikto:

-Cgidirs: This option is used to scan specified CGI directories. Users can filter "none" or "all" to scan all CGI directories or none. A literal value for a CGI directory such as "/cgi-test/" may also be specified (note that a trailing slash is required). If this is option is not specified, all CGI directories listed in config.txt will be tested.

-config: This option allows the pentester, hacker, or developer to specify an alternative config file to use instead of the config.txt located in the install directory.

-Display: One can control the output that Nikto shows. Reference numbers are used for specification. Multiple numbers may be used as well. The allowed reference numbers can be seen below:

• Show redirects
• Show cookies received
• Show all 200/OK responses
• Show URLs which require authentication

-evasion: pentesters, hackers and developers are also allowed to specify the Intrusion Detection System evasion technique to use. This option also allows the use of reference numbers to specify the type of technique. Multiple number references may be used:

• Random URI encoding (non-UTF8)
• Directory self-reference (/./)
• Premature URL ending
• Prepend long random string
• Fake parameter
• TAB as request spacer
• Change the case of the URL
• Use Windows directory separator (\)

-Format: One might require output/results to be saved to a file after a scan. This option does exactly that.The -o (-output) option is used; however, if not specified, the default will be taken from the file extension specified in the -output option. Valid formats are:

csv – for a comma-separated lists

htm – for an HTML report

txt – for a text report

xml – for an XML report

-host: This option is used to specify host(s) to target for a scan. It can be an IP address, hostname, or text file of hosts.

-id: For websites that require authentication, this option is used to specify the ID and password to use. The usage format is "id:password".

-list-plugins: This option will list all plugins that Nikto can run against targets and then will exit without performing a scan. These can be tuned for a session using the -plugins option.

The output format is:

Plugin name

full name – description

-no404: This option is used to disable 404 (file not found) checking. This reduces the total number of requests made to the web server and may be preferable when checking a server over a slow internet connection or an embedded device. However, this will generally lead to more false positives being discovered.

-plugins: This option allows one to select the plugins that will be run on the specified targets. A comma-separated list should be provided which lists the names of the plugins. The names can be found by using -list-plugins.

There are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run. The default is ALL.

• -port: This option specifies the TCP port(s) to target. To test more than one port on the same host, one can specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). If not specified, port 80 is used.
• -Pause: This option can be used to prevent tests from being blocked by a WAF for seeming too suspicious. It defines the seconds to delay between each test.
• -timeout: It is sometimes helpful to wait before timing out a request. This option specifies the number of seconds to wait. The default timeout is 10 seconds.
• -useproxy: This option is used in the event that the networks connected to require a proxy. This option asks Nikto to use the HTTP proxy defined in the configuration file.
• -update: This option updates the plugins and databases directly from cirt.net.

Lets Start with Web vulnerability scanner tool

Step 1 :-You need to type Nikito tool by executing this command in terminal window of kali linux.

Nikito -h

Step 2 :- Then Enter your Target Website.

Here I have used "techtrick.in" for demo purpose.

nikito -h www.techtrick.in -Tuning 9

Thank you for reading this article. Do let me know for any queries in comment section below.