Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Nikto allows pentesters, hackers and developers to examine a web server to find potential problems and security vulnerabilities , including:
There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server.
These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.
See the documentation for a full list of features and how to use them.
During web app scanning, different scenarios might be encountered. Nikto supports a wide variety of options that can be implemented during such situations.
The following is an overview of the included options in Nikto:
-Cgidirs: This option is used to scan specified CGI directories. Users can filter "none" or "all" to scan all CGI directories or none. A literal value for a CGI directory such as "/cgi-test/" may also be specified (note that a trailing slash is required). If this is option is not specified, all CGI directories listed in config.txt will be tested.
-config: This option allows the pentester, hacker, or developer to specify an alternative config file to use instead of the config.txt located in the install directory.
-Display: One can control the output that Nikto shows. Reference numbers are used for specification. Multiple numbers may be used as well. The allowed reference numbers can be seen below:
-evasion: pentesters, hackers and developers are also allowed to specify the Intrusion Detection System evasion technique to use. This option also allows the use of reference numbers to specify the type of technique. Multiple number references may be used:
-Format: One might require output/results to be saved to a file after a scan. This option does exactly that.The -o (-output) option is used; however, if not specified, the default will be taken from the file extension specified in the -output option. Valid formats are:
csv – for a comma-separated lists
htm – for an HTML report
txt – for a text report
xml – for an XML report
-host: This option is used to specify host(s) to target for a scan. It can be an IP address, hostname, or text file of hosts.
-id: For websites that require authentication, this option is used to specify the ID and password to use. The usage format is "id:password".
-list-plugins: This option will list all plugins that Nikto can run against targets and then will exit without performing a scan. These can be tuned for a session using the -plugins option.
Plugin name
full name – description
-no404: This option is used to disable 404 (file not found) checking. This reduces the total number of requests made to the web server and may be preferable when checking a server over a slow internet connection or an embedded device. However, this will generally lead to more false positives being discovered.
-plugins: This option allows one to select the plugins that will be run on the specified targets. A comma-separated list should be provided which lists the names of the plugins. The names can be found by using -list-plugins.
There are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run. The default is ALL.
Step 1 :-You need to type Nikito tool by executing this command in terminal window of kali linux.
Nikito -h
Step 2 :- Then Enter your Target Website.
Here I have used "techtrick.in" for demo purpose.
nikito -h www.techtrick.in -Tuning 9
ocean king mermaid
Is similar to a towel you'd fold over your when escaping .
of the sauna, only longer as well as shimmery. Don't play on the
site a person never heard about. I love Keanu Reeves, in a manly kind of way.
30-Jul-2019
qqdewa
I was curious if you ever thought of changing the page layout of your website?
Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could
connect with it better. Youve got an awful lot of text for
only having one or two pictures. Maybe you could space it out better?
13-Aug-2019
daftar capsa susun
I have been surfing online greater than 3 hours lately,
yet I by no means discovered any interesting article like
yours. It is lovely worth sufficient for me. In my opinion, if all website owners and bloggers made just right content
material as you did, the internet will be much more useful than ever before.
13-Aug-2019
daftar qqdewa
Hey I know this is off topic but I was wondering if you knew of any widgets
I could add to my blog that automatically tweet my newest
twitter updates. I've been looking for a plug-in like this for quite some time and was hoping maybe you
would have some experience with something like this.
Please let me know if you run into anything. I truly enjoy
reading your blog and I look forward to your new updates.
25-Aug-2019
ocean king fish market
Researching your niche first is firstly paramount to all your success around the net.
In order to get ranked higher in Google you have a need to
find out how much competition possess to.
26-Aug-2019
Fred
What's up every one, here every one is sharing these knowledge, so it's good to
read this webpage, and I used to go to see this blog all the time.
14-Jan-2020