By attempting any of the things listed in this blog post you accept full responsibility for your actions and I will not be held responsible whatsoever. This tutorial is strictly for penetration testers only. Is your site safe on the internet? Are you sure? Let’s make sure you are safe from hackers. Today we’ll divine into a tool which will help us to stay safe. It is a web vulnerability scanner else can be called as a security testing tool that scans web servers for vulnerabilities and other known issues.
It’s written in Perl means it will run on most operating systems with the necessary Perl installed. In this nikto tutorial I will guide you through using it on Ubuntu given that Perl comes already installed in Ubuntu. Beauty of open source right?
It is very straight forward to use Nikto meaning that from a single command you get whether there are vulnerabilities or not. As they say Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. There are two ways to get started.
Install Nikto Kali
Let me show you both ways. You can select whichever way you like. 1st Method Download nikto from the project page. You can list down what are the versions to be downloaded from. Let’s download using wget. Nikto – Help This tutorial would be a good place for you to start. If you like to master nikto use the. Also note that this will run a ton of http requests that URL specified checking more than for 6500 vulnerabities which can be detected by IDS(Intrusion Detection System).
It’s better to have permission to execute tests on a host otherwise you will end up in jail. If you are really interested in this area you might also want to look at which is an integrated penetration testing tool for finding vulnerabilities in web applications. I would like to wrap up the this post with two great quotes on security.
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.” – Kevin Mitnick One more “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier If you have any questions let me know in the comments below. Your feedback is highly appreciated(happy-face).
. Windows (using ActiveState Perl and Strawberry Perl). Some POSIX features, such as interactive commands may not work under Windows. Mac OSX. Various Linux and Unix installations (including RedHat, Solaris, Debian, Ubuntu, BackTrack, etc.) The only required Perl module that does not come standard is LibWhisker. Nikto comes with and is configured to use a local LW.pm file (in the plugins directory).
As of Nikto version 2.1.5, the included LibWhisker differs (slightly) from the standard LibWhisker 2.5 distribution. For SSL support the Net::SSLeay Perl module must be installed. Windows support for SSL is dependent on the installation package, but is rumored to exist for ActiveState's Perl.
For support for logging to Metasploit, the RPC::XML and RPC::XML::Client modules must be installed. Nikto will operate without these modules, but the functionality will not be available. Install These instructions do not include information on installing Perl, Perl Modules, OpenSSL, LibWhisker or any of the utilities that may be needed during installation (such as gzip, tar, etc.). Please see the distributor's documentation for information on how to install and configure those software packages.
Unpack the download file: tar -xvfz nikto-current.tar.gz Assuming a standard OS/Perl installation, Nikto should now be usable. Descargar el libro nacho pdf printer. See Chapter 4 (Options) or Chapter 8 (Troubleshooting) for further configuration information.
Nikto is a web server scanner tool, which performs comprehensive checking against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 700 servers, and version specific problems more than 200 servers. Nikto is built on LibWhisker and can run on any platform which has a Perl environment, and supports SSL, proxies, host authentication, IDS evasion and more. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems.
It is not only designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files.
If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers. To install “Nikto“, # yum install nikto -y After successful installation of Nikto, the most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.3.1 on TCP port 80: # nikto -h 192.168.3.1 If your web server is configured on different port, use -p switch with nikto. # nikto -h 192.168.3.1 -p 443 or # nikto -h https://192.168.3.1:442/.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Install nikto on ubuntu On Ubuntu nikto can be installed directly from synaptic manager.
$ sudo apt-get install nikto Nikto is written in perl, so you need to have perl installed to be able to run it. Install nikto on windows On windows first install the perl interpreter. It can be downloaded from. Download the installer and install perl. Next download nikto and extract the contents of the archive into a directory. Now run from the command prompt like this. C: pentest nikto-2.1.5perl nikto.pl -h example.com The above command actually runs the perl interpreter which loads the nikto.pl source file and runs it with whatever options are provided next to it.
Using Nikto Lets now use nikto on some webserver and see what kind of things it can do. Lets try a test against a certain php+mysql website that is hosted on apache. The actual urls shall not be shown in the output $ nikto -h somesite.org - Nikto v2.1.4 - + Target IP: 208.90.215.95 + Target Hostname: somesite.org + Target Port: 80 + Start Time: 2012-08-11 14:27:31 - + Server: Apache/2.2.22 (FreeBSD) modssl/2.2.22 OpenSSL/1.0.1c DAV/2 + robots.txt contains 4 entries which should be manually viewed. + modssl/2.2.22 appears to be outdated (current is at least 2.8.31) (may depend on server version) + ETag header found on server, inode: 5918348, size: 121, mtime: 0x48fc943691040 + modssl/2.2.22 OpenSSL/1.0.1c DAV/2 - modssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE-2002-0082, OSVDB-756. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more.
Default login to admin interface is admin/phplist + OSVDB-2322: /gallery/search.php?searchstring=alert(document.cookie): Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + OSVDB-7022: /calendar.php?year=alert(document.cookie);&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). + OSVDB-3233: /phpinfo.php: Contains PHP configuration information + OSVDB-3092: /system/: This might be interesting.
+ OSVDB-3092: /template/: This may be interesting as the directory may hold sensitive files or reveal system information. + OSVDB-3092: /updates/: This might be interesting. + OSVDB-3092: /README: README file found. + 6448 items checked: 1 error(s) and 14 item(s) reported on remote host + End Time: 2012-08-11 15:52:57 (5126 seconds) - + 1 host(s) tested $ The output has lots of useful information. Nikto has detected the following: 1. XSS vulnerabilitites. Vulnerable web applications like phplist and gallery.
Information leaking pages. Nikto also provides the osvdb numbers of the issues for further analysis. So overall nikto is a very informative tool.
The next task for a hacker should be to find out how to exploit one of the so many vulnerabilities found out. Most of the tests done by nikto are based on set rules or a dictionary. For example nikto has a list of default directories to look for, list of files to look for. So the entire scanning process just enumerates the presence of predefined urls on the http server. Apart from this nikto also looks into the http headers for additional information and also tests get parameters for xss vulnerabilities. Check the additional options supported by nikto using the help switch as follows:# nikto -Help Analysing nikto To understand how nikto works and discovers vulnerabilities we can analyse it further. Nikto has an option to use an http proxy.
So by using a tool that can intercept the http requests and show them in proper format, we can analyse the queries made by nikto. One such tool is burp suite.
It has an integrated http proxy. It has a free edition that we are going to use. Download free edition of burp suite from Burp suite is written in java, so the JRE is needed to run it. On ubuntu it can be installed from synaptic package manager. Start the burp suite and go to proxy tab.
![]()
The proxy tab has 3 sub tabs namely: intercept, options and history. In the intercept tab turn intercept off. Otherwise burp suite will ask for a confirmation before allowing each request. Then go to the history tab.
The history tab will show us all requests that nikto shall be making. Next we need to tell nikto to use the proxy server. The command to use proxy would be $ nikto -host www.binarytides.com -useproxy Here is a screenshot of how the burp suite would show the requests. Burp suite provides a bunch of information, like the request, response, headers etc.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |