Installing and using Nikto

What is Nikto?

niktoNikto is a popular Open Source web server scanner primarily designed to run on a Linux Operating System and can be used to perform a number of security audits across all the popular web servers available today.  Nikto tests servers for over 6700 potentially dangerous files and or programs, checks for outdated versions of over 1250 servers and version specific problems on over 270 servers.

Nikto will also check for server configuration items such as the presence of multiple index files, HTTP server options as well as attempting to try and identify installed web servers and software.

Nikto, however is not designed as a stealthy tool, if you are using this tool to test web servers it will likely flag up on any IDS/IPS system installed. It will, however test a web server in the quickest time possible. If you do want to try and run it and avoid IDS systems there is support for LibWhisker’s anti-IDS methods in case you want to give it a try.

Features

Here are some of the major features of Nikto. See the documentation for a full list of features and how to use them.

  • SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
    Perl/NetSSL)
  • Full HTTP proxy support
  • Checks for outdated server components
  • Save reports in plain text, XML, HTML, NBE or CSV
  • Template engine to easily customize reports
  • Scan multiple ports on a server, or multiple servers via input file (including nmap output)
  • Easily updated via command line
  • Identifies installed software via headers, favicons and files
  • Host authentication with Basic and NTLM
  • Subdomain guessing
  • Apache and cgiwrap username enumeration
  • Mutation techniques to “fish” for content on web servers
  • Scan tuning to include or exclude entire classes of vulnerability
    checks
  • Guess credentials for authorization realms (including many default id/pw combos)
  • Authorization guessing handles any directory, not just the root
    directory
  • Enhanced false positive reduction via multiple methods: headers,
    page content, and content hashing
  • Reports “unusual” headers seen
  • Interactive status, pause and changes to verbosity settings
  • Save full request/response for positive tests
  • Replay saved positive requests
  • Maximum execution time per target
  • Auto-pause at a specified time
  • Checks for common “parking” sites
  • Logging toMetasploit

Installing Nikto

Nikto is simple to install and get running and can be done within a few minutes once logged into a Linux box.  The following instructions were performed on a Fedora 22 distribution.  If your distribution doesn’t have this in their repos, you can download the package from: https://github.com/sullo/nikto/archive/master.zip

sudo dnf install nikto –y

Using Nikto

Running Nikto is as simple as installing it, simply run ‘nikto’ without the quotes and without any parameters will display the comprehensive help as shown below:

nikto
- Nikto v2.1.6
---------------------------------------------------------------------------

       -config+            Use this config file
       -Display+           Turn on/off display outputs
       -dbcheck            check database and other key files for syntax errors
       -Format+            save file (-o) format
       -Help               Extended help information
       -host+              target host
       -id+                Host authentication to use, format is id:pass or id:pass:realm
       -list-plugins       List all available plugins
       -output+            Write output to this file
       -nossl              Disables using SSL
       -no404              Disables 404 checks
       -Plugins+           List of plugins to run (default: ALL)
       -port+              Port to use (default 80)
       -root+              Prepend root value to all requests, format is /directory
       -ssl                Force ssl mode on port
       -Tuning+            Scan tuning
       -timeout+           Timeout for requests (default 10 seconds)
       -update             Update databases and plugins from CIRT.net
       -Version            Print plugin and database versions
       -vhost+             Virtual host (for Host header)
       + requires a value

 

       Note: This is the short help output. Use -H for full help text.

Example scan

An example of running nikto in its most basic form would be as follows:

nikto –h www.domainname.com

Going from here

I encourage you to play with Nikto and try all the options (on your own hosts!!), this is a great tool to use when performing security assessments especially when you find a web server which is within the scope of your test.

Previous Post
The LastPass hack
Next Post
Smartwatches – how safe are they?

Related Posts

No results found

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

3 × 5 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Menu