- Joined
- Dec 3, 2020
- Messages
- 2,270
Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes standard as a tool with Kali Linux and should be your first choice when pen testing webservers and web applications. Nikto is scanning for 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers according to the official Nikto website. You should know that Nikto is not designed as a stealthy tool and scans the target in the fastest way possible which makes the scanning process very obvious in the log files of an intrusion detection systems (IDS).
Nikto comes with the following features:
Features
These are some of the major features in the current version:
0 – File Upload
1 – Interesting File / Seen in logs
2 – Misconfiguration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service
7 – Remote File Retrieval – Server Wide
8 – Command Execution / Remote Shell
9 – SQL Injection
a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options (i.e., include all except specified)
Nikto has it’s own updating mechanism. We encourage you to check for updates before using Nikto. Nikto can be updated using the following command:
nikto -update
Scanning webservers with Nikto
Let’s start Nikto to scan for interesting files with option 1 using the following command:
nikto -host [hostname or IP]-Tuning 1
Please not that may be illegal and punishable by law to scan hosts without written permission. Do not use nikto on HackingTutorials.org but use Virtual machines for practice and test purposes.
Nikto will now display the Apache, OpenSSL and PHP version of the targeted webserver. Also it will give you an overview of possible vulnerabilities including the Open Source Vulnerabilities Database (OSVDB) reference. When you search the OSVDB website for the reference code it will explain the possible vulnerability in more detail. The OSVDB project currently covers more than 120,980 vulnerabilities, spanning 198,973 products from 4,735 researchers, over 113 years.
Running all Nikto scans against a host
To run all scans against a particular host you can use the following command:
nikto -host [hostname or IP]
Running all scans will take a lot of time to complete.
Running Nikto against multiple hosts
Nikto offers several options to test multiple hosts:
Another solution is to pipe the Nmap output to Nikto. Nmap will output the valid hosts to Nikto and Nikto will run the selected scans against these hosts. The following command will run a Nmap scan on host 192.168.0.0 – 192.168.0.24 using a grepable output which is defined by the -oG- flag:
nmap -p80 192.168.0.0/24 -oG – | nikto -h –
Please note that you should use a dash (-) for Nikto’s host option to use the hosts supplied by Nmap.
Nikto comes with the following features:
Features
These are some of the major features in the current version:
- SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
Perl/NetSSL) - Full HTTP proxy support
- Checks for outdated server components
- Save reports in plain text, XML, HTML, NBE or CSV
- Template engine to easily customize reports
- Scan multiple ports on a server, or multiple servers via input file (including nmap output)
- LibWhisker’s IDS encoding techniques
- Easily updated via command line
- Identifies installed software via headers, favicons and files
- Host authentication with Basic and NTLM
- Subdomain guessing
- Apache and cgiwrap username enumeration
- Mutation techniques to “fish” for content on web servers
- Scan tuning to include or exclude entire classes of vulnerability
checks - Guess credentials for authorization realms (including many default id/pw combos)
- Authorization guessing handles any directory, not just the root
directory - Enhanced false positive reduction via multiple methods: headers,
page content, and content hashing - Reports “unusual” headers seen
- Interactive status, pause and changes to verbosity settings
- Save full request/response for positive tests
- Replay saved positive requests
- Maximum execution time per target
- Auto-pause at a specified time
- Checks for common “parking” sites
- Logging to Metasploit
- Thorough documentation
0 – File Upload
1 – Interesting File / Seen in logs
2 – Misconfiguration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service
7 – Remote File Retrieval – Server Wide
8 – Command Execution / Remote Shell
9 – SQL Injection
a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options (i.e., include all except specified)
Nikto has it’s own updating mechanism. We encourage you to check for updates before using Nikto. Nikto can be updated using the following command:
nikto -update
Scanning webservers with Nikto
Let’s start Nikto to scan for interesting files with option 1 using the following command:
nikto -host [hostname or IP]-Tuning 1
Please not that may be illegal and punishable by law to scan hosts without written permission. Do not use nikto on HackingTutorials.org but use Virtual machines for practice and test purposes.
Nikto will now display the Apache, OpenSSL and PHP version of the targeted webserver. Also it will give you an overview of possible vulnerabilities including the Open Source Vulnerabilities Database (OSVDB) reference. When you search the OSVDB website for the reference code it will explain the possible vulnerability in more detail. The OSVDB project currently covers more than 120,980 vulnerabilities, spanning 198,973 products from 4,735 researchers, over 113 years.
Running all Nikto scans against a host
To run all scans against a particular host you can use the following command:
nikto -host [hostname or IP]
Running all scans will take a lot of time to complete.
Running Nikto against multiple hosts
Nikto offers several options to test multiple hosts:
- By using a valid hosts file containing one host per line
- Piping Nmap output to Nikto.
Another solution is to pipe the Nmap output to Nikto. Nmap will output the valid hosts to Nikto and Nikto will run the selected scans against these hosts. The following command will run a Nmap scan on host 192.168.0.0 – 192.168.0.24 using a grepable output which is defined by the -oG- flag:
nmap -p80 192.168.0.0/24 -oG – | nikto -h –
Please note that you should use a dash (-) for Nikto’s host option to use the hosts supplied by Nmap.
