Web vulnerability scanning with Nikto

What is Nikto?

Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server types specific checks. It also captures and prints any cookies received.

How Nikto works? 

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Demonstration

Command line syntax:

Nikto -h -p -o -F

Example:

nikto -h 192.168.0.100 -p 80 -0 /home/user/Desktop/Nikto_Scan.html -F HTML

Nikto -h 192.168.0.100 -p 80 -0 /home/user/Desktop/Nikto_Scan.html -F HTML By specifying the file type to HTML, this will then save us the results of the scan in a nice and clear layout. After the scan has completed just open up the scan results HTML file in the web browser of your chose, the layout will be similar to the one shown on the next side.

HTML Nikto report:

As you can see Nikto, finds a large array of different potential threats on a given server. In the example below, we can see that nikto has found a cross-site scripting(XSS) vulnerability and a default script that may also be vulnerable to an XSS attack. Nikto also finds files and directories on the server like the README file found in the picture below:

At the end of the HTML report, there will be a summary and overview of the scan, this report is perfect to present to a client, as it shows all the information gathered and clearly lists all the vulnerabilities and potential threats to there server.

Nikto is a great scanning software for finding vulnerabilities and potential threats on a web server, which can produce professional reports that clearly highlights all the problems found in the scan.

Link for more information and download:
https://cirt.net/Nikto2

Root

Hello and welcome to Quick Time Tech. My name is Liam Baker and this is my profile.

You may also like...

1 Response

  1. Darrell Marion says:

    I can vouch for this program, my workplace has been using this tool for the last couple of years. One of the best open source web scanners in my opinion.

    2

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.