Nikto-Penetration testing
Introduction
Nikto is an open-source web server assessment tool. It is designed to find several defaults and insecure files and programs on any type of web server.
Nikto can run on any platform that has a Perl environment. It supports proxies, host authentication, SSL, and more. It can update by itself through the command line and supports the optional submission of updated version data back to the maintainers.
Most web penetration testing tools depend on HTTP response to determine if a page exists on the target. Because many servers just return a 200 “OK” response for the requests which are not found, this can lead to many false-positives. As of the new version Nikto no longer predicts the error pages for different file types will be the same. A list of unique file extensions is created at run-time, and each of those extensions is tested against the target.
Nikto is not designed as a stealthy tool. It will test a web server rapidly and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).
Installation:-
Installing Nikto is basically straight forward and easy. As the package is already accessible on the default repositories.
First, to update the system repositories we will use the following command :
sudo apt-get update && sudo apt-get upgradeAfter updating your system. Now Run the following command to Install Nikto.
sudo apt-get install nikto -yNow let's use Nikto and perform a web scan.
Generally, Nikto requires just a host to scan which can be specified with -h or -host option for example if we need to scan a machine whose IP is 192.168.30.128 we will run Nikto as follows and the scan would look something like this:
root@kali:~ nikto -h 192.168.30.128
- Nikto v2.1.6
------------------------------------------------------------
+ Target IP: 192.168.30.128
+ Target Hostname: 192.168.30.128
+ Target Port: 80
+ Start Time: 2020-12-3 10:01:45 (GMT0)
------------------------------------------------------------
+ Server: nginx/1.14.0 (Ubuntu)
...snip...
+ /: A Wordpress installation was found.
+ /wp-login.php: Wordpress login found
+ Apache/2.4.10 appears to be outdated
+ The X-XSS-Protection header is not defined. This header can hint to the user agent
to protect against some forms of XSS
+ Server may leak inodes via ETags
------------------------------------------------------------
+ 1 host(s) testedThis output has a lot of useful information. Nikto has detected the Webserver, XSS vulnerabilities, Php information, and WordPress installation.
Port specifying:-
As you can see from the above results, when the port is not specified Nikto will scan port 80 by default. If the webserver is running on a different port, you have to specify the port number by using the -p or –port option.
root@kali:~ nikto -h 192.168.30.128 -p 65535
- Nikto v2.1.6
------------------------------------------------------------
+ Target IP: 192.168.30.128
+ Target Hostname: 192.168.30.128
+ Target Port: 65535
+ Start Time: 2020-04-11 10:57:42 (GMT0)
------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ Apache/2.4.29 appears to be outdated
+ OSVDB-3233: /icons/README: Apache default file found.
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST
1 host scanned...So, we can see that there are some headers that help indicate how the website is configured. You can get some juicy information from secret directories too.
Using URLs to specify the target ports:-
Command as follows:-
root@kali:~ nikto -h http:// www.example.comNikto scan results can be exported in different formats like CSV, HTML, XML, etc. To save results in a specific output format, you need to specify the -o (output) option and also the -f (format) option. Example:-
root@kali:~ nikto -h 192.168.30.128 -o test.html -F htmlConclusion:-
Nikto is a famous and simple open-source web server assessment tool to discover potential vulnerabilities rapidly. Nikto should be your first decision when pen testing web servers and web applications. Nikto is filtering for 6700 possibly risky documents/programs, checks for obsolete forms of more than 1250 servers, and adapts explicit issues on more than 270 servers as indicated by the authority Nikto site. You should know that using nikto isn’t a stealthy procedure means that an Intrusion Detection System can easily detect it. It was made for security analysis, so stealth was never a priority.
