How to Scan Web Servers With Nikto
How to Scan Web Servers With Nikto
Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous records/CGIs, obsolete server software, and different issues.
It is quite possibly the most normally utilized site vulnerability tool in entrance testing and is viewed as an industry-standard tool. The fundamental motivation behind Nikto is to look at websites and web applications and report back to the analyzer with any weaknesses that can be carried out to hack or exploit the webpage.
Features:
- SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
Perl/NetSSL) - Full HTTP proxy support
- Checks for outdated server components
- Save reports in plain text, XML, HTML, NBE, or CSV
- Template engine to easily customize reports
- Scan multiple ports on a server, or multiple servers via input file (including Nmap output)
- LibWhisker’s IDS encoding techniques
- Easily updated via command line
- Identifies installed software via headers, favicons, and files
- Host authentication with Basic and NTLM
- Subdomain guessing
- Apache and cgiwrap username enumeration
- Mutation techniques to “fish” for content on web servers
- Scan tuning to include or exclude entire classes of vulnerability
checks - Guess credentials for authorization realms (including many default id/pw combos)
- Authorization guessing handles any directory, not just the root
directory - Enhanced false positive reduction via multiple methods: headers,
page content, and content hashing - Reports “unusual” headers seen
- Interactive status, pause, and changes to verbosity settings
- Save full request/response for positive tests
- Replay saved positive requests
- Maximum execution time per target
- Auto-pause at a specified time
- Checks for common “parking” sites
How to install Nikto?
Step 1: update the system repositories
sudo apt-get update && sudo apt-get upgrade -y
Step 2: Install the Nikto with the following command
sudo apt-get install nikto -y
Step 3: Use “nikto” for start nikto
nikto
How to use Nikto?
nikto –help
Basic Syntax
nikto -h <IP or hostname>
SSL-Enabled Website:
SSL represents Secure Sockets Layer and, to put it plainly, it’s the standard technology for keeping an internet connection secure and protecting any touchy data that is being sent between two ends point, keeping hoodlums from perusing and changing any data moved, including possible individual subtleties.
nikto -h <IP or hostname> –ssl
Scan on IP list
nikto -h IPlist.txt
Home Page:– https://www.cirt.net/Nikto2
About Author
English