Security+

NIKTO: INTERROGATING WEB SERVERS

NIKTO: INTERROGATING WEB SERVERS: After running a port scan and discovering a service running on port 80 on port 443, one of the first tools that should be used to evaluate the service is Nikto.

Nikto is a web server vulnerability scanner. This tool was written by Chris Sullo and David Lodge. Nikto automates the process of scanning web servers for out-of-date and unpatched software as well as searching for dangerous files that may reside on web servers.

Nikto is capable of identifying a wide range of specific issues and also checks the server for configuration issues. The current version of Nikto is built into Kali and is available in any directory.

NIKTO INTERROGATING WEB SERVERS

If you are using Kali, or your attack machine does not have a copy of Nikto, it can be installed by downloading it from the http://www.cirt.net/Nikto2 Website or running the “apt-get install Nikto” command from a terminal.

Please note you will need Perl installed to run Nikto.

To view the various options available, you can run the following command from any command line within kali:

Nikto

Running this command will provide you with a brief description of the switches available to you. To run a basic vulnerability scan against a target,

You need to specify a host internet protocol (IP) address with the “-h” switch. You should also specify a port number with the “-p” switch.

Nikto is capable of scanning single ports, multiple ports, or range of ports. For example, to scan for web servers on all ports between 1 and 1000, you would issue the following command in terminal window:

Nikto –h 192.168.18.132 –p 1-1000

To scan multiple ports, which are not contiguous, separate each port to be scanned with a common as show below:

Nikto –h 192.168.18.132 –p 80.443

 

to scan for web servers on all ports between 1 and 1000
to scan for web servers on all ports between 1 and 1000

 

If you fail to specify a port number, Nikto will only scan port 80 on your target,

If you want to save the Nikto output for later review, you can do so by issueing the “-o” followed by the file path and name of the file you would like to use to save the output.

 

USING NMAP TO PERFORM A TCP CONNECT SCAN

USING NMAP TO PERFORM AN SYN SCAN

 

If you have Any Question Regarding Nikto Interrogating Web Servers You May Ask in the Commend Section We Would Love to Answer Your Questions. Thank You.

NIKTO: INTERROGATING WEB SERVERS

Related Articles

One Comment

Leave a Reply

Back to top button