A must-have tool in every tester's arsenal is Nikto; it is perhaps the most widely-used free scanner in the world. As stated on its own website (https://cirt.net/Nikto2):
"Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated."
In this recipe, we will use Nikto to search for vulnerabilities in a Web application and analyze the results.
- Nikto is a command-line utility, so we open a terminal.
- We will scan the Peruggia vulnerable application and export the results to an HTML report:
nikto -h http://192.168.56.102/peruggia/ -o result.html
The
-hoption tells Nikto which host to scan,-ooption tells where to store the output, and the extension of the file determines the format it will take. In this case, we have used.htmlto obtain an HTML-formatted report of the results. The output could also be in the CSV, TXT, and XML formats. - It will take some time to finish the scan. When it finishes, we can open the
result.htmlfile:
In this recipe, we have used Nikto to scan an application and generate an HTML report. There are some more options in this tool for performing specific scans or generating specific output formats. Some of the most useful are:
-H: This shows Nikto's help.- -
config <file>: To use a custom configuration file in the scan. -update: This updates plugin databases.- -
Format <format>: This defines the output format; it may be CSV, HTM, NBE (Nessus), SQL, TXT, or XML. Formats such as CSV, XML, and NBE are very useful when we want to use Nikto's results as an input for other tools. -evasion <technique>: This uses some encoding techniques to help avoid detection by Web Application Firewalls and Intrusion Detection Systems.-list-plugins: To view the available testing plugins.-Plugins <plugins>: Select what plugins to use in the scan (default: ALL).-port <port number>: If the server uses a non-standard port (80, 443), we may want to use Nikto with this option.