Nikto Web Vulnerability Scanner Course
# Section 5: Mastering Nikto Web Vulnerability Scanner
## Introduction
In this final section of the course, we will delve deep into Nikto, an essential web vulnerability scanner that aids security professionals in identifying vulnerabilities within web applications. By the end of this section, you should be capable of installing, configuring, and utilizing Nikto to perform comprehensive scans for real-world applications.
## Installation and Configuration on Kali Linux
### Installing Nikto
Kali Linux is a popular distribution for penetration testing and ethical hacking. Luckily, Nikto is pre-installed on Kali Linux. However, if you want to ensure you have the latest version, or if you're installing it on a different system, follow these steps:
1. **Open Terminal**: You can find the terminal by either using the keyboard shortcut (CTRL + ALT + T) or by navigating to the applications menu.
2. **Update the Package List**: Before installation, ensure your package list is updated:
sudo apt update
sudo apt upgrade -y
3. **Install Nikto**: Install Nikto via the following command:
sudo apt install nikto -y
4. **Verify Installation**: After installation, verify it by checking the Nikto version:
### Configuring Nikto
Nikto is highly configurable. You can modify its configuration files according to your needs. The main configuration file is located in `/etc/nikto.conf`. To customize it:
1. **Open the Configuration File**:
sudo nano /etc/nikto.conf
2. **Adjust Settings**: Consider adjusting parameters such as:
– `SERVER`: Specify the server type (e.g., Apache, Nginx).
– `PLUGINS`: Enable or disable specific plugins.
– `OUTPUT`: Set output options for the scan results.
3. **Save and Exit**: After making your changes, save and exit using CTRL + X, followed by Y, and then ENTER.
## Step-by-Step Usage
### Performing a Basic Scan
To conduct a basic scan of a web application using Nikto, follow these steps:
1. **Basic Command Format**:
2. **Example**: To scan a WordPress site:
nikto -h http://example.com
### Configuring Advanced Options
Nikto allows various options for deep scans. Some of the most useful are:
– **Port Scanning**: To specify a port other than 80 or 443:
Example:
nikto -h http://example.com -p 8080
– **Using SSL**: For HTTPS sites, utilize:
nikto -h https://example.com
– **Outputting to a File**: You can save results in various formats (e.g., HTML, TXT):
nikto -h http://example.com -o output.html -Format htm
– **Using Proxy**: If you are scanning through a proxy:
nikto -h http://example.com -useproxy http://proxyserver:port
### Real-World Use Cases
#### Use Case 1: Scanning a WordPress Site
Many organizations utilize WordPress for their web presence, making it a target for attackers. Let's scan a WordPress site to identify potential vulnerabilities.
1. **Command**:
nikto -h http://examplewordpresssite.com
2. **Review Results**: Nikto will check for file uploads, vulnerabilities in plugins, and configuration issues. For instance, if a vulnerable plugin is installed, Nikto would raise a flag.
3. **Example Output**: The scan output will resemble:
[/dm_code_snippet]
+ OSVDB-123456: examplewordpresssite.com: Vulnerable WordPress Plugin detected
[/dm_code_snippet]
#### Use Case 2: Identifying Misconfigurations
Web servers are often misconfigured, leading to vulnerabilities. Use Nikto to scan for common misconfigurations:
1. **Command**:
nikto -h http://misconfiguredsite.com
2. **Review Results**: The output might reveal:
[/dm_code_snippet]
+ OSVDB-123: Server is running under the default configuration
[/dm_code_snippet]
#### Use Case 3: Testing for Outdated Software
Scanning for outdated software versions is critical for maintaining security:
1. **Command**:
nikto -h http://mywebsite.com
2. **Example Output**:
[/dm_code_snippet]
+ OSVDB-112233: Apache 2.4.41 is outdated and has known vulnerabilities.
[/dm_code_snippet]
### Advanced Scanning Techniques
Nikto provides extensive options to enhance the effectiveness of scans.
#### Conducting a Full Scan
To conduct a full scan with all plugins:
nikto -h http://example.com -Tuning 1,2,3,4,5,6,7
This command includes different tuning options to focus on specific vulnerabilities.
#### Utilizing Plugins
Nikto comes with various plugins to extend its functionality. You can enable or disable these from the configuration file or using command-line options. To view available plugins:
#### Multiple Target Scanning
To scan multiple targets in one command:
nikto -h http://target1.com,http://target2.com
### Code Examples in Markdown Code Blocks for WordPress
Use the following markdown code blocks to document your findings or create reports for your WordPress scans.
[/dm_code_snippet]markdown
# Nikto Scan Report: WordPress Site
**Target URL**: `http://examplewordpresssite.com`
**Scan Date**: `2023-10-10`
## Vulnerabilities Found:
– **OSVDB-123456**: Vulnerable WordPress Plugin detected
– **OSVDB-789012**: Directory listing is enabled
## Recommendations:
1. Update WordPress to the latest version.
2. Disable vulnerable plugins or remove them entirely.
3. Configure server settings to prevent directory listing.
[/dm_code_snippet]
[/dm_code_snippet]markdown
# Nikto Scan Report: Custom Web Application
**Target URL**: `http://mywebsite.com`
**Scan Date**: `2023-10-10`
## Vulnerabilities Found:
– **OSVDB-112233**: Apache 2.4.41 is outdated and has known vulnerabilities.
– **OSVDB-222222**: Default credentials accessible.
## Recommendations:
1. Upgrade Apache to the latest version.
2. Change default credentials to secure passwords.
[/dm_code_snippet]
## Technical Explanations
### Understanding Nikto’s Output
Nikto's scan results can classify findings into categories. Key components of the output include:
– **OSVDB ID**: A unique identifier linking vulnerabilities to the Open Security Vulnerability Database.
– **Description**: A brief explanation of the vulnerability detected.
– **Severity**: The potential risk the vulnerability poses.
### External Reference Links
For a deeper understanding of web vulnerabilities and how Nikto functions, refer to the following resources:
– [Nikto Official Site](https://cirt.net/Nikto2)
– [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
– [Common Web Vulnerabilities](https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet)
– [Open Web Application Security Project (OWASP)](https://owasp.org/)
## Conclusion
In this course section, you've learned how to install and configure Nikto, perform scans on various web applications, and interpret the results to identify vulnerabilities effectively. Nikto, as a tool, provides a crucial first step in web application security assessments and is invaluable for ethical hackers and security professionals alike.
With the knowledge gained from this course, you should feel confident using Nikto for web vulnerability scanning, thus enhancing your pentesting skills.
Made by pablo rotem / פבלו רותם
