# Nikto Web Vulnerability Scanner Course
## Section 1: Introduction to Nikto
In this section, we will focus on one of the most powerful tools for web vulnerability scanning, **Nikto**. This open-source web server scanner is designed to identify vulnerabilities in web applications and servers. It performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, version-specific problems on over 1250 servers, and various server misconfigurations.
### Installation and Configuration on Kali Linux
#### Prerequisites
Before we begin the installation of Nikto, ensure that your Kali Linux installation is up to date. Open a terminal and run the following commands:
"`bash
sudo apt update
sudo apt upgrade -y
"`
#### Installation Steps
1. **Install Nikto**: Nikto is typically included in the Kali Linux repositories. You can install it by executing the following command in your terminal:
sudo apt install nikto -y
2. **Verify Installation**: Once installed, you can verify that the installation was successful by checking the version of Nikto. Run the following command:
nikto -Version
If installed correctly, it will display the version number of Nikto.
3. **Configuration**: Nikto does not require extensive configuration. However, you can customize certain aspects by editing the configuration files located in `/etc/nikto.conf`. You can specify the paths for plugins, log files, and additional options here. For basic usage, the default configuration is sufficient.
To edit the configuration, you can use:
sudo nano /etc/nikto.conf
Make any necessary changes and save the file (in Nano, press `CTRL + O` to save and `CTRL + X` to exit).
### Step-by-Step Usage
Now, let’s delve into how to use Nikto for vulnerability scanning. This section will guide you through various commands and options you can use.
#### Basic Usage
To run a basic scan with Nikto, use the following command:
"`bash
nikto -h
"`
Replace `
"`bash
nikto -h http://example.com
"`
#### Options and Parameters
Nikto has numerous options that can enhance your scan. Here are some of the most commonly used parameters:
– `-h
– `-p
– `-ssl`: Use SSL for connections (default is HTTP).
– `-output
– `-Format
– `-Tuning
– `-Proxy
Example of a more complex command:
"`bash
nikto -h http://example.com -p 443 -ssl -output report.html -Format html -Tuning 1,2,3
"`
### Real-World Use Cases
#### Case 1: Scanning a WordPress Site
WordPress is a popular content management system but often contains vulnerabilities due to outdated plugins and themes. Let’s see how Nikto can be used to scan a WordPress site.
1. **Run a Scan**:
nikto -h http://yourwordpresssite.com -output wordpress_scan_report.txt
2. **Review the Output**: Open the `wordpress_scan_report.txt` file to view the vulnerabilities found by Nikto. Look for issues like:
– Potentially dangerous files (e.g., `/wp-admin/`, `/wp-includes/` directories)
– Outdated versions of WordPress or plugins
– Default files and configurations that may expose sensitive information
3. **Take Action**: Based on the report, consider updating plugins, removing unused themes, and applying recommended best practices for WordPress security.
#### Case 2: Analyzing a Custom Web Application
When conducting security assessments on custom web applications, Nikto can quickly reveal weaknesses.
1. **Perform the Scan**:
nikto -h http://customapp.local -Tuning 5,6,7
This command tunes the scan to focus on specific vulnerabilities, such as fingerprinting and security misconfigurations.
2. **Check Results**: Examine the output for misconfigurations like:
– Directory listing enabled
– Misconfigured HTTP methods (e.g., TRACE, DELETE)
– Outdated server software that may expose vulnerabilities
3. **Remediation**: Based on the results, recommend hardening the application server and updating the software.
### Detailed Technical Explanations
#### How Nikto Works
Nikto works by sending requests to the web server and analyzing the responses. It contains a database of known vulnerabilities and uses this to identify potential security issues. Here’s how it generally operates:
1. **Request Generation**: Nikto generates HTTP requests based on predefined patterns for vulnerabilities.
2. **Response Analysis**: It analyzes the server's responses to identify vulnerabilities. For example, if a specific request to a known exploit returns a 200 HTTP status code, Nikto flags it as a possible vulnerability.
3. **Reporting**: After the scan, Nikto compiles the findings and generates a report detailing the vulnerabilities detected.
#### External References
For further reading and resources, consider exploring the following links:
– [Nikto Official Documentation](https://cirt.net/Nikto2)
– [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/latest/)
– [Common Web Vulnerabilities by OWASP](https://owasp.org/www-project-top-ten/)
### Code Examples for WordPress
In addition to simple usage, you may want to explore specific checks and vulnerabilities unique to WordPress applications. Below are some practical code examples on how to utilize Nikto effectively.
#### Example 1: Scanning for Specific Vulnerabilities
You can customize your scan to focus on specific vulnerabilities relevant to WordPress. For instance, you might want to check for outdated WordPress instances and vulnerable plugins.
"`bash
nikto -h http://yourwordpresssite.com -Tuning 1,2,3,4
"`
This will focus on content/CGI files, outdated servers, and potential dangerous files.
#### Example 2: Saving Scan Results
Saving the results of your scans is crucial for reporting and follow-up actions. Use the command below:
"`bash
nikto -h http://yourwordpresssite.com -output wordpress_scan_results.txt -Format txt
"`
You can later review the `wordpress_scan_results.txt` to understand the vulnerabilities detected.
#### Example 3: Performing Scans with SSL
Given that many WordPress sites utilize HTTPS, it’s important to include SSL in your scans.
"`bash
nikto -h https://yourwordpresssite.com -ssl -output secure_wordpress_scan.html
"`
#### Example 4: Using a Proxy to Scan
If you’re working in an environment where direct access is limited, you can route your scans through a proxy.
"`bash
nikto -h http://yourwordpresssite.com -Proxy http://proxyserver:8080
"`
Replace `proxyserver:8080` with the actual proxy address you intend to use.
### Conclusion
The Nikto web vulnerability scanner is an essential tool in the arsenal of any ethical hacker or penetration tester. Its ability to quickly identify vulnerabilities in web applications, including popular platforms like WordPress, makes it a valuable asset in maintaining web security.
Through this section, you have learned how to install Nikto on Kali Linux, configure it, run scans, and analyze results in real-world contexts. By applying these skills, you can help organizations identify and remediate vulnerabilities, thereby enhancing their security posture.
—
Made by pablo rotem / פבלו רותם