Thursday, August 22, 2013

Nikto for web vulnerability scanning

Nikto is an Open source web vulnerability scanner which can identify over 6400 potentially dangerous files/CGI and check for outdated versions of software being used. Nikto comes along with Backtrack 5 R2 and above or you can install it from the official site : http://www.cirt.net/nikto2

Finding the location of Nikto :
Fire up the terminal and find the location on where nikto is installed using the following command :
root@bt:~# locate nikto

It shows the location /pentest/web/nikto

Now browse to the location by typing
root@bt:~#  cd /pentest/web/nikto

Simply typing ./nikto.pl will give you a list of parameters that can be used.

Simple Nikto Scan:
You can scan any host by simply using the command
root@bt:/pentest/web/nikto# ./nikto.pl -host 192.168.20.13 -output scanresult.txt
This scans the website and logs the results at the scanresult.txt file in the same folder

Sample result 

Nikto by default finds the web server ports ( 80, 443 etc... ) and starts scanning them
You can alternatively use the -port command to scan a particular port


NOTE: It is illegal to scan any host without the authorization of the owner of that host

No comments:

Post a Comment