Web Server Scanning using Nikto
Nikto is a tool used for scanning web servers for vulnerabilities.We use Nikto after we have all the necessary information gathered from Reconnaissance and port scanning stages.It scans the server for outdated and unpatched software and also searches for sensitive files. Nikto can identify multitudes of issues including critical issues such as server configurations etc.
Here we will be using Backtrack 5 to demonstrate the power of Nikto.
So if you are using Backtrack to practice pen-testing then you needn't worry about installing Nikto as it is already there in Backtrack (Its there even in Backtrack 4).
But if you aren't using Backtrack,then you can download Nikto from the website
http://www.cirt.net/nikto2
Make sure you have Perl installed because Nikto is a Perl Script.
You can run Nikto in two ways:
1. Go to Applications>Backtrack>Vulnerability Assessment>Web Application Assessment>Web Vulnerabilities Scanner>Nikto
2. cd /pentest/web/nikto/
In order to run a simple vulnerability scan against a target you just have to specify a host address
along with a port number.
For example, perl nikto.pl -h 10.10.15.27 -p 32333
In the above command :
“-h” switch implies host address.
“-p” switch implies port number.
The above command runs a vulnerability scan against the host 10.10.155.27.
But since we specified the port number as 32333,Nikto scans that particular port only.
Now if you want the scan to include multiple ports you have to specify a port range :
perl nikto.pl -h 10.10.15.27 -p 1024-10000
What if you don't specify any port?
perl nikto.pl -h 10.10.15.27
In this case Nikto just scans port 80.
Are these the only switches that Nikto has to offer (i.e. “-h” and “-p”)?
No it offers wide variety of switches.
Just type perl nikto.pl to check the amount of options Nikto offers.