Making scanning and raising vulnerabilities with Nikto

Nikto is a Perl tool developed by Chris Solo and David Lodge, which was written for vulnerability validation supporting multiple platforms, including Windows, Linux and UNIX. Unlike some security scanners, Nikto is designed to operate in a stealth mode, yet it causes a noise like other scanners.

It is an open source licensed under the GPL scanner within its functions he seeks vulnerabilities in its target allowing you to check the configuration items servers, such as index files, HTTP server options, identifies software installed on web servers and makes scan items and plugins that are frequently updated.

Some of the features listed in it:

  • SSL support (with OpenSSL Unix or Windows with ActiveState’s
    Perl / NetSSL).
  • Full HTTP proxy support.
  • Checks for outdated server components.
  • Save reports in plain text, XML, HTML, CSV or NBE.
  • Layout for customized reports.
  • Scan multiple ports on a server or multiple input via file servers (including output of nmap).
  • Coding techniques libwhisker’s IDS.
  • Update on the command line.
  • Identifies installed software via headers, icons and favorite files.
  • Host authentication with Basic and NTLM.
  • Subdomain of divination.
  • Enumeration users in Apache and cgiwrap.
  • Techniques “fish” to content on web servers.
  • “Scan tuning” to include or exclude entry to check for vulnerable classes.
  • Guess credentials for authorization (including many standard and Id Pw combos).
  • Guess authorization read in any directory, not just in the root directory.
  • Reducing false positives by various methods: headers,
    only page content, and hashing the content.
  • “Unusual” headers reports.
  • Interactive status, pause and change verbose settings.
  • Full rescue of the request / response to positive tests.
  • Rescued repetition of positive requests,
  • Maximum execution time per target.
  • Automatic pause at any given time.
  • Checks for sites in common in a state of “parking”.
  • Connection with Metasploit.
  • Full documentation.

Installing Nikto

If you have not in your distro, download the tool made ​​by our team: the Organon and install it. If you want to install manually, follow the procedures below.

Download the package:

Nikto do not need build, unzip it and enter the folder.

# tar -xvzf nikto-2.1.5.tar.gz
# cd nikto-2.1.5/

Give permission to execute the file.

# chmod 777 nikto.pl

Update the tool to the latest version if you have available.

# ./nikto.pl -update

Conducting test with Nikto

Before you start scanning with the tool we need to know the configuration information is available on your tool to aid better understanding of it. To see your options type the help command, listed below.

# ./nikto -h
nikto

We will make some specific demonstrations to perform scans at a particular target:

# ./nikto.pl -host http://testphp.vulnweb.com/ -p 80,443 -o relatorio.txt

At where:

-host: victim’s address (IP or DNS), in which case we will take its own website for testing.
-p: port to perform the scan, preferably before do scan to see which ports are running web services.
-o: File output (scan log).

We can do a deeper analysis on the site.

# ./nikto.pl -C all -host http://testphp.vulnweb.com/ -p 80,443 -mutate 1,2,3,4 -evasion 1,2 -o relatorio.txt

At where:

-mutate 1,2,3,4: search for directory through exhaustive attempts (cause enough noise).
-evasion 1.2: does scan is more stealthy, bypassing some firewall and IPS types.
-C All: force checking of all directories in search of CGI.

Of 05.11.2015 15:17:51 screenshot

As always, it is recommended the use of proxy to scan to block you if he does not become unable to continue doing in your IP other types of scan. The -useproxy option lets you add, as an example privoxy or TOR.

# ./nikto.pl -C all -host http://testphp.vulnweb.com/ -p 80,443 -mutate 1,2,3,4 -evasion 1,2 -o relatorio.txt -useproxy 127.0.0.1

We have been increasing gradually commands so that you understand how to refine the scan, remembering that it is extremely important that you read its documentation to learn how to use other scan settings.

Vulnerabilities and warnings listed in the file that is generated by the scan (log) are cataloged according to the OSVDB database, which can be accessed here and you can find about the details of each vulnerability cited by Nikto, and exploit them.

Of 05.11.2015 15:34:48 screenshot

Simply place the fault number named in the OSVDB that will bring the corresponding information in the survey.

Conclusion

Nikto is widely used today as a scanner, and the main feature of their furtividades techniques during your scan, bypassing some types of IPS and firewalls. Do not have a GUI as explanatory as among others Nessus scanner as or Acunetix, so you need to visit the catalog of OSVDB to see all the fault information. Recalling that like any other scanner it generates noise, but have the option to soften due to its evasion settings as already said.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s