Nikto is one of the tools in the embedded Kali Linux distribution.
Nikto : tool to scan the security of a web server
During scanning, Nikto is able to:- Check if the server version is obsolete and the software and modules that are used by it.
- Scanner directories, which may contain sensitive information,
- Testing nearly 6,000 vulnerable files / CGI,
- Moreover, Nikto supports SSL connections.
Installing Nikto
Archlinux / Manjaro :
yaourt -S nikto
Ubuntu / Linux Mint :
sudo apt-get install nikto
Using Nikto
current use :
To launch a Simple scan:
nikto -h [URL]
[URL]= l’url de votre choix. A savoir, par défaut Nikto scanne sur le port 80.
Scan on port 443:
nikto -h [URL] -p 443
nikto -h [URL] -p 443
ou
ounikto -h https://[URL]:443/Scan on multiple ports at the same time:
nikto -h [URL] -p 20,21,25,443Use behind a proxy:
To use Nikto behind a proxy, you must edit your configuration file:- Archlinux / Manjaro:
sudo nano /usr/share/nikto/nikto.confUbuntu /Linux Mint :
sudo nano /etc/nikto/config.conf
# Proxy settings -- still must be enabled by -useproxyPROXYHOST=proxy.domaine.tldPROXYPORT=8080#PROXYUSER=proxyuserid#PROXYPASS=proxypassword ProxyHost: URL or proxy server IP
ProxyPort: the proxy port
Proxyuser: the user if necessary
ProxyPass: the user's password if needed Use Nikto behind a proxy:nikto -h [URL] -useproxy
- A little more complex example:
nikto -h http://[URL]:443/ -F txt -o scan.txt -useproxy Nikto will scan the URL on port 443 via a proxy and send the result to the scan.txt file.
conclusion
Nikto is a handy program to scan for security vulnerabilities in your web server and its performance is fast enough (depending on the host hardware architecture).
BHowever, beware of crafty who would use Nikto to scanner friends web sites to make them a bad joke by detecting one or more security vulnerabilities on their websites, Nikto is discoverable in the logs and obviously with the IP of the person who scans 
Aucun commentaire:
Enregistrer un commentaire