Mastering Nikto Web Server Scanning (with examples)

Mastering Nikto Web Server Scanning (with examples)

Nikto is an open-source web server scanner that conducts comprehensive tests against web servers. It’s widely utilized by cybersecurity professionals to detect potential vulnerabilities like server misconfigurations, outdated software, and insecure web applications. Nikto is celebrated for its effectiveness, ease of use, and the fact that it covers a wide range of vulnerabilities without requiring extensive configuration.

Use case 1: Perform a basic Nikto scan against a target host

Code:

perl nikto.pl -h 192.168.0.1

Motivation:

Performing a basic Nikto scan is often the first step in assessing the security posture of a web server. It quickly provides insights into the vulnerabilities that might exist and whether the server is properly configured. This approach is essential for identifying critical issues that need immediate attention before an attacker can exploit them.

Explanation:

  • perl nikto.pl: This segment invokes the Nikto scanner script using Perl, which is necessary as Nikto is written in this programming language.
  • -h 192.168.0.1: The -h flag specifies the target host IP address, guiding Nikto on where to direct its scanning efforts.

Example Output:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.1
+ Target Hostname:    example.com
+ Target Port:        80
+ Start Time:         2023-10-25 10:00:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.41 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ Uncommon header 'x-powered-by' found, with contents: PHP/7.4.3
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ 26193 requests: 1 error(s) and 3 item(s) reported on remote host
+ End Time: 2023-10-25 10:12:00 (12 seconds)
---------------------------------------------------------------------------

Use case 2: Specify the port number when performing a basic scan

Code:

perl nikto.pl -h 192.168.0.1 -p 443

Motivation:

Web servers often run on multiple ports, with HTTPS operating over port 443. Specifying a port is critical when you need to focus the scan on a particular service, such as verifying the security of SSL/TLS configurations. This precision ensures that the assessment is relevant to the services in question rather than applying a generic analysis.

Explanation:

  • perl nikto.pl: Executes the Nikto script through Perl.
  • -h 192.168.0.1: Identifies the target host by its IP address.
  • -p 443: The -p flag allows you to define the specific port number where the service is running—in this case, HTTPS on port 443.

Example Output:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.1
+ Target Hostname:    example.com
+ Target Port:        443
+ Start Time:         2023-10-25 10:20:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.41 (Ubuntu)
+ SSL Info: Version \t: TLSv1.2, TLSSSLv3
+ The X-Content-Type-Options header is not set. This is a potential security hole
+ Allowed HTTP Methods: GET, POST, HEAD, OPTIONS
+ /notfound/: HTTP Response 404
+ 1250 requests: 0 error(s) and 2 item(s) reported on remote host
+ End Time: 2023-10-25 10:22:00 (2 seconds)
---------------------------------------------------------------------------

Use case 3: Scan ports and protocols with full URL syntax

Code:

perl nikto.pl -h https://192.168.0.1:443/

Motivation:

Utilizing full URL syntax allows a more comprehensive approach to scanning, particularly useful when dealing with servers that use secure protocols. This method quickly determines how the web server handles HTTPS requests, providing insights without having to break them down manually into host, protocol, and port.

Explanation:

  • perl nikto.pl: Initiates the Perl script for Nikto.
  • -h https://192.168.0.1:443/: The -h flag identifies the host; including https:// specifies the usage of HTTPS protocol. The URL syntax allows inclusion of the explicit port, here 443 for HTTPS services.

Example Output:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.1
+ Target Hostname:    example.com
+ Target Port:        443
+ Start Time:         2023-10-25 10:30:00
---------------------------------------------------------------------------
+ SSL Info: Cert CN             example.com
+ The site uses outdated ciphers in its supported SSL/TLS setup
+ /test/: Possible sensitive directory discovered.
+ 3327 requests: 2 error(s) and 4 item(s) reported on remote host
+ End Time: 2023-10-25 10:32:00 (2 seconds)
---------------------------------------------------------------------------

Use case 4: Scan multiple ports in the same scanning session

Code:

perl nikto.pl -h 192.168.0.1 -p 80,88,443

Motivation:

Scanning multiple ports in one session saves time and resources. This is particularly useful for web servers hosting multiple services or applications across different ports. It ensures an all-encompassing analysis within a singular coordinated effort, simplifying the vulnerability assessment process.

Explanation:

  • perl nikto.pl: Calls the Perl executable for the Nikto script.
  • -h 192.168.0.1: Specifies the host IP to scan.
  • -p 80,88,443: The -p argument specifies multiple ports comma-separated: 80 (HTTP), 88 (alternate HTTP port), and 443 (HTTPS).

Example Output:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.1
+ Target Hostname:    example.com
+ Target Ports:       80, 88, 443
+ Start Time:         2023-10-25 10:40:00
---------------------------------------------------------------------------
+ Server Port 80: Apache/2.4.41
+ Server Port 88: Apache/2.4.41
+ Server Port 443: Apache/2.4.41 OpenSSL/1.1.1
+ Port 80: Missing Strict-Transport-Security header
+ Port 88: Admin panel accessible
+ Port 443: Weak SSL ciphers (TLSv1.0/1.1) are enabled
+ 8456 requests: 3 error(s) and 6 item(s) reported on remote host
+ End Time: 2023-10-25 10:52:00 (12 minutes)
---------------------------------------------------------------------------

Use case 5: Update to the latest plugins and databases

Code:

perl nikto.pl -update

Motivation:

Keeping the Nikto database and plugins up to date is crucial for ensuring the scanner has the latest vulnerability signatures and tests. Cyber threats evolve quickly, and new vulnerabilities emerge regularly. An updated scanner provides the best chance of detecting new or recently discovered vulnerabilities.

Explanation:

  • perl nikto.pl: Uses Perl to execute the Nikto script.
  • -update: The -update flag requests Nikto to download the latest versions of its plugins and vulnerability databases, ensuring up-to-date scanning capabilities.

Example Output:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Update initiated for the following items:
  * Plugin database
  * Scan database
  * SSL database
+ Fetching latest updates from cirt.net
+ Update complete for all databases and plugins.
+ Current plugin version: 2023.10.24
---------------------------------------------------------------------------

Conclusion:

Nikto is an invaluable tool for web server security assessments, offering a range of scanning options from standard to more complex configurations. Whether you’re conducting a simple vulnerability check or a detailed multi-port analysis, Nikto’s versatility ensures it remains an integral part of the web security toolkit. Consistent updates reinforce its effectiveness, helping it adapt to the continually evolving threat landscape.

Related Posts

Mastering Dunst with 'dunstctl' (with examples)

Mastering Dunst with 'dunstctl' (with examples)

Dunst is a lightweight notification daemon known for its minimal resource usage and high customizability.

Read More
How to Use the Command 'npm login' (with Examples)

How to Use the Command 'npm login' (with Examples)

The npm login command is an essential tool for developers working with Node.

Read More
How to Use the Command 'tcpick' (with Examples)

How to Use the Command 'tcpick' (with Examples)

Tcpick is a versatile tool for network administrators and security professionals, designed for packet sniffing and traffic analysis.

Read More