Select Page

Plug it now – with Nikto

nikto image courtesy cirt.net

Ever wondered if your website is hosted on a web-server that has a big hole right in the middle? If you haven’t, it is likely that some hacker is already thinking hard. The edge the hacker has is the tools that help him identify the unplugged holes in your webserver and web installation/scripts.
Believe me, web-server vulnerability and buggy CGI scripts are the favorite/common path taken by most intruders, who later end up harming your data, your reputation, and perhaps even your life. Simple port scanners and vulnerability scanners are employed to break into the server with ease, and Nikto is one such tool.


So why on earth should I use Nikto?

Whether you use it or not, intruders could use it. So it is imperative that you start using it, and seal the doors before intruders barge in. You might wish to run the scan on your website to kill the curiosity factor “How secure is my website or webhost!”. Well, if you are really upto running the scan on your webhost, better inform them well in advance – may be logging a Saturday night ticket, to let them know that you would scan the web-server in a few hours time ;P

If your webhost is good at securing their infrastructure, you are likely to get blocked, and could be locked out of your own account. You could very well be convincing an abuse team member of your host over the week-end, to put off more action against you. He would be showing you something, that you would have hardly bothered reading – the aupl page of the host!

*only scan servers you own or that you have permission to scan, or else you could easily risk legal action*


How Nikto works

Let me start off by explaining the working of the tool. Nikto is a generic vulnerability scanner that tests remote web-servers for dangerous files/CGIs, outdated server software/libraries and similar problems. It is in fact a perl script which would work well on any OS that has PERL version 5+. Add to it, Nikto is an open source tool released under GPL license. The tool in its basic format is not stealthy in nature, but can gain stealthy nature by the use of IDS evasion techniques imparted to it by the use of LibWhisker’s anti-IDS methodology.


Installation & usage of Nikto

The current version of the tool is available at http://www.cirt.net/nikto/nikto-current.tar.gz Un-archiving it and putting the script to a desirable location should get you started.
You may update the script with the command perl full_path_to_nikto.pl -update

You could then go ahead and create a link to the tool from say /usr/bin/nikto
To scan a website your-example.com, use the following command:

/usr/bin/nikto -h your-example.com

The result of such a scan on a local site named “I-own-this-network-n-server.com” with access restricted with authentication(using .htaccess) in my network is shown below for reference:

# /usr/bin/nikto -h I-own-this-network-n-server.com
– Nikto v2.03/2.04
—————————————————————————
+ Target IP: 192.168.1.xx
+ Target Hostname: I-own-this-network-n-server.com
+ Target Port: 80
+ Start Time: 2010-05-14 3:21:03
—————————————————————————
+ Server: Apache/2.2.3 (Red Hat)
+ ERROR: No auth credentials for “EnterPassword”, please set.
+ ERROR: No auth credentials for “EnterPassword”, please set.
+ Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 4 item(s) reported on remote host
+ End Time: 2010-05-14 3:21:03 (7 seconds)
—————————————————————————
+ 1 host(s) tested

Test Options: -h I-own-this-network-n-server.com
—————————————————————————

For more details on the tool, including the IDS evasion part, please refer to

http://cirt.net/nikto2-docs/

Sankar


About the Author :

Sankar works as a Senior Software Engineer in Bobcares. He joined Bobcares back in April 2006. He loves grooming/mentoring people. During his free time, he listens to music, and enjoys singing..



Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES

Related Posts