Introduction to pentesting: Web-Based Exploitation

Nikto

After running a port scan and discovering a service running on port 80 or port 443, one of the first tools that should be used to evaluate the service is Nikto. Nikto is a web server vulnerability scanner. This tools was written by Chris Sullo and David Lodge. Nikto automates the process of scanning web servers or out-of-date and unpatched software as well as searching for dangerous files that may reside on web servers. Nikto is capable of identifying a wide range of specific issues and also checks the server for configuration issues. Nikto is built into BlackArch, if you are not using BlackArch, Nikto can be obtained by downloading it from the Nikto website. Please note that you’ll need Perl installed to run Nikto.

To view the various options available, you can run the following command:

nikto

Running this command will provide you with a brief description of the parameters available to you. To run a basic vulnerability scan against a target, you need to specify a host IP address with the “-h” switch. You should also specify a port number with the “-p” parameter. You can instruct Nikto to scan multiple ports by specifying a port range. For example, to scan for web servers on al ports between 1 and 1000, you’d issue the following command in a terminal window:

nikto -h example.com -p 1-1000

If you don’t specify a port number, Nikto will only scan port 80 on your target. If you want to save the Nikto output for later review, you can do so by issuing the “-o” followed by the file path and name of the file you’d like to use to save the output.