This course covers the basics of using Nikto, the web app vulnerability scanner. Nikto is one of the most commonly used website vulnerability tools in penetration testing and is considered an industry standard tool. The main purpose of Nikto is to examine websites and webapps and report back to the tester with any vulnerabilities that can be implemented to hack or exploit the site. This saves time in pen-testing and avoids having to manually find exploits for any found vulnerabilities.
In this video guide we’ll be covering the basics of using Nikto, In this video guide we’ll be covering the basics of using Nikto, the web application scanning tool. Nikto is used to find out if there are any known vulnerabilities within the webserver of the application, and takes the effort out of manual enumeration in penetration testing. For example, let’s say we find something within an Nmap scan, we can attempt to manually search for numerous links or use the Open Source Vulnerability Database (or OSVDB) to see if it’s an actual, exploitable vulnerability. Nikto does all of this for you and will use your Nmap scan to cross-reference it against various databases.
In this demonstration, we’ll go through the basics of using Nikto in 2 steps.
Step 1: Scanning with Nikto Open the terminal to start using Nikto. We’re going to be using the same test IP address used in the Nmap scan, 10.1.1.102. To start the scan, type “Nikto”, and use the minus H switch, followed by the IP address. Nikto then begins its scan. We can see that Nikto has found various things from the scan. The first thing we can see is that this web application is using an Apache Web Server and that it also contains XML files. Nikto shows us it’s an outdated version of Apache by comparing it against the latest version. It’s also showing us that the web application is on a HTTPS server, and that the SSL is out of date too.
Step 2: Understanding the Scan We’re now beginning to build up a picture of this web application; it’s got some very exploitable vulnerabilities on it! As Nikto is cross referencing its database against the OSVDB, it begins to show more vulnerabilities. For example, it’s showing that /phpmyadmin/changelog.php is available. This should be hidden, and not human readable. This suggests that even more vulnerabilities might be available; as it’s the changelog, it may contain usernames, passwords, and other information. As we continue scrolling through the scan we can see that the “PHPmyadmindirectory” is listable. This is bad news for the webapp, as the PHPmyadmin hosts the administrative tasks that are done from within the webserver itself.
From this simple scan we’ve been able to ascertain that the web application has multiple vulnerabilities, all within the space of a few minutes. We’ve been able to see what web server the app is using and identified some easily spottable issues. In this guide to Nikto, we’ve covered how to scan with Nikto, and how to understand the information we’ve found.