Nikto network and server security script
Posted on March 9, 2010 | Category: Informational, Networking, Perl, Resources, Reviews, Scripts, Security, bash
Nikto is a Perl script that scans and identifies potential risks on a server, website, or network.It is run completely from the command line and does an excellent job of digging out potential security holes. Download Nikto on their website. Specifically, Nikto tests for:
- IDS Evasion
- 2300+ New RFI Tests
- 6100+ Files and CGIs
- Outdated Versions of 950+ Servers
- Version-specific Problems on 260+ Servers
- SSL Information
Clearly, some of you out there right now, perhaps some reading this article, will use this tool for no good. It is unfortunate and disappointing.Here are example results from a local computer store that I ran while writing this post.
- Nikto v2.1.1 --------------------------------------------------------------------------- + Target IP: 000.000.000.000 + Target Hostname: some_website.com + Target Port: 80 + Start Time: 2010-03-10 4:43:04 --------------------------------------------------------------------------- + Server: Apache/2.0.52 (CentOS) + No CGI Directories found (use '-C all' to force check all possible dirs) + ETag header found on server, inode: 9502925, size: 10836, mtime: 0xc2f2e5c0 + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + Apache/2.0.52 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content. + OSVDB-3092: /service/: This might be interesting... + OSVDB-3268: /icons/: Directory indexing is enabled: /icons + OSVDB-3268: /images/: Directory indexing is enabled: /images + OSVDB-3268: /styles/: Directory indexing is enabled: /styles + OSVDB-3233: /icons/README: Apache default file found. + 3818 items checked: 10 item(s) reported on remote host + End Time: 2010-03-10 4:50:04 (430 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
Scans
Once you think that your site is ready, it is time to scan your system. The scans can take upwards of 10-15 minutes, but don’t worry. The script is not frozen or dying. It’s working! To get a list of other helpful syntax, type in ./nikto.pl at Terminal.
Syntax Examples
./nikto.pl -h website.com -port 443,8080 ./nikto.pl -h website.com
Similar Articles
- » How to join Ubuntu to Microsoft Active Directory domain using Likewise-open
- » Facebook captcha funny - a sexless day
- » Wolfam Alpha iPhone app drops to $1.99
- » Determining Hard Drive Temperature with hddtemp
- » Remove clutter from webpages using Readability
Leave a Reply
QR Code Link
