Networking

How to easily run comprehensive tests on your website with Nikto2

If you need a penetration test for your websites, it doesn't get much easier than Nikto2. This how-to shows you how to install and use this handy tool.

networkhero.jpg

If you're a website developer or admin, you know how important it is to stay up on the security of your work. You might drop that new site into a perfectly secured network, but what if the site itself has an issue or two tucked within the code? Or what if the hosting server has issues? You could place your network or your data in danger.

Because of this, you need comprehensive scanning tools that can run deep dive penetration tests on your websites and web servers to find issues you might have missed or not even known existed. Sounds hard, doesn't it?

It's not. Not when you have a tool like Nikto2. Nikto2 is the next evolution of the original Nikto scanner that performs comprehensive tests against web servers for over 6700 potentially dangerous files/programs. Nikto2 also checks for outdated versions of over 1250 servers, as well as specific problems on over 270 servers. Nikto2 checks for misconfigured server items (such as the presence of multiple index files). Nikto2 is frequently updated, so you can be sure it'll catch the latest issues.

Let's "install" and use Nikto2 and see just how easy it is to run a deep scan on your websites.

"Installation"

I place installation in quotes, as there really isn't an installation per se. You simply run the included executable file against your site. What exactly are the steps? Let me show you. I'll be demonstrating on Ubuntu Server, but running the tool is the same, regardless of distribution.

  1. Download the latest version of Nikto2.
  2. Unzip the file with the command unzip master.zip.
  3. Change into the newly created directory with the command cd nikto-master/program.

That's it for the "installation." You do, however, need to have Perl installed. If you're using Ubuntu to run Nikto2, you can install Perl with the command:

sudo apt install perl

Let's run Nikto2.

Usage

There are a few options you can use with Nikto2, but the basic usage is:

perl nikto2 -host SERVER_IP

Where SERVER_IP is the actual IP address of the server.

The command will fire off and dive into the website at the given address. Nikto2 will immediately report its findings and may even ask if it can add a server string to its database (Figure A).

Figure A

Figure A

Nikto2 is unaware of the NGINX server string.


After you've answered either Yes or No to submitting the string, Nikto2 will end. Depending on how large your site is and how many issues are present, the results could be lengthy. Because of that, you might want to save that output for later viewing. To do this, the command would be:

perl nikto.pl -host 192.168.1.188 -o test -Format csv

The above command would do a standard test on 192.168.1.188 and save the file named "test" in a CSV format. You could then view test with the command less test.

You can scan multiple ports with the command:

perl nikto.pl -h 192.168.0.1 -p 80,88,8000,443

Or, if you want to tune the command to run specific tests, you can use the Tuning option. The types of tests you can specify are:

  • 0 - File Upload exploits.
  • 1 - Interesting log entries.
  • 2 - Misconfiguration of default files.
  • 3 - Information Disclosure.
  • 4 - Injection (XSS/Script/HTML) exploits.
  • 5 - Remote file retrieval (within the document root) exploit.
  • 6 - Denial of Service.
  • 7 - Remote file retrieval (server wide).
  • 8 - Command execution/remote shell exploits.
  • 9 - SQL Injection.
  • a - Authentication bypass.
  • b - Software identification.
  • c - Remote source inclusion.
  • x - Reverse Tuning Options.

You combine the above to create a unique test. Say you want to test for Denial of Service, SQL injections, Authentication bypass, and Software identification. The command for this would be:

perl nikto.pl -h 192.168.1.188 -T 69ab

You can combine any of the above tests in this way. You can also combine that with the output option to save the results for later viewing like so:

perl nikto.pl -h 192.168.1.188 -T 69ab -o test -Format csv

If you need to test CGI directories, you could issue Nikto2 like so:

perl nikto.pl -h 192.168.1.188 -Cgidirs all -o test -Format csv

The "all" options would instruct Nikto2 to test all available CGI directories. If you want to specify a specific CGI directory, the command would be:

perl nikto.pl -h 192.168.1.188 -Cgidirs /cgi/ -o test -Format csv

You can even test multiple CGI directories like so:

perl nikto.pl -h 192.168.1.188 -Cgidirs /cgi/ /cgi-a/ /cgi-b/ -o test -Format csv

Read more

That's pretty much the gist of using the Nikto2 website scanner. For more information, you can issue the command perl nikto.pl -H|less to ready the full man page. For even more information, check out the official Nikto2 documentation.

Also See

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox