Sunday, May 18, 2014

Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:
  • Nikto is an open source.
  • It can check a web server for over 6400 potentially dangerous files/CGIs.
  • It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
  • It checks the plug in and un-configured files.
  • Fast & Effective.
  • It finds out the default files and programs.
  • It finds out the insecure files and programs.
Features:


  • Full HTTP proxy support.
  • Apache user name enumeration.
  • Logging to Metasploit.
  • Secure Socket Layer support (SSL).
  • Sub-domain brute forcing (guessing).
  • Easy to update.
  • Save report on multiple format.

Requirements:
  • Backtrack 5 / Kali Linux with Perl installed in it.

Tutorial:


The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.


Open Nikto by following this:



1. To scan a website for the vulnerability we type:
$ perl nikito.pl -host http://www.mytargetsite.com/
or
$ perl nikito.pl -h http://www.mytargetsite.com/



2. For help:
$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]



4. If you want this test via proxy than you can use by this command:
$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:
$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):
$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt


Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable



                  Posted by at
                  Labels: , , , ,

                  No comments:

                  Post a Comment

                  Subscribe to: Post Comments (Atom)