ServerBuddies Support Blog

Nikto web server assessment tool

nikto - web server security scanner

Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.

Requirements

Any system which supports a basic PERL installation should allow Nikto to run. It has been extensively tested on. For SSL support the Net::SSLeay PERL module must be installed (which in turn requires OpenSSL on the Unix platform).

The nmap scanner can also be used, if desired. In some cases using nmap will slow down Nikto execution, as it must call an external program. For scanning many ports across one or more servers, using nmap will be faster than using Nikto’s internal PERL scanning.

Download

Unpack the download file:

Basic Testing

The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.0.1 on TCP port 80:

To check on a different port, specify the port number with the -p (-port) option. This will scan the IP 192.168.0.1 on TCP port 443:

Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:

There is no need to specify that port 443 may be SSL, as Nikto will first test regular HTTP and if that fails, HTTPS. If you are sure it is an SSL server, specifying -s (-ssl) will speed up the test.

Nessus full-service security scanner

nessus - Remote network security auditor, the client

Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.

For more information about Nessus, refer to the official website at the following URL: http://www.nessus.org/

Prerequisites

Tenable recommends a minimum of 256MB of memory to operate Nessus on a local “Class C” network. To conduct larger scans of multiple networks, at least 1 GB of memory is recommended, but it can require up to 4 GB

Installation on Red Hat and SUSE

Download the latest version of Nessus from http://www.nessus.org/download/.

Nessus is available for Red Hat ES 3, ES 4, and Fedora Core 4, and SUSE 9.3 and 10.0. Unless otherwise noted, all commands should be performed as the system’s root user.

Then, install it with the following command depending on your version:

This will install Nessus into the directory /opt/nessus/.

Below is an example of the screen output for installation on Red Hat ES3:

Please run /opt/nessus/sbin/nessus-adduser to add an admin user

Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins

Scanning Hosts with Nmap for vulnerability assessment.

Using Nmap

Nmap can be run from a shell prompt by typing the nmap command followed by the hostname or IP address of the machine to scan.

Administrators can use Nmap on a network to find host systems and open ports on those systems.

Nmap is a popular tool included in Red Hat Enterprise Linux that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. An excellent man page is included that provides a de-
tailed description of its options and usage.

Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host.

For more information about using Nmap, refer to the official homepage at the following URL: http://www.insecure.org/

The iptables services must be turned off to use the ip6tables service.

The first step in using ip6tables is to start the ip6tables service. This can be done with the command:

The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses and, as such, carrier networks that are IPv6 aware are able to address a larger number of routable addresses than IPv4.

To make ip6tables start by default whenever the system is booted, change the runlevel status on the service using chkconfig.

The syntax is identical to iptables in every aspect except that ip6tables supports 128-bit addresses. For example, SSH connections on a IPv6-aware network server can be enabled with the following rule.

Reference -

http://www.ipv6.org/
http://www.netfilter.org/
http://www.tldp.org/

A list of common services and their port numbers can be found in /etc/services

iptables includes a module that allows administrators to inspect and restrict connections to services available on an internal network using a method called connection tracking.

NEW - A packet requesting a new connection, such as an HTTP request.

ESTABLISHED - A packet that is part of an existing connection.

RELATED - A packet that is requesting a new connection but is part of an existing connection, such as passive FTP connections where the connection port is 20, but the transfer port can be any unused port 1024 or higher.

INVALID - A packet that is not part of any connections in the connection tracking table.

The following above example shows a rule that uses connection tracking to forward only the packets that are associated with an established connection.