Nikto2 web server assessment tool Install.

Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Installation

Any system which supports a basic Perl installation should allow Nikto to run. For SSL support the Net::SSLeay Perl module must be installed (which in turn requires OpenSSL on the Unix platform).

Perl: http://www.cpan.org/
LibWhisker: http://www.wiretrip.net/
ActiveState Perl: http://www.activestate.com/
OpenSSL: http://www.openssl.org/
Perl modules RPC::XML::Client and RPC::XML for Metasploit logging integration

Download - http://cirt.net/nikto/nikto-2.1.3.tar.bz2

Unpack the download file:

tar -xvfz nikto-2.1.3.tar.bz2

Basic Testing
The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.0.1 on TCP port 80:

perl nikto.pl -h 192.168.0.1

To check on a different port, specify the port number with the -p (-port) option. This will scan the IP 192.168.0.1 on TCP port 443:

perl nikto.pl -h 192.168.0.1 -p 443

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.