How to use NIKTO

-
Before attacking any website, a hacker or penetration tester will first compile a list of target surfaces. After they've used some good recon and found the right places to point their scope at, they'll use a web server scanning tool such as Nikto for hunting down vulnerabilities that could be potential attack vectors.
https://s24255.pcdn.co/wp-content/uploads/2015/01/main.png

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. 
Installing Nikto
if it’s not installed, you can run apt-get install nikto command:




Nikto –H
You can check the manual or usage of nikto by executing nikto –H or nikto -help command.
 
Usage of Nikto
You can usage nikto by the typing nikto and then the targeted domain name (nikto www.domain.com). 
Since we are not allowed to test on any other website until we have a written permission, we will try on our apache local host server. 
That IP (192.168.1.7) is my public Apache server ip which is running in windows 7 virtual machine and I’m testing from ma kali Linux virtual machine letter this ip will be changed to different IP like (192.168.1.10) because I have turned my machine off during the making of this article.

The scan result shows some vulnerabilities like:
  • The anti-clickjacking X-Frame-Options header is not present. 
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.
There are several variations of the clickjacking attack, such as:

  • Likejacking – a technique in which the Facebook “Like” button is manipulated, causing users to “like” a page they actually did not intend to like.
  • Cursorjacking – a UI redressing technique that changes the cursor for the position the user perceives to another position. Cursorjacking relies on vulnerabilities in Flash and the Firefox browser, which have now been fixed.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Solution: Configure your web server to include an X-Frame-Options header.
  • The X-XSS-Protection header is not defined. (cross-site scripting attack or inline javascript attack)
    XSS header is not encrypted so any attacker can use cross site script attack method to hijack the scripts of the target.
  • + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST (A Cross-Site Tracing (XST) attack involves the use of Cross-site Scripting (XSS) and the TRACE or TRACK HTTP methods. RACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information
  • + OSVDB-3268: /img/: Directory indexing found.
  • + OSVDB-3092: /img/: This might be interesting...
  • + OSVDB-3268: /icons/: Directory indexing found.
  • + OSVDB-3233: /icons/README: Apache default file found. (allows attackers to write anywhere in the file system.)


Now I will test on my wordpress testsite which I have installed it in xamp httdocs folder
-list-plugins
nikto -h 192.168.1.10/testsite -list-plugins 
-list-plugins:
This option will list all plugins that Nikto can run against targets and then will exit without performing a scan. These can be tuned for a session using the -plugins option.
The output format is:
Plugin name
full name – description
Display the Proces
nikto -D v  -h 192.168.1.10
While scanning for vulnerabilities we can see the process, If we need to see the live process we need to use option Display.
nikto.pl -D v -h www.google.com
Where,
  • -D = Display
  • v = Verbose
  • -h = hostname
Scan report

Scan and save the result to a file using below command to find the vulnerabilities.
nikto -o /root/Desktop/nikto_scan_result.html -Format html -h 192.168.1.10


After scan completes we will get the result in html format in current directory as shown below.

Comments

Post a Comment

Popular posts from this blog

Solving Computer Forensics Case Using Autopsy

-
Image
  Computer Forensics is the well-planned series of procedures and techniques used for obtaining evidence from computer systems and storage media. This evidence can then be analyzed for relevant information that is to be presented in a court of law. This article focused on a particular case and a forensic tool to give you a ‘feel’ of what computer forensics investigations are like. However, it is in no way comprehensive enough to cover the variety of problems and complications faced by the investigator.   Scenario  A complaint was made to the authorities describing alleged Wi-Fi hacking activity. When the authorities reached the spot, they found an abandoned Dell computer which is suspected that this computer was used for hacking purposes. Schardt uses "Mr.Evil" nickname when he goes online. He is also accused of parking his car in wireless range (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numb...
Read more

Pentesting - Exploitation Guide Metasploitable 1

-
Image
Metasploitable Metasploitable is an Ubuntu 8.04 server installed on a VMWare 6.5 image with a number of vulnerable packages included, which can be run on most virtualization software. You can grab your copy at Vulnhub – Metasploitable I used Kali Linux for attacking and VirtualBox for virtualization. Information Gathering nmap is a great tool for scanning ports and finding network services on a machine. We will run nmap with the following options: -sV to probe open ports for service and version info -O to fingerprint and try to guess the operating system -p1-65535 to do a complete port scan root@kali:~# nmap -sV -O 192.168.0.14 -p1-65535 Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-12 16:46 MDT Nmap scan report for 192.168.0.14 Host is up (0.00073s latency). Not shown: 65522 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.1 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 23/tcp open telnet Linux telnetd 25/tcp open smtp Postfix smtpd 53/tcp open...
Read more

The Main Cyber Threats Facing the Aviation Industry

-
Image
  Introduction The aviation industry, one of the most critical sectors in global transportation, is heavily dependent on interconnected technologies, which also makes it a lucrative target for cybercriminals. With each advancement in technology, there comes a new set of cyber risks that threaten the confidentiality, integrity, and availability of essential systems in the aviation ecosystem. The consequences of cyberattacks on the aviat ion industry can be catastrophic, ranging from flight delays to data breaches, physical harm to passengers, and even financial devastation for airlines and airports. As technology continues to evolve in aviation, so too do the cybersecurity challenges. In this comprehensive blog, we will explore the major cyber threats in the aviation industry and dive into best practices, standards, and risk assessments to mitigate these threats. 1. Overview of Cyber Threats in Aviation The aviation industry is complex, involving many interdependent systems such as ...
Read more