Lead Image © spleen87, photocase.com

Scanning servers with Nikto

Cover Your Tracks

Article from ADMIN 51/2019

By Chris Binnie

The Nikto scanner performs multiple comprehensive tests against web servers.

An abundance of security tools tout their wares on the Internet these days, making it difficult to sift the wheat from the chaff. Many such tools are proprietary, some are unquestionably good value for the money, and some tools are overpriced but marketed well. When surrounded by all these options, however, remember that a sizeable number of highly sophisticated open source tools are available as well.

In this article, I'm going to use a Docker container running the sophisticated open source web scanner, Nikto to, among other things, look for files and directories that could potentially be considered security holes. By fixing these misconfigurations or previously unknown issues on your web servers, you can cover your tracks to provide a more robust security posture.

Setting Sail

Nikto [1] holds nothing back and explicitly declares that it's never been designed for stealth. It's an all-out, no holds barred scanner that will leave a noisy footprint. Among Nikto's many features are trying to guess credentials, scanning as quickly as possible, logging to Metasploit [2], replaying findings that flagged an issue, and running over multiple servers or specific network ports.

Rest assured that Nikto is comprehensive. Its scans boast "tests against web servers for … over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers" [3].

However, please be aware that you need permission before scanning a web server. The footprint you'll leave behind will be very obvious: Logfiles will contain a heap of HTTP requests, perhaps hundreds, and you might see some Apache error log entries, too. A number of security findings by Nikto that an

...

Use Express-Checkout link below to read the full article (PDF).