If you’re going to exploit websites and Pentest, Before that you need to make sure what vulnerabilities that site contains and that can be done through information gathering. Trying to attack with various exploits without finding any vulnerabilities isn’t a professional way.
There are a number of tools and applications which is used to find vulnerabilities in websites, but Nikto is one of my favorite tools to examine a website and report back the potential vulnerabilities that are found, which I could use to exploit or hack the site.
The Nikto web server scanner is a security audit tool that will test for over 6700 items of possible security issues on a website. Including the IP, hostname, the port used on service, particular dangerous files, X-SS protection, CGI directories, misconfigured services, vulnerable scripts, and other issues. It is open-source and structured with plugins that extend the capabilities.
Nikto is inbuilt on majority Pentesting Distro such as Kali Linux. In this tutorial, I’m going to show you how to use Nikto on Kali Linux. So, you do not need to install anything.
Let’s get started!
Open terminal, don’t do such noobies clicky on menu items. Use terminal. Type the following command to see available options to use:
Target address Nikto allowed use the format:
- HTTP Service of Typical website on default Port 80: www.thehackertoday.com
- HTTPS Service of the website on default Port 443: https://www.thehackertoday.com
- HTTP Service IP address of the website on Port 80: 10.9.17.21
There are multiple args or syntax nikto able to do. However, the simplest way is:
nikto -h $webserver
First, Nikto tells us the server is Nginx v.1.8.0
Then, near the bottom nikto identifies a vulnerability with OSVDB prefix (Open Source Vulnerability Database). Now googling for OSVBD-576, OSVBD-3092, and here we got :
As you can see we know about our target vulnerability and through google, we got an exploit method, But we’re not going to show you how to hack your target our intention is just to teach you how to do ethical hacking and report bugs. Using Nikto is simple and more efficient. If you have any questions please join our forum.