fbpx

WEB SERVER SECURITY SCANNING WITH NIKTO

26 Aug WEB SERVER SECURITY SCANNING WITH NIKTO

Nikto is an Open Source web server scanner with ability to do comprehensive tests against web servers for multiple items.

Nikto can
1. Scan potentially dangerous files/CGIs,
2. Check for outdated version of web server,
3. Can provide details of weakness if current version is used.
4. Server configuration items such as the presence of multiple index files, sample directories HTTP server options, and will attempt to identify installed web servers and software.

Nikto can be downloaded from http://www.cirt.net/nikto2

If you are using Linux/Unix system you can extract files using command tar -xvf <filename>.tar.gz , once it is downloaded you can start using is without applying more configuration. It is recommended to update database before start using it. Database can be updated with nikto -update

snapshot4

Once database is updated nikto -host <hostname> can be used to find vulnerability of the remote server.

snapshot5-300x128