Identify Web Server Vulnerabilities using Open-Source Vulnerability Scanner

In this blog, we will see how to identify security issues and vulnerabilities in a web server using an open-source tool called Nikto.

Nikto runs extensive testing on web servers for a variety of things, which includes over 6700 potentially harmful files and programs, over 1250 outdated versions of servers, and version-specific issues on over 270 servers.

 Additionally, it looks for HTTP server options and the existence of multiple index files and directories and will try to identify any installed web servers and software. 
The Plugins and scan components of Nikto automatically update and get updates frequently.
Nikto also provides information related to files and versions that lead a human tester to better penetration testing. 

Here are the major Features of Nikto

  • SSL Support (Unix with OpenSSL or Windows with ActiveState's Perl/NetSSL)
  • Full HTTP proxy support
  • Checks for outdated or vulnerable web server components
  • Save reports in various formats like plain text, XML, HTML, NBE, or CSV
  • Template engine that allows us to customize reports easily
  • Scan multiple ports on a web server or multiple servers via input file (including nmap output)
  • Identifies installed software/plugins via headers, favicons, and front-end code files
  • Reports unusual or custom HTTP/HTTPS headers
  • Identify interesting files and directories 

Now we will see how to install Nikto on Linux.

To install the Nikto, first, update the APT repository. 

Command: apt-get update

Install the Nikto

Command: apt-get install nikto

Once the Nikto is installed, run the command nikto -h to check the help 

Now we will see to scan the web server using Nikto

Command Syntex: nikto -host <IP/Host name> -port <Port Number> -Format <Report Format (CSV, json, htm, nbe, sql, txt or xml) -output <Report Name> -Display <Display Output> 

example: nikto -host -p 3000 -Format txt -output nikto_scan.txt -Display v

Once the scan is complete, we can check the scan results in the saved report.

Sahil Gupta

Application Security | DevSecOps | Secure SDLC | Penetration Tester (Web and API) | CEHv10 | IBM Certified Cybersecurity Analyst Professional

Previous Post Next Post

Contact Form