Thursday, March 17, 2016

HTTP Enumeration Using Nikto

Hello All,
      Here I am again for you with new article on HTTP enumeration using Nikto.
Enumeration is pre-phase of hacking cycle where attacker tries to gather more and more information about the target.
What is Nikto?
    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.




 Steps:
1. From a BackTrack shell, type the following (only type what's in bold):
user1@bt:~#cd /pentest/scanners/niktouser1@bt:~#pwd
Syntax breakdown:
cd /pentest/passwords/nikto
: change into the directory 

/pentest/passwords/nikto
pwd
: program name to print current directory


2. Update the Nikto databases and plugins from cirt.net by typing the following (only type what's in bold):

user1@bt:~#./nikto.pl -update
Syntax breakdown:
./nikto.pl: PERL script to run
-update: program option to update Nikto databases and plugins


3. Run the Nikto PERL script to scan a Windows target web server (only type what's in bold, on one line):

user1@bt:~#./nikto.pl -h win_target_IP_address > /root/ceh/nikto_win_scan
Syntax breakdown:
./nikto.pl: PERL script to run


-h win_target_IP_address: the IP address of the Windows target system
> /root/ceh/nikto_win_scan: redirect the output to a file called nikto_win_scan in the /root/ceh directory


4. Examine your results:
user1@bt:~#cat /root/ceh/nikto_win_scan | less

5. Record your results:


6. Repeat step #3 using your UNIX target IP address (only type what's in bold, on one line):

user1@bt:~#./nikto.pl -h unix_target_IP_address > /root/ceh/nikto_unix_scan

7. Examine your results:

user1@bt:~#cat /root/ceh/nikto_unix_scan | less

8. Record your results:


in case more details require/doubt feel free contact me.

More To refer:  Banner Grabbing using Telnet