Hello All,
Here I am again for you with new article on HTTP enumeration using Nikto.
Enumeration is pre-phase of hacking cycle where attacker tries to gather more and more information about the target.
Steps:
1. From a BackTrack shell, type the following (only type what's in bold):
cd /pentest/passwords/nikto: change into the directory
/pentest/passwords/nikto
pwd: program name to print current directory
2. Update the Nikto databases and plugins from cirt.net by typing the following (only type what's in bold):
./nikto.pl: PERL script to run
-update: program option to update Nikto databases and plugins
3. Run the Nikto PERL script to scan a Windows target web server (only type what's in bold, on one line):
./nikto.pl: PERL script to run
-h win_target_IP_address: the IP address of the Windows target system
> /root/ceh/nikto_win_scan: redirect the output to a file called nikto_win_scan in the /root/ceh directory
4. Examine your results:
5. Record your results:
6. Repeat step #3 using your UNIX target IP address (only type what's in bold, on one line):
7. Examine your results:
8. Record your results:
in case more details require/doubt feel free contact me.
More To refer: Banner Grabbing using Telnet
Here I am again for you with new article on HTTP enumeration using Nikto.
Enumeration is pre-phase of hacking cycle where attacker tries to gather more and more information about the target.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.What is Nikto?
Steps:
1. From a BackTrack shell, type the following (only type what's in bold):
Syntax breakdown:user1@bt:~#cd /pentest/scanners/niktouser1@bt:~#pwd
cd /pentest/passwords/nikto: change into the directory
/pentest/passwords/nikto
pwd: program name to print current directory
2. Update the Nikto databases and plugins from cirt.net by typing the following (only type what's in bold):
Syntax breakdown:user1@bt:~#./nikto.pl -update
./nikto.pl: PERL script to run
-update: program option to update Nikto databases and plugins
3. Run the Nikto PERL script to scan a Windows target web server (only type what's in bold, on one line):
user1@bt:~#./nikto.pl -h win_target_IP_address > /root/ceh/nikto_win_scanSyntax breakdown:
./nikto.pl: PERL script to run
-h win_target_IP_address: the IP address of the Windows target system
> /root/ceh/nikto_win_scan: redirect the output to a file called nikto_win_scan in the /root/ceh directory
4. Examine your results:
user1@bt:~#cat /root/ceh/nikto_win_scan | less
5. Record your results:
6. Repeat step #3 using your UNIX target IP address (only type what's in bold, on one line):
user1@bt:~#./nikto.pl -h unix_target_IP_address > /root/ceh/nikto_unix_scan
7. Examine your results:
user1@bt:~#cat /root/ceh/nikto_unix_scan | less
8. Record your results:
in case more details require/doubt feel free contact me.
More To refer: Banner Grabbing using Telnet
No comments:
Post a Comment