If your going to exploit websites and Pentest, Before that you need to make sure what vulnerabilities that site containing and that can be done through information gathering. Trying to attack with various exploits without finding any vulnerabilities isn’t an professional way.
There are a number of tools and applications which is used to find vulnerabilities in websites, but Nikto is one of my favorite tool to examines a website and reports back the potential vulnerabilities that found, which I could use to exploit or hack the site.
The Nikto webserver scanner is an security audit tool which will test for over 6700 items of possible security issues on a website. Including the IP, hostname, port used on service, particular dangerous files, X-SS protection, CGI directories, mis-configured services, vulnerable scripts and other issues. It is open source and structured with plugins that extend the capabilities.
Nikto is inbuilt on majority Pentesting Distro such as Kali Linux. In this tutorial, I’m going to show you how to use Nikto on Kali Linux. So, you do not need to install anything.
Lets get started!
Open terminal, don’t do such noobies clicky on menu items. USE TERMINAL. Type following command to see available options to use :
Target address Nikto allowed use the format:
HTTP Service of Typical website on default Port 80: www.thehackertoday.com
HTTPS Service of website on default Port 443: https://www.thehackertoday.com
HTTP Service IP address of website on Port 80: 10.9.17.21
There are multiple args or sytax nikto able to do. However, the simplest way is :
nikto -h $webserver
First, Nikto tells us the server is Nginx v.1.8.0
Then, near to the bottom nikto identifies a vulnerability with OSVDB prefix (Open Source Vulnerability Database). Now googling for OSVBD-576, OSVBD-3092 and here we got :
As you can see we know about our target vulnerability and through google we got a exploit method, But we’re not going to show you how to hack your target our intention is just to teach you how to do ethical hacking and report bugs. Using Nikto is simple and more efficient. If you have any questions please join our forum.