פרטי הקורס
Using Nikto For Advanced server Scanning
Nikto is a powerful, open-source web server scanner that is designed to detect potentially vulnerable files, configurations, and programs on web servers. Here's a summary of how Nikto is used for advanced server scanning: Purpose and Capabilities: Nikto is specifically developed to scan web servers for thousands of known vulnerabilities and misconfigurations. It can identify default and insecure files, outdated server software, and potentially hazardous programs running on the server. Features: Tests for over 6700 potentially dangerous files and programs. Checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers. Scans for server configuration items such as multiple index files and HTTP server options, and will attempt to identify installed web servers and software. Customization and Plugins: Nikto can be extended with plugins and can be customized to include specific tests as per user requirements. It supports SSL, proxies, host authentication, and more, enhancing its versatility and capability to assess complex web server setups. Output and Integration: Scan results can be saved in various formats like text, HTML, XML, or even directly imported into a database. Nikto can integrate with other software tools, such as Metasploit, for deeper analysis and exploitation of vulnerabilities. Security and Usage Considerations: While Nikto provides a wealth of information about potential vulnerabilities, it can generate a significant amount of network traffic and might be detected by intrusion detection systems (IDS). Users must operate with caution, especially on networks they do not own or have explicit permission to test. Typical Use Cases: Routine security audits to ensure no known vulnerabilities are present. Quick checks following the installation of a new web server or application. Continuous security assessments in a development environment. Using Nikto for server scanning is a crucial part of maintaining web server security and ensuring compliance with security policies. Its comprehensive nature makes it an invaluable tool for system administrators and security professionals aiming to protect their systems from known threats.
0/1
Installing Nikto on Various Unix Server Distributions
00:00
security assement using kali tools – using nikto
פרטי השיעור

Installing Nikto on Various Unix Server Distributions

Nikto is a popular open-source web server scanner used by security professionals to detect potential vulnerabilities. Below is a detailed guide on how to install Nikto on various Unix server distributions, including Debian-based systems, Red Hat-based systems, and others like macOS and FreeBSD.

You can read more info on nikto's official website : https://cirt.net/Nikto2

1. Debian-Based Systems (Ubuntu, Debian)

Step-by-Step Installation:

  1. Update Package List: Open a terminal and execute the following command to update your package list:
Copy Code 


sudo apt-get update
  1. Install Nikto: Install Nikto using the apt-get command:
Copy Code 


sudo apt-get install nikto -y

Verification: Check the installation by running:

2. Red Hat-Based Systems (CentOS, Fedora, RHEL)

Step-by-Step Installation:

  1. Enable EPEL Repository: For CentOS and RHEL, enable the Extra Packages for Enterprise Linux (EPEL) repository first:
    sudo yum install epel-release -y

    Fedora users can skip this step as the EPEL repository is not required.

  2. Install Nikto: Install Nikto using the yum or dnf command (for Fedora):
    sudo yum install nikto -y

    or

    sudo dnf install nikto -y

Verification: Check the installation by running:

nikto -Version

3. Arch Linux

Step-by-Step Installation:

  1. Use Pacman: Install Nikto directly from the community repository using pacman:
    sudo pacman -S nikto

Verification: Verify the installation by running:

nikto -Version

4. macOS

Step-by-Step Installation:

  1. Install Homebrew: If not already installed, you can install Homebrew, a package manager for macOS, by running:
    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  2. Install Nikto: Once Homebrew is installed, you can install Nikto using Homebrew:
    brew install nikto

Verification: Check if Nikto was installed successfully:

nikto -Version

5. FreeBSD

Step-by-Step Installation:

  1. Install from Ports Collection: You can install Nikto from the FreeBSD Ports Collection. First, navigate to the Nikto port directory:
    cd /usr/ports/security/nikto/

    Then, compile and install the port:

    make install clean

Verification: Verify that Nikto is correctly installed by running:

nikto -Version

Post-Installation Steps

After installing Nikto, it's advisable to:

  • Update Nikto's plugin and database: Nikto can be updated with the latest vulnerability database and plugins by running:
    nikto -update
  • Run an initial test: Test your Nikto installation by scanning a test website (ensure you have permission):

 

Copy Code 


nikto -h http://testsite.com

This guide should help you install Nikto on various Unix-based server distributions, ensuring you're equipped to start securing your web servers effectively.

Share
Copy Link
×