Nikto - web server scanner - it's relation with other security tools

1. Nikto&
other tools
Sorina-Georgiana CHIRILĂ
Software Security

2. Overview
●
●
●
●
●
●
●
●
Nikto - short introduction,
Burp Suite,
Wikto,
Nmap,
Metasploit,
Nessus,
OpenVAS,
Useful links.

3. Nikto - short introduction
● You manage several Web servers/applications
● Need to find potential problems and security
vulnerabilities, including:
- Server and software misconfigurations
- Default files and programs
- Insecure files and programs
- Outdated servers and programs

4. Nikto - short introduction
●
●
●
●
●
●
●
●
Web server scanner,
Created by : David Lodge and Chris Sullo,
Version 1.00 Beta released on: December 27, 2001
Current version: 2.1.5,
Written in: Perl,
The name is taken from the movie: The Day The Earth Stood Still,
Sponsored by: Sunera LLC,
Official page : http://www.cirt.net/nikto2.

5. Nikto - short introduction
●
●
Open source,
Performs test against web servers
for multiple items:
- Looks for over 6500 potentially dangerous files/CGIs,
- Checks for outdated versions of over 1250 servers,
- Looks for version specific problems on over 270 servers,
- Attempts to identify installed web servers and software,
- Checks for the presence of multiple index files and HTTP
server options,
●
Output can be saved in a variety of formats: text, XML, HTML.

6. Nikto - short introduction
Burp Suite
Web scanner
Metasploit
Pr
ox
ing
gg
Lo
y
Wikto
Web scanner
Nikto
DB
Nikto
to
Integrated
Vulnerability exploitation
Nessus
Vulnerability scanner
Web scanner
eg
rat
ed
O
ut
pu
tf
or
Int
Nmap
Network scanner
OpenVAS
Vulnerability scanner

7. Burp Suite
●
●
●
Integrated platform for performing security testing of web
applications,
Its tools work great togheter to support the entire testing process,
from initial mapping and analysis of an application’s attack surface,
through to finding and exploiting security vulnerabilities,
Gives full control , meaning combine advanced manual techniques with
state-of-the-art automation for fast, effective results.
http://portswigger.net/burp/

8. Burp Suite - key components
●
●
●
●
●
●
●
Proxy - an intercepting proxy , which lets you inspect and modify traffic
between your browser and the target application,
Spider - an application aware spider, for crawling content and
functionality,
Scanner - an advanced web application scanner, for automating the
detection of numerous types of vulnerabilities,
Intruder - an intruder tool, for performing powerful customized attacks
to find and exploit unusual vulnerabilities,
Repeater - a repeater tool, for manipulating and resending individual
requests,
Sequencer - a sequencer tool, for testing the randomness of session
tokens,
Ability to: save your work and resume your work later, write plugins.

9. Burp Suite - Nikto
Proxy - can intercept the http requests and
show them in proper format so it can be used to
analyse the queries made by Nikto and
discover vulnerabilities.

10. Burp Suite - Nikto
perl nikto.pl -h localhost -useproxy
http://localhost:8080/

11. Wikto
●
●
●
●
●
●
●
●
Roles: checks for vulnerabilities in webservers,also in the
implementation, it tries to find interesting directories and files on the web
site and it looks for simple scripts that can be abused,
Written in: .NET C#,
Version: 2.1.0.0.
Release date: 2008-12-14,
Created by: sensepost,
Cost: free,
License:GPL,
Nikto for Windows with extra features: fuzzy logic eror code
checking, a back-end miner, Google assisted directory mining, real time
HTTP request/response monitoring.

12. Wikto - Nikto
Wikto uses Nikto’s
database to perform
different checks
against web server.
Nikto DB

13. Nmap
●
●
●
●
●
●
●
●
●
●
Network Mapper,
Roles: network discovery and security analysis,
Technique: uses IP raw packets ,
Determine: what host are available on the network, what services
(application name and version) those hosts are offering, what operating
systems (and OS versions) they are running and other,
Free and Open Source,
Available with: command line and GUI viewer( Zenmap),
Well documented and supported,
Portable: runs on al major operating systems,
Won numerous awards and was featured in twelve movies ,
Official site: http://nmap.org/.

14. Nmap -Nikto
Scenario: Nikto supports scanning multiple
hosts via text file of host names or IPs. A host
file may also be a Nmap output in “greppable”
format.
Operating system
Windows 7, 64 bit
Steps
●
●
●
●
Nikto
Version 2.1.5
Download and install Nikto and Nmap,
Put in the Environment Variables, Path for
the two folders of the programs mentioned
above,
In Start search for cmd, wait to open
Command Prompt,
Type the following for localhost, port 80:
nmap -p80 localhost/24 -sT -Pn -oG - |
nikto.pl -h -
Nmap
-oG - greppable format, name of the file - , to be
passed through stdin/stdout to Nikto,
command-line zip file: nmap-6.40-win32.zip
-sT - TCP connect scan,
-Pn - no ping , disable host discovery.

15. Nmap -Nikto - scan results

16. Metasploit
●
●
●
●
●
Vulnerability exploitation tool -> Framework,
Released in : 2004,
Project acquired by: Rapid7 in: 2009,
Open source platform for developing, testing and using exploit code ,
Commercial variants, also :
Pro
Express
Community
Framework
Enterprise Security
Programs& Advanced
Penetration Tests
Baseline Penetration
Tests
Free Entry -Level
Edition
Free Open Source
Development
Platform
Web-based GUI
Web-based GUI
Web-based GUI
Java-based GUI
http://www.rapid7.com/products/metasploit/editions-and-features.jsp

17. Features
Real world security testing
Get a security reality check with exploitation, vulnerabilility validation, advanced attacks and evasion techniques.
Vulnerability validation
Verify which potential vulnerabilities really put your network and data at risk.
Productivity boost
Complete assignments faster with efficient workflows, wizards, data management, APIs and automation.
Password auditing
Uncover weak passwords on over a dozen network services.
Web App Testing
Audit on-premise and cloud-based web apps to identify OWASP Top 10 vulnerabilities.
Teamwork and Reporting
Leverage team members' expertise and create reports at the push of a button.
Support for Windows, Linux operating systems
Windows XP, Vista, 7, 8,, Red Hat Enterprise Linux 5.x, 6.x - x86 ,Ubuntu Linux 8.04, 10.04, 12.04 - x86 , Kali Linux 1.0 .

18. Metasploit -Nikto
How to: Metasploit Framework
How to: Nikto(logging to)
●
●
●
●
Set a PostgreSQL database
(u:
msf, pass:password123)
Set web xmlrpc interface at :127.0.0.1,
port 55553,
Run a command like: db_vulns , after,
to see how Nikto tested for and detected
the vulnerability
●
Install Perl modules RPC::XML::Client
and RPC::XML
Add your own test for a vulnerability in
Nikto/Plugins directory
"006XXX","40478","b","/tikiwiki/tiki-graph_formula.php?
w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=","
GET","200","","","","","This device may have a vulnerable installation
of TikiWiki.","",""
where 006XXX is the one number greater than the last entry in
db_test file, 40478 is the osvdb number
[*] Time: Tue Nov 10 00:22:14 UTC 2010 Vuln: host=localhost
port=80 proto=tcp name=nikto.005988 refs=OSVDB-5292
[*] Time: Wed Nov 10 00:23:08 UTC 2010 Vuln: host=localhost
port=80 proto=tcp name=nikto.006453 refs=OSVDB-40478
●
perl nikto.pl -h localhost -Format msf
-o msf:password123@http://localhost:55553/RPC2
all scan results are saved in the msf database in realtime.

19. Nessus -Nikto
●
●
●
●
●
●
●
●
●
●
●
Started: as a project in 1998,
by: Renaud Deraison,
to: provide a free remote security scanner,
but: in 2005 Tenable Network Security take it
and: make it closed source.
Can perform scans on: networks, operating systems, web applications,mobile devices,
Most popular and capable scanner, for UNIX systems particularly,
Support for different operating systems,
Has an extensive plugin database, updated daily, (plugin = vulnerability test written in
NASL(Nessus Attack Scripting Language) )
Various formats of the scan results : plain text, XML, HTML and Latex,
Last stable release: 5.2.1/May 7, 2013.

20. Nessus -Nikto
Nikto can be integrated in Nessus
Settings:
How: when Nessus finds a web
server,automatically launch Nikto.
1.
2.
3.
4.
5.
Nikto installation,
Put nikto.pl in PATH,
Ensure that nikto.nasl is present in the
Nessus install(Nasl Wrapper),
Run “nessusd -R”,
Finally restart nessusd.

21. OpenVAS -Nikto
●
●
●
●
●
●
●
Open Vulnerability Assessment System,
Began under the name GNessUs, as a fork of the Nessus open source tool,
Framework of several services and tools,
Roles: vulnerability scanning and vulnerability management solution,
Cost: free,
Developed by: Greenbone Networks ,
Last stable release: 6.0/April 17, 2013.
Nikto
●
●
●
is integrated, as a tool, into OpenVAS,
the OpenVAS plugin for Nikto integration(nikto.nasl) needs to be present and enabled,
the results of a Nikto scan are included in OpenVAS final scan.

22. Useful links
●
●
●
●
●
●
●
●
http://www.binarytides.com/nikto-hacking-tutorial-beginners/,
http://research.sensepost.com/tools/web/wikto,
http://research.sensepost.
com/cms/resources/tools/web/wikto/using_wikto.pdf,
http://www.rapid7.com/resources/videos/penetration-testing.jsp,
http://infosecandotherstuff.blogspot.ro/2010/11/nikto-xmlrpc-autowpwnmetasploitable.html,
http://cirt.net/nikto2-docs/usage.html#id2740923,
http://nmap.org/book/man-port-scanning-techniques.html,
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.
com/files/uploads/documents/whitepapers/Using%20Nessus%20in%
20Web%20Application%20Vulnerability%20Assessments.pdf

23. Questions ?
Thank You!