Kali Linux: nikto Search Web Vulnerability (en)
Before attacking any website, it's crucial to conduct good reconnaissance. A few minutes of reconnaissance can save hours of hacking time. Attempting various hacking techniques without first finding site vulnerabilities is pure folly.
There are numerous tools and applications for finding vulnerabilities on a website, but one of the simplest is nikto.
This small and simple tool scans a website and reports back to us potential vulnerabilities found that we can use to exploit or hack the site. Additionally, it is one of the most widely used web vulnerability tools in the industry and is considered an industry standard by many.
Although this tool is very useful and effective, it can be detected (not hidden). Any website with IDS or other security measures will detect that we are scanning. Originally designed for security testing, it was never intended to be done covertly.
Step 1: Run Kali & Open Nikto
To run Nikto, we need to run Kali. Once Kali is running, go to
Kali Linux -> Vulnerability Analysis -> Misc Scanners -> nikto
Although there are many options in using nikto, we will limit ourselves here to the basic syntax, like this:
nikto -h <IP or hostname>
Step 2: Scan Web Server
Let's start with a secure web server on our own network. In this case, we can run the http service on another computer on the network. There is no website hosted by this machine, just a web server. Let's scan its vulnerabilities by typing:
nikto -h 192.168.1.104
Nikto will likely respond with a lot of information, for example:
- First, it tells us that the server is Apache 2.2.14, possibly on Ubuntu. It nails down this info and gives more information about other potential vulnerabilities on this web server.
- Notice near the bottom that it identifies some vulnerabilities prefixed with OSVDB. This is the Open Source Vulnerability Database. This is a managed database of known vulnerabilities at www.osvdb.org, among other databases we discuss, such as SecurityFocus and Microsoft's Technet.
Step 3: Scan Site
Let's try another site. Here we will attempt to hack a web server named webscantest.com. Let's see what nikto can tell us about this site.
nikto -h webscantest.com
Again, it identifies the server (Apache) and then begins to identify various potential vulnerabilities previously fixed with OSVDB. We can check the website at www.osvdb.org to learn more about these vulnerabilities.
Now, let's use this site to find information about one of the vulnerabilities identified by nikto as OSVDB-877. We can enter that reference number into the search function and it brings up the following page.
Notice, at the bottom of this page there are cross-references to various sources of information about this vulnerability, as well as references to tools and filters like Nikto, Nessus, and Snort.
Scan WonderHowTo
Let's scan a few more sites and see what they can tell us about those sites. Let's see what we can learn about the site, www.wonderhowto.com.
nikto -h wonderhowto.com
As we see, it tells us that WonderHowTo uses Microsoft IIS 8.5 as its web server and then lists many potential vulnerabilities.
However, any attempt to exploit the listed vulnerabilities would reveal that they are all false-positives because WonderHowTo merely returns a harmless 404 page. This is because WonderHowTo is not built on php or asp as the noted exploits expect.
False positives like these can arise because the scanner doesn't actually execute each possible vulnerability but rather scans to see if the server responds without error to URLs known to be exploitable.
Scan Facebook
Finally, let's try scanning www.facebook.com.
nikto -h facebook.com
As we see, Facebook is very secure with few vulnerabilities. As we can imagine, if Facebook were insecure, every script-kiddie on the planet would hack it to see who their true love is chatting with online.