Azharbase.blogspot.com- Before conducting Penetration Testing or attacking the Website, the Hackers and Pentesters first do a recon or recognize the target surface list. In this post, Azharbase will discuss reconnaissance tools that are commonly used to conduct surveillance, namely Nikto. This tool has often been used by Hackers and Penters on a website to find a list of target surfaces. What is Nikto? Nikto ...
What is Nikto?
Nikto is a simple, open source web server scanner that checks websites and reports back vulnerabilities it finds that can be used to exploit or hack a site.
This tool is one of the most widely used website vulnerability tools in the industry, and in many circles, is considered an industry standard.
Although this tool is very effective, it is not hidden at all. Any site with an intrusion detection system or other existing security measures will detect that it is being scanned. Initially designed for security testing.
How to use Nikto?
The first step is to install Nikto in the Linux Terminal by using the command:
apt install nikto
Or install nikto from github
The second step after completing the install all you have to do is read and understand all the commands in Nikto by using the command:
nikto-help
The third step is to use basic basic syntax. As you can see from the previous step, Nikto has many options,
but for the purpose of using the basic syntax as follows:
nikto -h <IP or hostname>
However, Nikto is able to do scans that can be done after SSL
and port 443, the port the HTTPS website uses (HTTP uses port 80 by default).
So it's not just limited to scanning old sites, Nikto can do a vulnerability assessment on sites that use SSL, which currently has quite a lot of requirements to be indexed in search results.
If Nikto knows this is a targeted SSL site, I can
specify it on Nikto to save scanning time with
add -ssl at the end of the command.
nikto -h <IP or hostname> -ssl
Step Five Scan the IP Address. Now I have done a quick scan of a website,
let's try using Nikto on the local network to find a server
embedded like a login page for a router or HTTP service on a computer
others are just servers without a website. To begin, let's look for an IP address using ifconfig.
The IP address that we want is the "inet" address. Then we can run ipcalc on it to get my network coverage. If you don't have ipcalc, you can install it with apt install ipcalc, then try again. The range will be next to "Networks," in my case, 192.168.0.0/24.
ipcalc 192.168.0.48
Now, we want to run Nmap to find services running within network coverage.
Let's scan port 80 with our range and paste it in -oG (output grepable) to extract only active and running hosts, which respond indicates that port 80 is open. Then we will save everything to the file, which I call file.txt, but can be given any name.
nmap -p 80 192.168.0.0/24 -oG file.txt
There is a nice little trick that can send all hosts on a basis
directly to Nikto for scanning. I use cat to read the output stored in my file.txt document (or whatever you want).
Then, there is awk, a Linux tool that will help look for the following pattern, where Up means host up and printing $ 2 means to print the second word on that line for each, i.e. only an IP address. Then, I send the data to a new file called targetIP.txt (or whatever you want to name it).
cat file.txt | awk '/Up$/{print $2}' | cat >> targetIP.txt
Now we can see the contents of our new file with paint to see all IP addresses that have port 80 open.
cat targetIP.txt
This is perfect for Nikto because it can easily interpret files like this. So I can send this output to Nikto with the following command.
nikto -h targetIP.txt
The results will look similar to what I got when doing an SSL scan.
Step Six Scan the HTTP Website
I have scanned a secure website and IP address on a local network, and now it is time to search for an unsecured web domain using port 80. As follows.
nikto -h <http://website.com>
Step Seven Pair the Scan with Metasploit
One of the best things about Nikto is that you can actually export information into a format that can be read by Metasploit when you scan.
To do this, just use the command above to do the scan, but add the -format msf + to the end. This format can help me pair data quickly with weapon exploits.
So, in this guide, I move from determining the target surface area
to find vulnerabilities then pair them with weapons exploits so I don't have to do all the work.
Because Nikto is not a hidden tool, we recommend scanning this type from VPN, via Tor, or other types of services so that your real IP address isn't flagged due to suspicious behavior.
That is all from me
Byee see you again ~
#azharbase
No comments