Kali Vulnerability Scanner Website With Nikto Tools




Nikto is a web security application is one of the most popular when you start a web project pentesting. Nikto is a web application scanning tools find a configuration error, openly accessible web directories and a host of other web application vulnerabilities.

In posting this time Nikto tools already available in Kali Linux. just below refer to how to scan a Website with Nikto in Kali Linux.

Open your terminal, then type command
nikto

It will pop up a few options
To Scan a website using the name of the host, we can use the option -h is followed by the command nikto.
example: nikto -h www.goggle.com ( for scan website )



When scanning for vulnerabilities, we can look at the running processes we need to use the display option.
by way of entering commands in the terminal as follows:
nikto -D v -h www.google.com

explanation the command
-D = Display
v = Verbose
-h = hostname

While tuning options can be used to determine the test. Using the option x we can exclude tests that we do not need.
The following options are available for a particular scan.

0 - File Upload
1 - Pull the file//we'll get log
2 - Misconfiguration/default Files
3 - information disclosure
4 - Injection (XSS/HTML/Script)
5 - Remote File Retrieval-Root Web in
6 - Denial of Service//Scan the DDOS
7 - Remote File Retrieval - Server Wide
8 - Command Execution//Remote Shell
9 - SQL Injection // Vulnerability Scan mysql
a - Authentication Bypass
b - Identification Software
c - Source Remote Inclusion
x - Reverse Tuning Options

Now here I'll scan the vulnerability of SQL to a web site. A single test will be completed in a short time if we are not bound to one scan it would take a full scan and it took hours to complete.
nikto -Tuning 9 -h www.google.com

use a few test scans
nikto -Tuning 69 -h www.google.com

scan and save the result into the file using the command below.
nikto -Display V -o nikto_scan_result.html -Format html -h 192.168.0.166

wait until the installation process is complete.

When it is finished type command
ls

then search for the file named
nikto_scan_result.html

After that open the "nikto_scan_result index.html" in your browser
 
that's some examples of how to scan a Website with Nikto at Kali Linux you can develop on its own.



Next
Previous
Click here for Comments

0 comments: