Scan any website for vulnerabilities with Nikto
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Website is an extremely large and vast information network. But there’s also no guarantee that websites are free of vulnerabilities. The vulnerability allows unauthorized access and unreasonable exploitation by others.
Easily affect the website’s database. Current hackers prefer to hack the web rather than hack apps or hardware. This paragraph AnonyViet Please allow me to talk about the vulnerability scanning tool that is taking Nikto by storm.
Nikto Vulnerability Scan Tool?
The Nikto tool was born, but not on anyone’s side. Hackers can use it to scan for vulnerabilities and gain unauthorized access. But programmers can also use it to scan for vulnerabilities. Then, patch the vulnerability before the website is attacked by bad guys. That’s why I said Nikto isn’t on anyone’s side. It will be good or bad depending on the purpose of the user.
Nikto will check the overall website then report the detected vulnerabilities.
Cons: Although Nikto scans for vulnerabilities extremely quickly and efficiently. But it’s not sneaky. Any website with IDS or anti-phishing measures. Then it will immediately detect you are scanning it and send a notification to the admin.
Testing security scanning with Nikto
On a computer running kali linux or other distribution versions of Kali.
Please visit in order Kali Linux -> Vulnerability Analysis -> Misc Scanners -> nikto.
Nikto gives us a lot of options. But here we will use a simple and basic syntax as follows:
nikto -h
Next, you proceed to scan the Web server (Web Server).
We will test on a secure Websever server. The example below is the http protocol.
To conduct a vulnerability scan, type the following command:
nikto -h 192.168.1.104
After typing the scan command, Nikto will give a series of information as shown below.
The information that Nikto shows us includes
The server is Apache 2.2.14possibly running under Ubuntu.
It also lists more information about possible security holes at the bottom. This is important information for users to check the website again.
Please notice at the bottom of the page there are words about OSVDB. This is open source website vulnerability data. Because now and in the future, the website will use open source a lot, so please take note.
Finally, Web Scraping
After scanning the server for vulnerabilities Webserver above, we continue to scan the website. This is also our main purpose in this article.
We are going to test a website. Try with page webscantest.com.
This is the command to use in this case.
nikto -h webscantest.com
Nikto has identified the Apache 2.2.14 Ubuntu server as I mentioned above.
It then scans for an overview of potential vulnerabilities found on this site. Open source OSVDB vulnerabilities have been found.
Please visit the website Osvdb.org to find more information for the specific OSVDB vulnerability in the image above.
We will use this page to find information about one of the vulnerabilities identified by nikto like OSVDB-877.
You can look down at the bottom of this page. It will provide a number of other sources of information about the problem you are looking for. Sources from Nikto, Nessus and Snort.
Continue testing Facebook Scan
Now we will experiment with the king of social networks. Let’s see if this king has a hole or not. Please continue to use the old command.
nikto -h facebook.com
You see it. Facebook is extremely secure. It even hides its server name because it has its own server. Built specifically for Facebook for billions of dollars. So Facebook does not disclose any information about its server at all.
The open source OSVDB vulnerability is also not found on this site. It only scans robots.txt content hits. And this is not worth mining, anyone who knows SEO website will know what robots.txt is. Just to make it compatible with the google search engine only.
You can’t see any serious error messages on facebook. There are only a few minor display errors. So hacking Facebook is a very difficult thing, everyone.
Like Fanpage to update more good articles.
Internet source
Lmint.
![[Láºp Trình Game] Lesson 2: Gravity, moving and jumping surface](https://anonyviet.com/wp-content/uploads/2020/02/tao-ra-nhieu-cai.jpg "[Láºp Trình Game] Lesson 2: Gravity, moving and jumping surface")
