SlideShare ist ein Scribd-Unternehmen logo

Nikto

Sorina Chirilă
Sorina Chirilă

Nikto - web server scanner - it's relation with other security tools

BildungTechnologie
1 von 23
Downloaden Sie, um offline zu lesen
Nikto& other tools Sorina-Georgiana CHIRILĂ Software Security
Overview ● ● ● ● ● ● ● ● Nikto - short introduction, Burp Suite, Wikto, Nmap, Metasploit, Nessus, OpenVAS, Useful links.
Nikto - short introduction ● You manage several Web servers/applications ● Need to find potential problems and security vulnerabilities, including: - Server and software misconfigurations - Default files and programs - Insecure files and programs - Outdated servers and programs
Nikto - short introduction ● ● ● ● ● ● ● ● Web server scanner, Created by : David Lodge and Chris Sullo, Version 1.00 Beta released on: December 27, 2001 Current version: 2.1.5, Written in: Perl, The name is taken from the movie: The Day The Earth Stood Still, Sponsored by: Sunera LLC, Official page : http://www.cirt.net/nikto2.
Nikto - short introduction ● ● Open source, Performs test against web servers for multiple items: - Looks for over 6500 potentially dangerous files/CGIs, - Checks for outdated versions of over 1250 servers, - Looks for version specific problems on over 270 servers, - Attempts to identify installed web servers and software, - Checks for the presence of multiple index files and HTTP server options, ● Output can be saved in a variety of formats: text, XML, HTML.
Nikto - short introduction Burp Suite Web scanner Metasploit Pr ox ing gg Lo y Wikto Web scanner Nikto DB Nikto to Integrated Vulnerability exploitation Nessus Vulnerability scanner Web scanner eg rat ed O ut pu tf or Int Nmap Network scanner OpenVAS Vulnerability scanner
Burp Suite ● ● ● Integrated platform for performing security testing of web applications, Its tools work great togheter to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities, Gives full control , meaning combine advanced manual techniques with state-of-the-art automation for fast, effective results. http://portswigger.net/burp/
Burp Suite - key components ● ● ● ● ● ● ● Proxy - an intercepting proxy , which lets you inspect and modify traffic between your browser and the target application, Spider - an application aware spider, for crawling content and functionality, Scanner - an advanced web application scanner, for automating the detection of numerous types of vulnerabilities, Intruder - an intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities, Repeater - a repeater tool, for manipulating and resending individual requests, Sequencer - a sequencer tool, for testing the randomness of session tokens, Ability to: save your work and resume your work later, write plugins.
Burp Suite - Nikto Proxy - can intercept the http requests and show them in proper format so it can be used to analyse the queries made by Nikto and discover vulnerabilities.
Burp Suite - Nikto perl nikto.pl -h localhost -useproxy http://localhost:8080/
Wikto ● ● ● ● ● ● ● ● Roles: checks for vulnerabilities in webservers,also in the implementation, it tries to find interesting directories and files on the web site and it looks for simple scripts that can be abused, Written in: .NET C#, Version: 2.1.0.0. Release date: 2008-12-14, Created by: sensepost, Cost: free, License:GPL, Nikto for Windows with extra features: fuzzy logic eror code checking, a back-end miner, Google assisted directory mining, real time HTTP request/response monitoring.
Wikto - Nikto Wikto uses Nikto’s database to perform different checks against web server. Nikto DB
Nmap ● ● ● ● ● ● ● ● ● ● Network Mapper, Roles: network discovery and security analysis, Technique: uses IP raw packets , Determine: what host are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running and other, Free and Open Source, Available with: command line and GUI viewer( Zenmap), Well documented and supported, Portable: runs on al major operating systems, Won numerous awards and was featured in twelve movies , Official site: http://nmap.org/.
Nmap -Nikto Scenario: Nikto supports scanning multiple hosts via text file of host names or IPs. A host file may also be a Nmap output in “greppable” format. Operating system Windows 7, 64 bit Steps ● ● ● ● Nikto Version 2.1.5 Download and install Nikto and Nmap, Put in the Environment Variables, Path for the two folders of the programs mentioned above, In Start search for cmd, wait to open Command Prompt, Type the following for localhost, port 80: nmap -p80 localhost/24 -sT -Pn -oG - | nikto.pl -h - Nmap -oG - greppable format, name of the file - , to be passed through stdin/stdout to Nikto, command-line zip file: nmap-6.40-win32.zip -sT - TCP connect scan, -Pn - no ping , disable host discovery.
Nmap -Nikto - scan results
Metasploit ● ● ● ● ● Vulnerability exploitation tool -> Framework, Released in : 2004, Project acquired by: Rapid7 in: 2009, Open source platform for developing, testing and using exploit code , Commercial variants, also : Pro Express Community Framework Enterprise Security Programs& Advanced Penetration Tests Baseline Penetration Tests Free Entry -Level Edition Free Open Source Development Platform Web-based GUI Web-based GUI Web-based GUI Java-based GUI http://www.rapid7.com/products/metasploit/editions-and-features.jsp
Features Real world security testing Get a security reality check with exploitation, vulnerabilility validation, advanced attacks and evasion techniques. Vulnerability validation Verify which potential vulnerabilities really put your network and data at risk. Productivity boost Complete assignments faster with efficient workflows, wizards, data management, APIs and automation. Password auditing Uncover weak passwords on over a dozen network services. Web App Testing Audit on-premise and cloud-based web apps to identify OWASP Top 10 vulnerabilities. Teamwork and Reporting Leverage team members' expertise and create reports at the push of a button. Support for Windows, Linux operating systems Windows XP, Vista, 7, 8,, Red Hat Enterprise Linux 5.x, 6.x - x86 ,Ubuntu Linux 8.04, 10.04, 12.04 - x86 , Kali Linux 1.0 .
Metasploit -Nikto How to: Metasploit Framework How to: Nikto(logging to) ● ● ● ● Set a PostgreSQL database (u: msf, pass:password123) Set web xmlrpc interface at :127.0.0.1, port 55553, Run a command like: db_vulns , after, to see how Nikto tested for and detected the vulnerability ● Install Perl modules RPC::XML::Client and RPC::XML Add your own test for a vulnerability in Nikto/Plugins directory "006XXX","40478","b","/tikiwiki/tiki-graph_formula.php? w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title="," GET","200","","","","","This device may have a vulnerable installation of TikiWiki.","","" where 006XXX is the one number greater than the last entry in db_test file, 40478 is the osvdb number [*] Time: Tue Nov 10 00:22:14 UTC 2010 Vuln: host=localhost port=80 proto=tcp name=nikto.005988 refs=OSVDB-5292 [*] Time: Wed Nov 10 00:23:08 UTC 2010 Vuln: host=localhost port=80 proto=tcp name=nikto.006453 refs=OSVDB-40478 ● perl nikto.pl -h localhost -Format msf -o msf:password123@http://localhost:55553/RPC2 all scan results are saved in the msf database in realtime.
Nessus -Nikto ● ● ● ● ● ● ● ● ● ● ● Started: as a project in 1998, by: Renaud Deraison, to: provide a free remote security scanner, but: in 2005 Tenable Network Security take it and: make it closed source. Can perform scans on: networks, operating systems, web applications,mobile devices, Most popular and capable scanner, for UNIX systems particularly, Support for different operating systems, Has an extensive plugin database, updated daily, (plugin = vulnerability test written in NASL(Nessus Attack Scripting Language) ) Various formats of the scan results : plain text, XML, HTML and Latex, Last stable release: 5.2.1/May 7, 2013.
Nessus -Nikto Nikto can be integrated in Nessus Settings: How: when Nessus finds a web server,automatically launch Nikto. 1. 2. 3. 4. 5. Nikto installation, Put nikto.pl in PATH, Ensure that nikto.nasl is present in the Nessus install(Nasl Wrapper), Run “nessusd -R”, Finally restart nessusd.
OpenVAS -Nikto ● ● ● ● ● ● ● Open Vulnerability Assessment System, Began under the name GNessUs, as a fork of the Nessus open source tool, Framework of several services and tools, Roles: vulnerability scanning and vulnerability management solution, Cost: free, Developed by: Greenbone Networks , Last stable release: 6.0/April 17, 2013. Nikto ● ● ● is integrated, as a tool, into OpenVAS, the OpenVAS plugin for Nikto integration(nikto.nasl) needs to be present and enabled, the results of a Nikto scan are included in OpenVAS final scan.
Useful links ● ● ● ● ● ● ● ● http://www.binarytides.com/nikto-hacking-tutorial-beginners/, http://research.sensepost.com/tools/web/wikto, http://research.sensepost. com/cms/resources/tools/web/wikto/using_wikto.pdf, http://www.rapid7.com/resources/videos/penetration-testing.jsp, http://infosecandotherstuff.blogspot.ro/2010/11/nikto-xmlrpc-autowpwnmetasploitable.html, http://cirt.net/nikto2-docs/usage.html#id2740923, http://nmap.org/book/man-port-scanning-techniques.html, http://www.tenable.com/sites/drupal.dmz.tenablesecurity. com/files/uploads/documents/whitepapers/Using%20Nessus%20in% 20Web%20Application%20Vulnerability%20Assessments.pdf
Questions ? Thank You!

Empfohlen

Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 

Empfohlen

Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
Ajit Dadresa
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
AlienVault
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
BloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryBloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active Directory
Andy Robbins
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
Teymur Kheirkhabarov
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
amiable_indian
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
n|u - The Open Security Community
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0
Frank Boldewin
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
RootedCON
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
OlehLevytskyi1
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Teymur Kheirkhabarov
 
Scan
ScanScan
Scan
Sorina Chirilă
 
Qualità del Software
Qualità del SoftwareQualità del Software
Qualità del Software
Yeser Rema
 

Weitere ähnliche Inhalte

Was ist angesagt?

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte
 

Was ist angesagt? (20)

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
NMAP
NMAPNMAP
NMAP
 
BloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active DirectoryBloodHound: Attack Graphs Practically Applied to Active Directory
BloodHound: Attack Graphs Practically Applied to Active Directory
 
Metasploit
MetasploitMetasploit
Metasploit
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training SessionInfocyte - Digital Forensics and Incident Response (DFIR) Training Session
Infocyte - Digital Forensics and Incident Response (DFIR) Training Session
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0
 
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 

Andere mochten auch

Qualità del Software
Qualità del SoftwareQualità del Software
Qualità del Software
Yeser Rema
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Yury Chemerkin
 
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2016
 
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2016
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration Test
Andrea Draghetti
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificate
Kumkum Sharma
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessment
Babel
 

Andere mochten auch (20)

Scan
ScanScan
Scan
 
Qualità del Software
Qualità del SoftwareQualità del Software
Qualità del Software
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Agile Testing: Come Scrivere Use Case
Agile Testing: Come Scrivere Use CaseAgile Testing: Come Scrivere Use Case
Agile Testing: Come Scrivere Use Case
 
Creare Suite di Test Automatici intelligenti con Selenium IDE
Creare Suite di Test Automatici intelligenti con Selenium IDECreare Suite di Test Automatici intelligenti con Selenium IDE
Creare Suite di Test Automatici intelligenti con Selenium IDE
 
Come automatizzare i test con Selenium IDE
Come automatizzare i test con Selenium IDECome automatizzare i test con Selenium IDE
Come automatizzare i test con Selenium IDE
 
Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...
Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...
Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...
 
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today!
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today! Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today!
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today!
 
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
 
Offensive security con strumenti open source
Offensive security con strumenti open sourceOffensive security con strumenti open source
Offensive security con strumenti open source
 
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration Test
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificate
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTF
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessment
 
Introduction to STIX 101
Introduction to STIX 101Introduction to STIX 101
Introduction to STIX 101
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
Simulazione di un Penetration Test
Simulazione di un Penetration TestSimulazione di un Penetration Test
Simulazione di un Penetration Test
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
 

Ähnlich wie Nikto

Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
Mastering selenium for automated acceptance tests
Mastering selenium for automated acceptance testsMastering selenium for automated acceptance tests
Mastering selenium for automated acceptance tests
Nick Belhomme
 
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
PROIDEA
 

Ähnlich wie Nikto (20)

Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qube
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
RAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial TradecraftRAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial Tradecraft
 
Vagrant - Team Development made easy
Vagrant - Team Development made easyVagrant - Team Development made easy
Vagrant - Team Development made easy
 
Mastering selenium for automated acceptance tests
Mastering selenium for automated acceptance testsMastering selenium for automated acceptance tests
Mastering selenium for automated acceptance tests
 
Build Automation 101
Build Automation 101Build Automation 101
Build Automation 101
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardway
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
 
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 

Mehr von Sorina Chirilă

Introducing CHAOS - A graphic guide
Introducing CHAOS - A graphic guideIntroducing CHAOS - A graphic guide
Introducing CHAOS - A graphic guide
Sorina Chirilă
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
 

Mehr von Sorina Chirilă (7)

Electronic commerce and Data Warehouses
Electronic commerce and Data WarehousesElectronic commerce and Data Warehouses
Electronic commerce and Data Warehouses
 
Object-Oriented Analysis And Design With Applications Grady Booch
Object-Oriented Analysis And Design With Applications Grady BoochObject-Oriented Analysis And Design With Applications Grady Booch
Object-Oriented Analysis And Design With Applications Grady Booch
 
Introducing CHAOS - A graphic guide
Introducing CHAOS - A graphic guideIntroducing CHAOS - A graphic guide
Introducing CHAOS - A graphic guide
 
SNAS - CGS - MobilPRO2016
SNAS - CGS - MobilPRO2016SNAS - CGS - MobilPRO2016
SNAS - CGS - MobilPRO2016
 
THE ZEN OF PYTHON
THE ZEN OF PYTHONTHE ZEN OF PYTHON
THE ZEN OF PYTHON
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
 

Kürzlich hochgeladen

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 

Kürzlich hochgeladen (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 

Nikto

  • 2. Overview ● ● ● ● ● ● ● ● Nikto - short introduction, Burp Suite, Wikto, Nmap, Metasploit, Nessus, OpenVAS, Useful links.
  • 3. Nikto - short introduction ● You manage several Web servers/applications ● Need to find potential problems and security vulnerabilities, including: - Server and software misconfigurations - Default files and programs - Insecure files and programs - Outdated servers and programs
  • 4. Nikto - short introduction ● ● ● ● ● ● ● ● Web server scanner, Created by : David Lodge and Chris Sullo, Version 1.00 Beta released on: December 27, 2001 Current version: 2.1.5, Written in: Perl, The name is taken from the movie: The Day The Earth Stood Still, Sponsored by: Sunera LLC, Official page : http://www.cirt.net/nikto2.
  • 5. Nikto - short introduction ● ● Open source, Performs test against web servers for multiple items: - Looks for over 6500 potentially dangerous files/CGIs, - Checks for outdated versions of over 1250 servers, - Looks for version specific problems on over 270 servers, - Attempts to identify installed web servers and software, - Checks for the presence of multiple index files and HTTP server options, ● Output can be saved in a variety of formats: text, XML, HTML.
  • 6. Nikto - short introduction Burp Suite Web scanner Metasploit Pr ox ing gg Lo y Wikto Web scanner Nikto DB Nikto to Integrated Vulnerability exploitation Nessus Vulnerability scanner Web scanner eg rat ed O ut pu tf or Int Nmap Network scanner OpenVAS Vulnerability scanner
  • 7. Burp Suite ● ● ● Integrated platform for performing security testing of web applications, Its tools work great togheter to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities, Gives full control , meaning combine advanced manual techniques with state-of-the-art automation for fast, effective results. http://portswigger.net/burp/
  • 8. Burp Suite - key components ● ● ● ● ● ● ● Proxy - an intercepting proxy , which lets you inspect and modify traffic between your browser and the target application, Spider - an application aware spider, for crawling content and functionality, Scanner - an advanced web application scanner, for automating the detection of numerous types of vulnerabilities, Intruder - an intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities, Repeater - a repeater tool, for manipulating and resending individual requests, Sequencer - a sequencer tool, for testing the randomness of session tokens, Ability to: save your work and resume your work later, write plugins.
  • 9. Burp Suite - Nikto Proxy - can intercept the http requests and show them in proper format so it can be used to analyse the queries made by Nikto and discover vulnerabilities.
  • 10. Burp Suite - Nikto perl nikto.pl -h localhost -useproxy http://localhost:8080/
  • 11. Wikto ● ● ● ● ● ● ● ● Roles: checks for vulnerabilities in webservers,also in the implementation, it tries to find interesting directories and files on the web site and it looks for simple scripts that can be abused, Written in: .NET C#, Version: 2.1.0.0. Release date: 2008-12-14, Created by: sensepost, Cost: free, License:GPL, Nikto for Windows with extra features: fuzzy logic eror code checking, a back-end miner, Google assisted directory mining, real time HTTP request/response monitoring.
  • 12. Wikto - Nikto Wikto uses Nikto’s database to perform different checks against web server. Nikto DB
  • 13. Nmap ● ● ● ● ● ● ● ● ● ● Network Mapper, Roles: network discovery and security analysis, Technique: uses IP raw packets , Determine: what host are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running and other, Free and Open Source, Available with: command line and GUI viewer( Zenmap), Well documented and supported, Portable: runs on al major operating systems, Won numerous awards and was featured in twelve movies , Official site: http://nmap.org/.
  • 14. Nmap -Nikto Scenario: Nikto supports scanning multiple hosts via text file of host names or IPs. A host file may also be a Nmap output in “greppable” format. Operating system Windows 7, 64 bit Steps ● ● ● ● Nikto Version 2.1.5 Download and install Nikto and Nmap, Put in the Environment Variables, Path for the two folders of the programs mentioned above, In Start search for cmd, wait to open Command Prompt, Type the following for localhost, port 80: nmap -p80 localhost/24 -sT -Pn -oG - | nikto.pl -h - Nmap -oG - greppable format, name of the file - , to be passed through stdin/stdout to Nikto, command-line zip file: nmap-6.40-win32.zip -sT - TCP connect scan, -Pn - no ping , disable host discovery.
  • 15. Nmap -Nikto - scan results
  • 16. Metasploit ● ● ● ● ● Vulnerability exploitation tool -> Framework, Released in : 2004, Project acquired by: Rapid7 in: 2009, Open source platform for developing, testing and using exploit code , Commercial variants, also : Pro Express Community Framework Enterprise Security Programs& Advanced Penetration Tests Baseline Penetration Tests Free Entry -Level Edition Free Open Source Development Platform Web-based GUI Web-based GUI Web-based GUI Java-based GUI http://www.rapid7.com/products/metasploit/editions-and-features.jsp
  • 17. Features Real world security testing Get a security reality check with exploitation, vulnerabilility validation, advanced attacks and evasion techniques. Vulnerability validation Verify which potential vulnerabilities really put your network and data at risk. Productivity boost Complete assignments faster with efficient workflows, wizards, data management, APIs and automation. Password auditing Uncover weak passwords on over a dozen network services. Web App Testing Audit on-premise and cloud-based web apps to identify OWASP Top 10 vulnerabilities. Teamwork and Reporting Leverage team members' expertise and create reports at the push of a button. Support for Windows, Linux operating systems Windows XP, Vista, 7, 8,, Red Hat Enterprise Linux 5.x, 6.x - x86 ,Ubuntu Linux 8.04, 10.04, 12.04 - x86 , Kali Linux 1.0 .
  • 18. Metasploit -Nikto How to: Metasploit Framework How to: Nikto(logging to) ● ● ● ● Set a PostgreSQL database (u: msf, pass:password123) Set web xmlrpc interface at :127.0.0.1, port 55553, Run a command like: db_vulns , after, to see how Nikto tested for and detected the vulnerability ● Install Perl modules RPC::XML::Client and RPC::XML Add your own test for a vulnerability in Nikto/Plugins directory "006XXX","40478","b","/tikiwiki/tiki-graph_formula.php? w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title="," GET","200","","","","","This device may have a vulnerable installation of TikiWiki.","","" where 006XXX is the one number greater than the last entry in db_test file, 40478 is the osvdb number [*] Time: Tue Nov 10 00:22:14 UTC 2010 Vuln: host=localhost port=80 proto=tcp name=nikto.005988 refs=OSVDB-5292 [*] Time: Wed Nov 10 00:23:08 UTC 2010 Vuln: host=localhost port=80 proto=tcp name=nikto.006453 refs=OSVDB-40478 ● perl nikto.pl -h localhost -Format msf -o msf:password123@http://localhost:55553/RPC2 all scan results are saved in the msf database in realtime.
  • 19. Nessus -Nikto ● ● ● ● ● ● ● ● ● ● ● Started: as a project in 1998, by: Renaud Deraison, to: provide a free remote security scanner, but: in 2005 Tenable Network Security take it and: make it closed source. Can perform scans on: networks, operating systems, web applications,mobile devices, Most popular and capable scanner, for UNIX systems particularly, Support for different operating systems, Has an extensive plugin database, updated daily, (plugin = vulnerability test written in NASL(Nessus Attack Scripting Language) ) Various formats of the scan results : plain text, XML, HTML and Latex, Last stable release: 5.2.1/May 7, 2013.
  • 20. Nessus -Nikto Nikto can be integrated in Nessus Settings: How: when Nessus finds a web server,automatically launch Nikto. 1. 2. 3. 4. 5. Nikto installation, Put nikto.pl in PATH, Ensure that nikto.nasl is present in the Nessus install(Nasl Wrapper), Run “nessusd -R”, Finally restart nessusd.
  • 21. OpenVAS -Nikto ● ● ● ● ● ● ● Open Vulnerability Assessment System, Began under the name GNessUs, as a fork of the Nessus open source tool, Framework of several services and tools, Roles: vulnerability scanning and vulnerability management solution, Cost: free, Developed by: Greenbone Networks , Last stable release: 6.0/April 17, 2013. Nikto ● ● ● is integrated, as a tool, into OpenVAS, the OpenVAS plugin for Nikto integration(nikto.nasl) needs to be present and enabled, the results of a Nikto scan are included in OpenVAS final scan.