Web Application Vulnerability Scanning with Nikto
Objective
Learn how to use Nikto, a web application vulnerability scanner, to identify common security issues in web servers and applications, and understand how to interpret and act on the results.
Purpose
Nikto is an open-source tool designed to scan web servers for vulnerabilities, misconfigurations, and outdated software. This lab demonstrates how to perform a vulnerability scan using Nikto and analyze the findings to secure web applications.
Tools Required
- Kali Linux (or any system with Nikto installed).
- A web application or server to scan (e.g., Damn Vulnerable Web Application - DVWA, OWASP Juice Shop, or a locally hosted application).
Lab Topology
- Kali Linux: Running Nikto for scanning.
- Target Web Server: A vulnerable or test web application.
Walkthrough
Task 1: Setting Up the Environment
- Install Nikto:
- Nikto is pre-installed on Kali Linux. To verify, run:
nikto -Version
- If not installed, use:
sudo apt update && sudo apt install nikto -y
- Nikto is pre-installed on Kali Linux. To verify, run:
- Identify the Target:
- Determine the URL or IP address of the target application.
Example:
http://<target_ip>
Replace
<target_ip>
with the IP or hostname of the target server.
- Determine the URL or IP address of the target application.
Example:
Task 2: Running a Basic Nikto Scan
- Execute the Scan:
- Run Nikto with the target URL:
nikto -h <target_url>
Example:
nikto -h http://192.168.1.100
- Run Nikto with the target URL:
- Monitor Progress:
- Nikto will test for common vulnerabilities, outdated software, and misconfigurations.
- Review the Output:
- Example findings:
```
- Server: Apache/2.4.49 (Unix)
- The anti-clickjacking X-Frame-Options header is not present.
- Allowed HTTP Methods: GET, POST, OPTIONS, TRACE.
- OSVDB-3268: /admin/: Directory indexing enabled. ```
- Note critical issues such as outdated software versions or exposed directories.
- Example findings:
```
Task 3: Advanced Scanning Options
- Scan a Specific Port:
- Specify the target port using the
-p
option:nikto -h <target_url> -p 8080
- Specify the target port using the
- Save the Results:
- Output the results to a file using the
-o
option:nikto -h <target_url> -o results.txt
- Output the results to a file using the
- Specify Plugins:
- Run specific tests or plugins:
nikto -h <target_url> -Plugins <plugin_name>
Example:
nikto -h http://192.168.1.100 -Plugins auth
- Run specific tests or plugins:
- Use SSL/TLS:
- Scan HTTPS servers with the
-ssl
flag:nikto -h https://<target_url> -ssl
- Scan HTTPS servers with the
- Throttle Requests:
- Adjust scan speed with the
-T
option (1=slow, 5=fast):nikto -h <target_url> -T 2
- Adjust scan speed with the
Task 4: Analyzing the Results
- Review Findings:
- Focus on high-severity issues such as:
- Outdated server software.
- Exposed admin interfaces or directories.
- Missing security headers.
- Focus on high-severity issues such as:
- Cross-Reference Vulnerabilities:
- Use the CVEs or OSVDB IDs provided in the output to research vulnerabilities.
- Prioritize Remediation:
- Address issues in the following order:
- High-severity vulnerabilities (e.g., outdated software, exposed admin pages).
- Misconfigurations (e.g., directory indexing, overly permissive HTTP methods).
- Address issues in the following order:
Task 5: Securing the Target Server
- Update Software:
- Ensure the web server and associated software are up to date.
- Restrict Access to Sensitive Directories:
- Use
.htaccess
or web server configuration files to restrict access.
- Use
- Enable Security Headers:
- Add headers such as
X-Frame-Options
,Content-Security-Policy
, andX-Content-Type-Options
.
- Add headers such as
- Disable Unused HTTP Methods:
- Restrict methods to only
GET
andPOST
unless others are explicitly required.
- Restrict methods to only
- Conduct Regular Scans:
- Schedule periodic scans with Nikto and other tools to maintain security.
Best Practices
- Run Nikto on Authorized Targets Only:
- Ensure you have permission to scan the target.
- Combine Tools for Comprehensive Scans:
- Use Nikto alongside tools like Nmap or Burp Suite for thorough assessments.
- Document Findings:
- Keep a record of scan results and remediation actions.
- Educate Development Teams:
- Train developers to write secure code and implement best practices.
Key Takeaways
- Nikto identifies common vulnerabilities and misconfigurations in web servers and applications.
- Regular scans are essential to maintain security and address new vulnerabilities.
- Addressing Nikto’s findings can significantly reduce the attack surface of web applications.
Troubleshooting Tips
- No Results from Scan:
- Verify the target server is accessible.
- Check for firewalls or rate-limiting that may block requests.
- SSL/TLS Errors:
- Use the
-ssl
or-nossl
option depending on the server configuration.
- Use the
- Slow Scan Performance:
- Adjust the request throttle with
-T
or limit the scope of the scan.
- Adjust the request throttle with
By completing this lab, you now understand how to use Nikto to identify vulnerabilities in web servers and take steps to secure them effectively.