Web Application Vulnerability Scanning with Nikto

Objective

Learn how to use Nikto, a web application vulnerability scanner, to identify common security issues in web servers and applications, and understand how to interpret and act on the results.

Purpose

Nikto is an open-source tool designed to scan web servers for vulnerabilities, misconfigurations, and outdated software. This lab demonstrates how to perform a vulnerability scan using Nikto and analyze the findings to secure web applications.

Tools Required

• Kali Linux (or any system with Nikto installed).
• A web application or server to scan (e.g., Damn Vulnerable Web Application - DVWA, OWASP Juice Shop, or a locally hosted application).

Lab Topology

• Kali Linux: Running Nikto for scanning.
• Target Web Server: A vulnerable or test web application.

Walkthrough

Task 1: Setting Up the Environment

1. Install Nikto:
   • Nikto is pre-installed on Kali Linux. To verify, run:

     nikto -Version
     

   • If not installed, use:

     sudo apt update && sudo apt install nikto -y
     

2. Identify the Target:
   • Determine the URL or IP address of the target application. Example:

     http://<target_ip>
     

     Replace <target_ip> with the IP or hostname of the target server.

Task 2: Running a Basic Nikto Scan

1. Execute the Scan:
   • Run Nikto with the target URL:

     nikto -h <target_url>
     

     Example:

     nikto -h http://192.168.1.100
     

2. Monitor Progress:
   • Nikto will test for common vulnerabilities, outdated software, and misconfigurations.
3. Review the Output:
   • Example findings: ```
     • Server: Apache/2.4.49 (Unix)
     • The anti-clickjacking X-Frame-Options header is not present.
     • Allowed HTTP Methods: GET, POST, OPTIONS, TRACE.
     • OSVDB-3268: /admin/: Directory indexing enabled. ```
   • Note critical issues such as outdated software versions or exposed directories.

Task 3: Advanced Scanning Options

1. Scan a Specific Port:
   • Specify the target port using the -p option:

     nikto -h <target_url> -p 8080
     

2. Save the Results:
   • Output the results to a file using the -o option:

     nikto -h <target_url> -o results.txt
     

3. Specify Plugins:
   • Run specific tests or plugins:

     nikto -h <target_url> -Plugins <plugin_name>
     

     Example:

     nikto -h http://192.168.1.100 -Plugins auth
     

4. Use SSL/TLS:
   • Scan HTTPS servers with the -ssl flag:

     nikto -h https://<target_url> -ssl
     

5. Throttle Requests:
   • Adjust scan speed with the -T option (1=slow, 5=fast):

     nikto -h <target_url> -T 2
     

Task 4: Analyzing the Results

1. Review Findings:
   • Focus on high-severity issues such as:
     • Outdated server software.
     • Exposed admin interfaces or directories.
     • Missing security headers.
2. Cross-Reference Vulnerabilities:
   • Use the CVEs or OSVDB IDs provided in the output to research vulnerabilities.
3. Prioritize Remediation:
   • Address issues in the following order:
     • High-severity vulnerabilities (e.g., outdated software, exposed admin pages).
     • Misconfigurations (e.g., directory indexing, overly permissive HTTP methods).

Task 5: Securing the Target Server

1. Update Software:
   • Ensure the web server and associated software are up to date.
2. Restrict Access to Sensitive Directories:
   • Use .htaccess or web server configuration files to restrict access.
3. Enable Security Headers:
   • Add headers such as X-Frame-Options, Content-Security-Policy, and X-Content-Type-Options.
4. Disable Unused HTTP Methods:
   • Restrict methods to only GET and POST unless others are explicitly required.
5. Conduct Regular Scans:
   • Schedule periodic scans with Nikto and other tools to maintain security.

Best Practices

1. Run Nikto on Authorized Targets Only:
   • Ensure you have permission to scan the target.
2. Combine Tools for Comprehensive Scans:
   • Use Nikto alongside tools like Nmap or Burp Suite for thorough assessments.
3. Document Findings:
   • Keep a record of scan results and remediation actions.
4. Educate Development Teams:
   • Train developers to write secure code and implement best practices.

Key Takeaways

1. Nikto identifies common vulnerabilities and misconfigurations in web servers and applications.
2. Regular scans are essential to maintain security and address new vulnerabilities.
3. Addressing Nikto’s findings can significantly reduce the attack surface of web applications.

Troubleshooting Tips

1. No Results from Scan:
   • Verify the target server is accessible.
   • Check for firewalls or rate-limiting that may block requests.
2. SSL/TLS Errors:
   • Use the -ssl or -nossl option depending on the server configuration.
3. Slow Scan Performance:
   • Adjust the request throttle with -T or limit the scope of the scan.

By completing this lab, you now understand how to use Nikto to identify vulnerabilities in web servers and take steps to secure them effectively.