- Get link
- X
- Other Apps
Intro
Nikto is a tool that can be used for foot-printing different websites, it allows us to scan for different vulnerabilities and reveal any mis-configurations in the site. Nikto performs over 6000 tests against a website making it a top tool for security professionals.
Nikto is a great tool because it supports SSL and can scan multiple ports on a server.
Nikto is a great tool because it supports SSL and can scan multiple ports on a server.
Usage
For this article I will be scanning a webscan.com to scan for vulnerabilities and mis-configurations. The Syntax for a Nikto scan is as follows:
The Apache version seems to be outdated, version 2.4.7 is vulnerable to a number attacks including Buffer Overflow and denial of service attacks.
Nikto -e 1 -h webscantest.com
- -e is an evasion switch, as Nikto is quite noisy and you want to be as stealthy as possible when pen-testing.
- 1 specifies random URI encoding.
- -h is used to define the host name or target IP address.
When the command is executed we are presented with the scan results below.
From the results above we can see that the anti-clickjacking header is not present so is vulnerable to attack where an attacker tricks the user into clicking something different from what the user perceives.
We can also see the the XSS protection header is not defined so is vulnerable to an XSS attack.
The Apache version seems to be outdated, version 2.4.7 is vulnerable to a number attacks including Buffer Overflow and denial of service attacks.
MGM Casino - Casinos in Las Vegas, NV - MapYRO
ReplyDeleteLas Vegas Casino features a seasonal outdoor 원주 출장샵 swimming pool, a live 공주 출장안마 casino, and a live poker room. 보령 출장마사지 Rating: 4.4 화성 출장샵 · 32 김천 출장마사지 reviews