This is an old revision of the document!

Nitko web server security assessment

Nikto performs automated tests agains webservers.

Program: http://www.cirt.net/nikto2
Installation: http://beginlinux.com/blog/2009/05/nikto-scan-apache-for-security-holes/

Nikto does require the LibWhisker Perl module, but this is built into the program so it does not need to be installed. You will want to install the Net::SSLeay Perl module if you want to test SSL.

Install Net::SSLeay

perl -MCPAN -e shell;
Cpan> install Net::SSLeay

or on Debian

apt-get install libcrypt-ssleay-perl libnet-ssleay-perl

Download nikto

You can find a download of the current version from http://www.cirt.net/nikto2

mkdir /usr/src
mv  nikto-current.tar.gz /usr/src
cd /usr/src

Untar the program.

tar zxvf nikto-current.tar.gz

Basic Scan

perl nikto.pl -h

perl nikto.pl -h 192.168.5.103

linux, apache, security

~~LINKBACK~~

Discussion

Real name:

E-Mail:

Enter your comment. Wiki syntax is allowed:

Please fill all the letters into the box to prove you're human.

   ___    ____  _   __     __   __ __
  / _ \  /  _/ | | / / __ / /  / //_/
 / // / _/ /   | |/ / / // /  / ,<   
/____/ /___/   |___/  \___/  /_/|_|

Please keep this field empty:

Subscribe to comments

Bernhard Brunner's Blog

Table of Contents

Nitko web server security assessment

Install Net::SSLeay

Download nikto

Basic Scan

Discussion