![]() Save Save positive responses to this directory ('.' for auto-name)ĥ Remote File Retrieval - Inside Web Root root+ Prepend root value to all requests, format is /directory Plugins+ List of plugins to run (default: ALL) Pause+ Pause between tests (seconds, integer or float) output+ Write output to this file ('.' for auto-name) Option Over-ride an option in nf, can be issued multiple times no404 Disables nikto attempting to guess a 404 page nointeractive Disables interactive features mutate-options Provide information for mutates maxtime+ Maximum testing time per host (e.g., 1h, 60m, 3600s)ġ Test all files with all root directoriesģ Enumerate user names via Apache (/~user type requests)Ĥ Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)ĥ Attempt to brute force sub-domain names, assume that the host name is the parent domainĦ Attempt to guess directory names from the supplied dictionary file list-plugins List all available plugins, perform no testing id+ Host authentication to use, format is id:pass or id:pass:realm 404string Ignore this string in response body content as negative response (always). 404code Ignore these HTTP codes as negative responses (always). (if not specified the format will be taken from the file extension passed to -output) dbcheck Check database and other key files for syntax errorsĪ Use a carriage return (0x0d) as a request spacerī Use binary value 0x0b as a request spacer Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/" ask+ Whether to ask about submitting updates brew install nikto Step 2: Get to Know Niktoīefore you dive into scanning web servers with Nikto, lets you use the -Help option to see everything that can be done inside Nikto. If you're doing this on a Mac, you can use Homebrew to install Nikto. If you don't have it for some reason, you can get Nikto from its GitHub or just use the apt install command. It'll be located in the "Vulnerability Analysis" category. If you're running Kali Linux, Nikto comes preinstalled, so you don't have to download or install anything. With the appropriate tool, which will automatically exploit the vulnerability, a hacker can gain access to the target to perform any number of behind-the-scenes attacks, like adding code to perform a malicious activity. If lucky, a vulnerability with a weaponized exploit will be found, meaning there's a tool out there already to take advantage of the weakness. ![]()
0 Comments
Leave a Reply. |