February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Scanning a web server with Nikto
From here on out, you no longer need sudo privileges. This means you can have a break from always having to type your password.
To do a simple scan, use the -h option to specify the target host:
nikto -h 192.168.0.9nikto -h www.example.com
Let's look at some sample output. Here's the top part:
+ Allowed HTTP Methods: POST, OPTIONS, GET, HEAD+ OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.+ /cgi-bin/guestbook.pl: May allow attackers to execute commands as the web daemon.+ /cgi-bin/wwwadmin.pl: Administration CGI?+ /cgi-bin/Count.cgi: This may allow attackers to execute arbitrary commands on the server