Remember that all commands in Linux
are case sensitive.
Procedure: Install, start the application, set the parameters, and execute.
From the directory containing the compressed files type tar ??“zxvf niktocurrent.
tar.gz.
The files will uncompress into a new directory named nikto-1.35.
Change to the new directory by typing cd nikto-1.35 and pressing the
Enter key.
Execute against the target with the syntax of ./nikto ??“h
address>. In this example:
./nikto ??“h 172.16.1.46
452 � Practical Hacking Techniques and Countermeasures
The target will be scanned for potential weaknesses and list, when applicable,
the Microsoft Security Bulletin reference.
To use Nikto on a Windows computer, you must have ActivePerl installed.
The ActivePerl application is free and you install it by double-clicking on the
installation icon.
Vulnerability Scanning � 453
Install ActivePerl with the default options. ActivePerl will complete installation.
Click Finish.
Execute Nikto with the following syntax:
nikto ??“h
In this example:
nikto ??“h 172.16.1.46
454 � Practical Hacking Techniques and Countermeasures
The target will be scanned for potential weaknesses and list, when applicable,
the Microsoft Security Bulletin reference.
*Note: Running Nikto in Linux or Windows can be helpful, but I noticed that when
executing in Windows the results tend to be more intuitive and descriptive.
Vulnerability Scanning � 455
Lab 70: Vulnerability Scanner
Assessment of Target Security: Shadow Scanner
Prerequisites: None
Countermeasures: Secure ACLs, Bastion servers/workstations
Description: Shadow Security Scanner (SSS) analyses collect data, locates
vulnerabilities, and provide suggestions to correcting those issues.
Pages:
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167