Nikto (BSWR)

00:05

hello and welcome to another episode of breaking stuff with Robert today we're going to be talking about Nick toe Now. Nick, though, is a very powerful open source. Web Server Scanner Performs a very comprehensive list of tests against Web servers

00:20

over 6700 potentially dangerous file slash programs that it checks for outdated versions on it looks for specific problems for over 270 different service types.

00:32

Just really, really, really comprehensive tool here for some quick Web page testing.

00:39

Now the target audience is here. Website administrators looking to test their site for maybe some various issues that might have been overlooked. Exploitation analysts looking to re create Web based Pecan insists techniques. So if you're trying to do some signature based checks for, like patterns for Web site checks or attacks, this is a very common tool that can be used.

00:59

And so it would be beneficial to run some tests against your sights with this tool

01:03

to then get that information and maybe use it for your signatures. Penetration testers looking to do some initial Web page testing or maybe start to do some reconnaissance. This is a great, great tool.

01:14

Now, some pre requisites would be a fundamental knowledge of Web applications and Web directories. How those things tie into vulnerabilities or Web based systems,

01:23

and then a fundamental knowledge of Cali Lennix Command line utilization has always been official. Here is well so with those things in mind, let's go ahead and jump into our demo.

01:34

Here we are, ladies and gentlemen and our handy dandy demo environment. Today we're looking at Nick Toe. Now, when you interdict oh, here in the command terminal, you'll notice that it gives you these outputs. The outputs don't specifically give you the syntax. It does give you some switches and things that you can use.

01:53

You could also see here that by default, if you put in a target,

01:59

the default port is 80. So, in this case, we're attacking our or where I'm sorry we're doing some reconnaissance on our menace portable machine. I only say attacking because this type of scans very aggressive. It's not stealthy. It also, if you do go scanning ah, Web page or something of that nature,

02:16

it will get picked up.

02:20

So very simple scan that we're going to do here today. We're just going to use the following syntax. Um, we're going to do an output to a report, so we're going to do just report that html

02:30

and then we're going to do a host,

02:35

which is what we're talking. And then the i p of the host in question that we're talking today,

02:40

this 192.168 that 1 to 51 30

02:45

and then this will run. So it gives you the start time on. Then it goes through the process here of checking that particular port against that target and anything that it can get to there. It's going to show you here. Now, this is pretty hard to follow, which is why I like to do the report output.

03:02

You may have also previously viewed our video on Sparta. And you may remember that, Nick, that was one of the tools in that suite, that ransom testing. So that took about 24 seconds of town, which wasn't too bad.

03:15

So now, um, I'm just going to go over here to our file explorer

03:21

and you'll notice in our home directory. We now have reports on HTML so we can open this up

03:28

and this gives us a little bit easier of a report to follow. Now these OS Vehbi entries are broken. I'm not able to get those toe work out to the actual references, but as you can see here, it does give you some feedback and general information about each of these areas.

03:46

If you want to check anything you can right, click it

03:49

and opened the test link. And as you can see, it pulls up the pages that it actually tested.

03:53

So this is showing That's a cross site. Scripting

03:58

was successful here,

04:00

but it's able to do some fasting. So there's some pages here that look to be

04:05

vulnerable.

04:08

So great tool to use when you're trying to do some website fingerprinting or your dents and testing here to try and figure out what you could get into and what could be vulnerable against the site? Very easy to read output that you can then take and modified to be a part of your final report.

04:27

So with those things in mind,

04:28

let's go ahead and jump back over to our slides.

04:31

Well, I hope you enjoyed that demo of Miko again. Very powerful tool, lot of use cases and things that you could use it for and again. It's open source. It never hurts to take this tool and do some scans against your site or a client site as long as you've got permission to do so.

04:49

So with those things in mind, I want to thank you for your time today, and I look forward to seeing you again