nikTo Lab

[toggle_content title="Transcript"] Hey Leo Dregier here. I want to go over and cover how to setup a basic nic2 scan. So I am going to switch to my virtual machine carried over here. I am just going to do a nic2 space.h and then it will bring up the help file and nik2 is relatively easy program to run. It is basically nik2 then the web address and then some additional configuration options but specifically what we are going to want to do first is update the talk. So that is easy enough in itself and I - update and go ahead let that run and it will see this version is updated. Please upgrade to 2.1.5 or better. Use github version so that is fine because we have a updated version of nik2. So it is apt get install niktl and you can read this it says the following packages will be upgraded - needed to remove needed 391 K of archives who then fetch the archives read the database, unpack the replacement files and then it is setting up the nik2 application. So you can see specifically here 1.60 Kali so that is going to be pretty consistent and set it up and now it running. Now we should be able to do it - So nic-update once you have nik2 dated go ahead and select a target to scan. So we are going to do that by doing nik2 - tak h for host scan. I want to scan my own web site just so you guys know. I do have a web application intrusion detection system and if you guys decided the same thing there is a very good chance that you are going to go ahead. So you might not want to do this to websites that you do not own or are not yours. So go ahead and go a nik2 target website hit enter. See diversion 2.1.6 your target IP, the port, the start time. You found that the server was apache running php 5.3 the anti-click jacking extreme header is present and come header link found and you are just going to at this point go get a cup of coffee and come back and you could read this because it will take some time for it to run. but each vulnerability that it will find will trick into this window. The only thing that I would do differently in the real world is I would actually just append the results to a file and call that the file date time stamp and then the destination.txt or something like that and you can do that by just appending the command that I have already entered with a space greater than space whatever the file name you want is. Hit enter and all of these of results will be actually sent to the text file. Now if you get impatient here and you click enter bunch of times then it is not going to help. You basically just have to go ahead and wait. So we are going to go ahead and let the talk run and then once it finishes we will do a review. Now also if you want to what you can do here is you can sniff the traffic of the update. If you just want to see that it is running. So I just setup a basic key shark pet capture just to show that the traffic is in fact going out. There is a variety of tcp connections simultaneously we would also do this on a ether ray as well. So I will just do it - and you get to see it working in the background analyzing the target website. So I will just go ahead and let these run and you guys can go ahead and watch these for a few minutes and get an idea of what the tool is actually doing. Now that the scan is completed let us go ahead and make some sense out of the scan results. So we are basically just did a regular nik2 scan against a target website and again you should only do this against websites that you have permission to do so. The server is apache – php version number - no cgi directories found. You can always check that again – you can dash c all to force the check of a possible cgi directories and then again there is a lot of positives in there. So it checks the robots.txt that is public information anybody can check that anyway. Secure control panel optional there is a web server control panel which is generally popular in the hosting world. You can see if there is a web mail directory and then it till start pulling open security vulnerability database and then actual number associated with those. Here you can actually research of these number and get a background check. My my complaint about a nik2 web scanner is that it does generate a lot of false positives. You actually have to quantify these but nonetheless for an open vulnerability scanner it is not too bad. It generally tells you obvious stuff like it is a WordPress site you probably could have got that just from the directory structure in itself. It has got an admin login page section found so that happens to be under control panel. You can see the wpadmin or WordPress login page. You might want to hide those or protect those just to make the obvious go away. You made approximately 6,613 requests zero errors. [/toggle_content] For this next Web Applications module lab, we utilize nikTo for our web application penetration test. This lab covers the basics of nikTo, a utility for scanning web servers at the host level.  With this tool you must have the current version, so you’ll also learn how to navigate for query version, downloading and installing the current version. NikTo pulls general information but it also lists all the vulnerabilities it finds, and the path order of those vulnerabilities within that host. NikTo is a small powerhouse of a utility that provides a wealth of information essential for Penetration Testing and Ethical Hacking.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?