====== Nikto web server security assessment ====== Nikto performs automated tests agains webservers. ====== ====== * Program: http://www.cirt.net/nikto2 * Installation: http://beginlinux.com/blog/2009/05/nikto-scan-apache-for-security-holes/ Nikto does require the LibWhisker Perl module, but this is built into the program so it does not need to be installed. You will want to install the Net::SSLeay Perl module if you want to test SSL. ===== Install Net::SSLeay ===== or on Debian (or Ubuntu, of course) apt-get install libcrypt-ssleay-perl libnet-ssleay-perl For all distributions, installing from CPAN: perl -MCPAN -e shell; Cpan> install Net::SSLeay ===== Download nikto ===== You can find a download of the current version from http://www.cirt.net/nikto2 mkdir /usr/src mv nikto-current.tar.gz /usr/src cd /usr/src Untar the program. tar zxvf nikto-current.tar.gz ===== Basic Scan ===== perl nikto.pl -h perl nikto.pl -h 192.168.5.103 {{tag>linux apache security}} ~~LINKBACK~~ ~~DISCUSSION~~