The first parameter we’ll use, and which is mandatory, is -host (or -h)to specify the target.
Like with any Linux package you can always throw a “man nikto” to learn all parameters. In case your system returns dependency errors when executing “ dpkg -i ” (as explained at ) execute the command “ apt –fix-broken install” and you’ll get it installed. In this case I’m using a Debian system, you can download Nikto for Debian at. This time we’ll explore Nikto, a vulnerabilities scanner written in Perl, to check for Web Application vulnerabilities and footprinting (getting useful information about the target). Simply receiving a 200 response code is not always sufficient to determine session state.In the past we learned how to use Nmap, Nessus and OpenVAS to look for vulnerabilities. Regex to verify successful authentication: A regex pattern to look for on the login page. This field can be used to provide more than two parameters if required (e.g., a group name or some other piece of information is required for the authentication process).Ĭheck authentication on page: The absolute path of a protected web page that requires authentication, to better assist Nessus in determining authentication status, e.g., /admin.html. If the keywords %USER% and %PASS% are used, they will be substituted with values supplied on the Login configurations drop-down menu. Login parameters: Specify the authentication parameters (e.g., login=%USER%&password=%PASS%). For example, the login form for: would be: /login.php Login submission page: The action parameter for the form method. Login page: The absolute path to the login page of the application, e.g., /login.html Password: Password of the user specified.Moreover, the steps as described in the documentation are the following:Ĭredentials: which are filled out like these (taken from documentation): Read more hereĪn article demonstrating this option is here. Cookie import: First you have to export them from your browser in netscape format.
0 kommentar(er)
