LAB 23

Using nikto

1. Introduction
Nikto is an open source software used to test Web Server security issues
with a standalone database of up to 70,000 common security flaws found and
updated with each version. . Nikto allows quick checks on issues such as server
service side configuration or software flaws, default programs or files found,
unsafe programs or files found, vulnerabilities Basic in web application.

2. Preparation
- Install the nikto download at the following link:
https://projects.giacomodrago.com/nikto-win/
- Install Perl program for Windown
- Computer running windows operating system. Require to disable the firewall on
the system.
- The source code management mysql - phpmyadmin
https://www.phpmyadmin.net/downloads/
- XAMPP download by following link:
https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
win32-5.6.31-0-VC11-installer.exe?from_af=true
- DVWA download the following link:
http://www.dvwa.co.uk/
- The browser software chrome, firefox 10.0, 7zip, Notepadd ++.

3. Implementation steps
Install nikto and perl in kali linux machine
- Type the command: nikto -host http://192.168.139.129/dvwa
192.168.139.129 = ipv4 machines running dvwa on local

- Wait a moment nikto will scan as in the picture

 - We see nikto scan out link /dvwa/config/

We will check the link has been scanned

192.168.139.129/dvwa/config we see that the config.inc.php file is the db config
file