Sunday, February 28, 2010

nikto toturial

Nikto is an Open Source web server scanner
you can download in web that i have write in recent post

after your download you can get this filebefore your start run nikto first thing you must do is install the ActivePerl in your computer ,in this case i have install ActivePerl-5.10.1.1007-MSWin32-x86-291969 into my computer
just run it like usual .....

after that copy file nikto and put it into drive c or d ,depend on you
open program > Accessories > Command prompt

Then run it depent where you put nikto file
C:\Perl\Bin or D:\Perl\Bin

in this case i put put nikto in C
so i just run a command like this:
cd..
cd..
perl nikto.pl -h [web page ip adress]
then enter it will do scan ,
for example like this


to make your easyto find web page ip and save time your can add ShowIp on your Mozilla to look web page ip adress

you also can learn more command at nikto_ manual in nikto file ...

Posted by at No comments:
Labels:

acunetix view















This is example of first view you get after intall and run acunetix
there are many function you can get it

to start scan ,just click on button new scan

the you get page view below















and just follow the instruction ,click button next
and now you can get this ,and this tool start do the scanning














you also can generate full report of it after finish scan ..
Posted by at 2 comments:
Labels:

web scanners

emmm so when i understand to do patch so i start before this i still blur about how to patch web
so i start do some research about it
this is example web page that you can get the tool for nikto and acunetix
  • http://cirt.net/nikto2
  • http://www.hackerscenter.com
  • http://www.hackthissite.org/

for acunetix
  • http://www.acunetix.com/

also try another tool at
http://www.owasp.org
http://sectools.org/web-scanners.html
Posted by at No comments:
Labels:

Patch web

To patch the web server, 2 things can be patched:

  1. The application part (which is the web server application, Apache web server or Microsoft IIS 6.0, depending on the type of your web server you are using)
  2. The web server operating system, (either the OS is Linux or Microsoft based servers)

Get the updates or patch from the respective application provider or distribution website.

If you want to scan you web server for any vulnerabilities (should any exist), as an audit task or precaution, use Web Vulnerability Scanner such as Nikto (open source) or Acunetix Web Vulnerability Scanners (propriety, need to pay or use trial version). That’s for web server application audit, as for OS, you can audit or do vulnerability scans using Nessus.

Posted by at No comments:
Labels:

Patch

To patch the web server, 2 things can be patched:

  1. The application part (which is the web server application, Apache web server or Microsoft IIS 6.0, depending on the type of your web server you are using)
  2. The web server operating system, (either the OS is Linux or Microsoft based servers)

Get the updates or patch from the respective application provider or distribution website.

If you want to scan you web server for any vulnerabilities (should any exist), as an audit task or precaution, use Web Vulnerability Scanner such as Nikto (open source) or Acunetix Web Vulnerability Scanners (propriety, need to pay or use trial version). That’s for web server application audit, as for OS, you can audit or do vulnerability scans using Nessus.

Posted by at No comments:
Subscribe to: Posts (Atom)