Nikto is a command-line tool in Kali Linux that can be used to evaluate a web application for known security issues. In the scanning phase of the assessment, we already determined hosts running web services with Nmap. Bash scripting can be used to leverage existing Nmap greppable output files to run Nikto only against systems that are running web services. In this recipe, we will demonstrate how a script can be used to determine hosts that are running a service on TCP port 80 from previous scan results and then run Nikto against only those systems.
Automate web application scanning with Nikto
Getting ready
To use the script demonstrated in this recipe, you will need to have access to systems running web services. In the example provided, there are two boxes...