Scanning with Nikto
A must-have tool in every tester's arsenal is Nikto; it is perhaps the most widely-used free scanner in the world. As stated on its own website (https://cirt.net/Nikto2):
"Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated."
In this recipe, we will use Nikto to search for vulnerabilities in a Web application and analyze the results.
How to do it...
Nikto is a command-line utility, so we open a terminal.
We will scan the Peruggia vulnerable application and export the results to an HTML report...