zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

Penetration Testing

September 7, 2011 by Igor Drobot Leave a Comment

Penetration testing(pentest) is very important for development and production environments unfortunately many people forget that and play with fire.

Pentest is a method of evaluating the security of a server services and hardware devices.
This hard analysis is carried out from the position of a potential attacker, in this case this attacker is a white hat and he can involve active exploitation of security vulnerabilities. [Read more…]

Filed Under: Linux Tagged With: amap, hacking attempt, Nikto, nmap, Penetration, pentest, security test

Nikto – vulnerabilities scanner

December 6, 2010 by Igor Drobot Leave a Comment


Nikto is an Open Source (GPL) web server scanner which scans your webserver against more than 3500 dangerous files/CGIs, outdated version checking, It has a very good plugin support
Official site

To install in ubuntu / debian

1
$ apt-get install nikto

$ apt-get install nikto

For simple test:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
firewall ~ # nikto -h debianuser.org
---------------------------------------------------------------------------
- Nikto 2.02/2.03     -     cirt.net
+ Target IP:       188.40.116.206
+ Target Hostname: debianuser.org
+ Target Port:     80
+ Start Time:      2010-12-07 10:45:55
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-3092: GET /img/ : This may be interesting...
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ 4347 items checked: 2 item(s) reported on remote host
+ End Time:        2010-12-07 10:49:45 (230 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

firewall ~ # nikto -h debianuser.org --------------------------------------------------------------------------- - Nikto 2.02/2.03 - cirt.net + Target IP: 188.40.116.206 + Target Hostname: debianuser.org + Target Port: 80 + Start Time: 2010-12-07 10:45:55 --------------------------------------------------------------------------- + Server: Apache + OSVDB-3092: GET /img/ : This may be interesting... + OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons + 4347 items checked: 2 item(s) reported on remote host + End Time: 2010-12-07 10:49:45 (230 seconds) --------------------------------------------------------------------------- + 1 host(s) tested

Filed Under: Bash, Debian, Linux, MySQL Tagged With: apache security, Nikto, Security scanner, vulnerabilities finder