Nikto is a free Open Source $($GPL$)$ software command$-$line vulnerability scanner that scans webservers for dangerous files and CGIs, outdated server software, and other problems. It performs generic and server type specific checks. It also checks for server configuration items such as the presence of multiple index files and HTTP server options, and will attempt to identify installed web servers and software. It also captures and prints any cookies received.

Sample Web Server Scan:

$-$ Nikto v$2\mathrm{.}1\mathrm{.}0$

$---------------------------------------------------------------------------$

$+$ Target IP: $192\mathrm{.}168\mathrm{.}2\mathrm{.}111$

$+$ Target Hostname: $192\mathrm{.}168\mathrm{.}2\mathrm{.}111$

$+$ Target Port: $80$

$+$ Start Time: $2010-07-0822$:$52$:$11$

$---------------------------------------------------------------------------$

$+$ Server: Apache$/2\mathrm{.}2\mathrm{.}8($Ubuntu$)$ PHP$/5\mathrm{.}2\mathrm{.}4-2$ubuntu$5\mathrm{.}10$ with Suhosin$-$Patch

$-$ Root page $/$ redirects to: login$.$php

$+$ OSVDB$-0$: robots.txt contains $1$ entry, which should be manually viewed.

$+$ OSVDB$-0$: Apache$/2\mathrm{.}2\mathrm{.}8$ appears to be outdated $($current is at least Apache$/2\mathrm{.}2\mathrm{.}1$

$4).$ Apache $1\mathrm{.}3\mathrm{.}41$ and $2\mathrm{.}0\mathrm{.}63$ are also current.

$+$ OSVDB$-0$: Number of sections in the version string differ from those in the database, the server reports: $5\mathrm{.}2\mathrm{.}4\mathrm{.}45\mathrm{.}2\mathrm{.}117\mathrm{.}98\mathrm{.}117\mathrm{.}110\mathrm{.}116\mathrm{.}117\mathrm{.}5\mathrm{.}10$ while the database has: $5\mathrm{.}2\mathrm{.}8.$ This may cause false positives.

$+$ OSVDB$-0$: PHP$/5\mathrm{.}2\mathrm{.}4-2$ubuntu$5\mathrm{.}10$ appears to be outdated $($current is at least $5\mathrm{.}2\mathrm{.}8)$

$+$ OSVDB$-877$: HTTP TRACE method is active, suggesting the host is vulnerable to X

ST

$+$ OSVDB$-0$: ETag header found on server, inode: $1681,$ size: $26,$ mtime: $0$x$46$dfa$70$e

$2$b$580$

$+$ OSVDB$-0$: $/$config$/$: Configuration information may be available remotely.

$+$ OSVDB$-0$: $/$php$.$ini: This file should not be available through the web interface

$+$ OSVDB$-12184$: $/$index$.$php$?=$PHPB$8$B$5$F$2$A$0-3$C$92-11$d$3-$A$3$A$9-4$C$7$B$08$C$10000$: PHP reveals potentially sensitive information via certain HTTP requests, which contain specific QUERY strings.

$+$ OSVDB$-3268$: $/$config$/$: Directory indexing is enabled: $/$config$/$

$+$ OSVDB$-3092$: $/$login$/$: This might be interesting...

$+$ OSVDB$-3092$: $/$setup$/$: This might be interesting...

$+$ OSVDB$-3268$: $/$icons$/$: Directory indexing is enabled: $/$icons

$+$ OSVDB$-3268$: $/$docs$/$: Directory indexing is enabled: $/$docs

$+$ OSVDB$-3092$: $/$README: README file found.

$+$ OSVDB$-3092$: $/$CHANGELOG$.$txt: A changelog was found.

$+$ OSVDB$-3233$: $/$icons$/$README: Apache default file found.

$+3588$ items checked: $17$ item$($s$)$ reported on remote host

$+$ End Time: $2010-07-0822$:$53$:$52(101$ seconds$)$

$---------------------------------------------------------------------------$

$+1$ host$($s$)$ tested

What vulnerabilities were found?

What was at least one specific exploit that was listed $($OSVDB$-$XXX$)?$

What risks do the vulnerabilities create?

How could they be remediated?

What practices should be used to prevent similar vulnerabilities?

What protective measures could be used if applications or servers could not be fixed?