Automate web application scanning with Nikto
Nikto is a command-line tool in Kali Linux that can be used to evaluate a web application for known security issues. In the scanning phase of the assessment, we already determined hosts running web services with Nmap. Bash scripting can be used to leverage existing Nmap greppable output files to run Nikto only against systems that are running web services. In this recipe, we will demonstrate how a script can be used to determine hosts
that are running a service on TCP port 80
from previous scan results and then run Nikto against only those systems.
Getting ready
To use the script demonstrated in this recipe, you will need to have access to systems running web services. In the example provided, there are two boxes running Metasploitable and two running Windows XP. For more information on setting up Metasploitable and Windows XP systems, refer to the Installing Metasploitable2 and Installing Windows server recipes in Chapter 1, Getting Started....