What is Nikto?
Nikto is a website vulnerability scanner that scans against web servers for potential outdated servers, services and software versions (PHP, Apache, WordPress, Cloudflare, etc), hidden presence of multiple index files, etc. It works by making requests to the server, evaluating the responses in return.
Scanning a Website Using Nikto
Basic syntax: nikto -h domain/host name/ip addr
In this post, i will be scanning team4.pentest.id using nikto. To get started, simply open terminal and enter nikto -h team4.pentest.id.
Information regarding the IP and the port will be seen as follows.
As you can see, there are several outdated software versions of PHP, Apache. There is also 2 entry points in robots.txt which is /password.lst and /wp-login.php with HTTP code 302 which means redirect. With these, you can go to directory directly using the URL team4.pentest.id/password.lst and team4.pentest.id/wp-login.php