Critical Analysis of Security Tools Nikto and Nmap
Introduction
Both Nikto and Nmap are open source security tools which are heavenly used in the cybersecurity domain. These tools are used by the ethical hackers and penetration testers in the reconnaissance phase. The inputs gathered by these tools are extremely helpful in the later phase of the cyber kill chain.
1. Nikto
What is Nikto?
Nikto is an open-source (command line) webservers and websites vulnerability scanner. It conducts complex generic and server style checks. Any cookies obtained are also captured and printed. Nikto also tests for server configuration objects, such as multiple index files, options for the HTTP server, and attempts to recognise web servers and applications installed. Items and plugins for scanning are updated regularly and can be updated automatically. [6]
How it is used?
We used the Nikto tool in Kali Linux [5] in which it is pre-installed. If the Nikto tool is unavailable, it can be installed by the following commands:
o sudo git clone https://github.com/sullo/nikto [3]
With this command, the Nikto tool will be copied on the desktop.
o cd nikto/program
Then we need to change the directory and traverse to the program folder[3]
o ./nikto.pl -h google.com
With this command, the Nikto tool will run the scan on the website google.com.
-h is used to indicate the host is google.com.[3]
2. Nmap
Nmap is a scanner for a free and open-source network developed by Gordon Lyon. Through submitting packets and evaluating the replies, Nmap is used to discover hosts and resources on a computer network. Nmap offers a range of computer network testing capabilities, including host discovery and service and operating system identification. Such functionality can be expanded by scripts to include more sophisticated detection of utilities, detection of bugs and other functionality. [2]
In Kali Linux, the Nmap is pre-installed [5]. If Nmap is unavailable, it can be installed by the following commands:
o sudo apt-get install nmap
When this command is executed, nmap will be installed in the Linux machine.
o nmap
When the nmap command is entered on the terminal, the following output is seen.
Evaluation
1. Features of Nikto
- Nikto can save the output of the scan into file formats such as text file, comma separated value files etc. [7]
2. The Nikto allows scanning the domain on different port numbers. If any domain is not running on the port say 443, then Nikto can run on the port 80 to get the results. By running the scan on port 443, more details were gathered. [7]
3. Network Mapper (NMAP) can be used with Nikto which will help in the detailed analysis of the network fingerprinting. [7]
4. The display feature in the Nikto tells describes us detailed features and in the below screenshot, the Show Cookies function has been used. There are several functions Display feature of Nikto, they are as follows:
o 1 Show redirect
o 2 Show cookies received
o 3 Show all 200/OK responses
o 4 Show URLs which require authentication
o 5 Debug output
o E Display all HTTP errors
o P Print progress to STDOUT
o S Scrub output of IPs and hostnames
o V Verbose output [7]
2. Features of Nmap
1. Host Discovery
In Nmap, with the help of -sL command in Nmap, the hostnames of the website or the webserver can be discovered. [2]
2. Port Scanning
In Nmap, the reconnaissance process starts with the port scanning. The port scanning is done with the -p command. It will help to scan for the specific ports or tor the range of ports mentioned in the command. [2]
3. Version Detection
The Nmap allows detecting the version of the machine on which the website or the webserver is hosted. It is achieved with the -A command. [2]
4. OS detection
The OS and other details are gathered with the help of -O command. It will give the details such as Device type, Running etc. [2]
Analysis
Nikto
a) Ease of Use
The Nikto tool is quite easy to understand and use. If the user has gone through the manual, it won’t’ be difficult to use the Nikto tool. All the guidance is mentioned on the GitHub and the Kali Linux website: Nikto tool. The commands are easy, and the output is shown quickly. [3]
b) Performance
The Nikto is quite a powerful web application vulnerability scanner. It provides diverse options such:
o The user can use proxy to be safe from recording the log of the website while testing it.
o The user can do penetration testing with this tool like XSS (Cross Site Scripting), SQL Injection etc.
o The user can use a different type of evasion techniques like using the fake parameter, using windows directory separator, change the case of the URL etc.
o Can use the mutate function to enumerate the usernames via apache and cgiwrap.
o Can disable the use of SSL (Secure Socket Layer) and disable DNS (Domain Name System) lookup.
c) Scalability
The Nikto tool is scalable in the manner that it can be integrated with the Nmap scanner to scan the potential target of the IP addresses. After the scanning of Nmap, the result directly can be used in the Nikto tool for further research. The Nikto tool can also be installed on Windows.
d) Availability
The Nikto tool is an Open Source web application vulnerability scanner. The tool is always available on the GitHub. If the user tends to use the Kali Linux operation system, then it will be pre-installed in it. If the user is using different flavors of Linux, then it has to be installed in the operating system. [4]
e) Reporting and analytics
The Nikto tools help us to scan the websites for vulnerabilities and save the scan to many file formats such as text (txt) file, comma separated value (CSV) file, extensible markup language (XML) file, hypertext markup language (HTML) file and Nessus report (NBE) file format.
Nmap
a) Ease of Use
The Nmap tool is easy to learn, understand and use. One can find many eBooks publicly available free of cost to learn Nmap. Also, on the Nmap website, the person can learn the basic commands to learn the process of information gathering. [2]
b) Performance
The Nmap tool helps the user to gather a variety of information with diverse functions which includes the following but not limited to:
o It allows finding the opened ports of the web applications. It detects both Ipv4 and Ipv6 addresses. It provides a variety of scan such as Xmas Scan, Ping scan etc.
o It allows detecting the operating system and the version of the applications. It helps to explore the vulnerabilities of the specific version in case the user wants to exploit.
o The user can use a stealth scan to avoid any detection during the scan of the target.
o The Nmap scan can speed up by using the -n function which is used to disable reverse Domain Name System (DNS) resolution. This function of Nmap is immensely helpful when a large network is being scanned.
o The Nmap scan can also be done from a file. If the user has a text file with all the domain names or the IP address, with the help of function -iL /file.txt parameter, the Nmap scan be done [2]
c) Scalability
The Nmap tool is scalable in the manner that it can be installed on different operating systems such as Windows and Linux. In Nmap, the user can scan for the multiple hosts at a single time. Also, the Nmap tools allow us to scan multiple hosts at a single time. Instead of scanning one host at a time, many hosts can be scanned at one go and separate report is generated for every host.[2]
d) Availability
The Nmap tool is an Open Source web application vulnerability scanner. The tool is always available on the GitHub. If the user tends to use the Kali Linux operation system, then it will be pre-installed in it. If the user is using different flavours of Linux, then it has to be installed in the operating system. [2]
e) Reporting and analytics
The Nmap tools help to save the scan results in the text (txt) file. It will help the user to see the result later rather than conducting it again. Though Nmap does not allow us to save the scan to HTML format, the Nmap will store the scan to xml then the output will be transformed into HTML.[2]
Conclusion
Cybersecurity is a diverse domain were understanding from numerous fields such as Networking, Information Technology, Linux Architecture, etc. There are plenty of tools to learn and have hands-on to understand their working.
With Nmap following things were learned:
o When conducting a simple scan Nmap offers a large array of options to tweak the scan to obtain the best performance.
o These characteristics can make scans more precise, less likely to be detected, and quicker to complete.
o For most scans, Nmap’s large list of features and strong implementation make it favourite scanner for penetration testers.
o Network scanning offers target information, which is useful regardless of whether the user is attempting to attack or defend the network from attack. Many students use Nmap to learn about network security.
With the Nikto following things were learned:
o The Nikto tool can be easily integrated Nessus.
o The Nikto gives a detailed analysis of the website and tells what kind of vulnerabilities such as Cross-Site Scripting, SQL injection etc. are there if scanned with the appropriate function.
o The Nikto tool provides proxy support which helps to evade the targets firewall and the defence mechanism.
References
[1] Nikto Package Description [Online]. Available: https://tools.kali.org/information-gathering/nikto
[2] Nmap. Guide to Nmap [Online]. Available: https://nmap.org
[3] Nikto Tool GitHub Installation [Online]. Available: https://github.com/sullo/nikto
[4] Nmap Tool GitHub Installation [Online]. Available: https://github.com/nmap/nmap
[5] Kali — Linux OS [Online]. Available: https://www.kali.org
[6] Nikto (vulnerability scanner) [Online]. Available: https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner)
[7] Nikto Tutorial [Online]. Available: https://hackertarget.com/nikto-tutorial/
[8] How to Use Nmap: Commands and Tutorial Guide [Online]. Available: https://www.varonis.com/blog/nmap-commands/
