How To Test A Website Or Web Server For Vulnerabilities
Do you want to know how to run some basic tests on your web server to see if it is vulnerable? This tutorial will teach you how to penetrate your own webserver and test for vlunerabilities. This method is very traceable, so I suggest you only use it on your own web servers and with your Hosts permission.
In this tutorial you will learn how to use a simple tool to find vulnerabilities on your webserver. The tool is called Nikto and is ran on Kali Linux.
Step 1: Run Nikto on Kali Linux
We will use Kali because Nikto is preinstalled. Go to: “Kali Linux – Vulnerability Analysis – Misc Scanners – nikto” and run it.
Step 2: Scan your server
To scan for vulnerabilities on a website type:
nikto -h example.com
You can use this to scan URLs as well as IP addresses. If you want to know the IP of a website just ping it.
Step 3: Analyse the server vulnerabilities.
Nikto will give you a report of potential vulnerabilities on the websites server. The scan will give you a list of potential vulnerabilities a hacker could try to exploit on the webserver. Some of the vulnerabilities could be a false positive so be aware of that possibility. Some of the vulnerabilities will be have a OSVDB prefix, which stands for Open Source Vulnerability Database which is a vast database of known vulnerabilities. You can check the vulnerability IDs here: http://www.osvdb.org
Warning: Only use this on your own server or servers you are authorized to Pen test.