Sometimes it really fun to watch people stumble about.
Watching the drunk bloke leave the local pub after way to many.
Seeing as he stumbles about in his drunken dance trying to stay on his feet.
Just before he hits the curb loses his footing and tumbles on his back into the middle of the roadway.
At least that’s what it feels like when you see the constant attempts to run web scanning tools against websites these days.
The scripts and tools have been dumb’d down so much that most people running the tools have no idea what they are doing.
That being said it’s not nearly as much fun if all the players don’t understand the rules to play the game.
So here is your first installment of how to UN-n00B your nikto script.
Since Nikto scans are such a commonly used tool out there it is something more website admin’s will look for and try to prevent.
The easiest way to do this is to just filter for the default Nikto user agent since many n00B’s will not bother to change this value.
Pretty easy to see the big “Kick Me” sign there.
So let’s make that look better shall we?
First we need to verify we have a newer version of Nikto (v2+)
(older version’s of Nikto require modification of actual perl modules not covered here)