Posts Tagged ‘hacking un-n00b unn00b nikto web pentest’

Sometimes it really fun to watch people stumble about.
Watching the drunk bloke leave the local pub after way to many.
Seeing as he stumbles about in his drunken dance trying to stay on his feet.
Just before he hits the curb loses his footing and tumbles on his back into the middle of the roadway.

At least that’s what it feels like when you see the constant attempts to run web scanning tools against websites these days.
The scripts and tools have been dumb’d down so much that most people running the tools have no idea what they are doing.

That being said it’s not nearly as much fun if all the players don’t understand the rules to play the game.

So here is your first installment of how to UN-n00B your nikto script.
Since Nikto scans are such a commonly used tool out there it is something more website admin’s will look for and try to prevent.
The easiest way to do this is to just filter for the default Nikto user agent since many n00B’s will not bother to change this value.

Here is what it looks like in the web server logs:
Default User Agent

Pretty easy to see the big “Kick Me” sign there.
So let’s make that look better shall we?
First we need to verify we have a newer version of Nikto (v2+)
./ --Version
Nikto Version Info
(older version’s of Nikto require modification of actual perl modules not covered here)

Next we edit the nikto.conf file (for BT users that’s /pentest/web/nikto/nikto.conf)
We want to change the following value
Nikto Default Agent Value
To something more friendly
Nikto Modified User Agent

Now when we look at the web server logs we see our changes
Nikto New Logs