Bullet-proof Apache: Nikto Security Scanner

apache

If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:

./nikto.pl -host [ip address]

Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

- Nikto v2.03/2.04
—————————————————————————
+ Target IP:          10.0.0.1
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
—————————————————————————
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
—————————————————————————
+ 1 host(s) tested

Test Options: -host 10.0.0.1
—————————————————————————

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

2 Comments so far

  1. sem calcinha @ February 28th, 2012

    Adoro me mostrar peladinha na web cam

Leave a reply

Add this site to your Firefox Search Bar

Twitter Updates


No public Twitter messages.

Recent Entries

Topics

Archives

This site is optimized for Firefox.