Scan for Vulnerabilities on Any Website Using Nikto [Tutorial]
Вставка
- Опубліковано 14 чер 2024
- Get Our Premium Ethical Hacking Bundle (90% Off): nulb.app/cwlshop
How to Scan Websites for Vulnerabilities with Nikto
Full Tutorial: bit.ly/NiktoScan
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Not all websites are developed the same, and a lack of security measures is all the opening a hacker needs to wreak some havoc. In this episode of Cyber Weapons Lab, we'll show you how to scan websites for vulnerabilities with Nikto, a powerful but simple tool that can perform scans on SSL/HTTPS websites, an IP address for a service on a local network, or an older HTTP web domain.
Follow Null Byte on:
Twitter: / nullbytewht
Flipboard: flip.it/3.Gf_0
Weekly newsletter: eepurl.com/dE3Ovb - Навчання та стиль
Remember kiddies, don't try this at home. Go to a friend's house
Eli Kirkwood or use a vpn
Or you can you both Tor and vpn for 99% security.
@Islaminame
Well ,in case of mobile phones if you try to use 2 vpns +Tor then your battery will decrease in huge amount like water from glass( if glass bends) because vpn's uses much battery as compared to Tor.
hhhhhhhh
whys that? what are the possible risk doing this at home?
Moral of this video: Never ever blink when u're explaining something to someone..
LEGIT! XD
lol
Lol
lmfao
lol
At 1:52 HE ALMOST BLINKED :OOOOOOO!!!4
what do you mean blink i only seen that comment blink blink blink!!
AHHAHAHAHAHAHAHAHAHAHAHHAHAHAHA good one!
I would love to see a part 2 of this in which you actually do pair the nikto output with some metasploit exploit. I find interpreting nikto output to be very, very difficult in relation to next steps.
Right? I feel like i need a tutorial about how to make sense of the various outputs you can get
Thanks Null Byte ! what would you personally recommend if you compare Burp suite vs Nikto ? for reconning and excuting and even saving databases on your targets ?
Sir next time you record a terminal window, please remember to increase the font size so that we can see the text clearly
Indonesia switch to 720p or 1080p.
i had to use the system magnifier and a real one to be able to read
Use a magnifying glass
I had to use a microscope
Ah masa gakeliatan
Yes, finally we get to see u again
Excellent video! Thank you for walking us through this process with great, efficient tips along the way. Very helpful.
cool content as always, man! Would it be possible for you to ctrl-shift-+ your terminal windows? Some of the smaller text doesn't render well after youtube's processing/compression/whatever
We'll make it bigger in future episodes
Null Byte thank you!
what type of terminal u r talking about is this linux i use ctrl + alt + t
@@mohsintahir8906 ctrl-shift-+ increases the text size *while* in the terminal
You can zoom screen when you type command line, it truly useful for us to following.
That electric sound effect at the end of the video - you got me. I even felt the vibration coming from my laptop. Fuck sake.
Just wanted to say thank you for your channel 👍I appreciate your presentations
This channel is a gem
@15:20 thanks bro for telling me that at the very end, I thought Nikto was practically the same as nmap, so I ran it without a vpn.
Thanks bro for telling me
Ever thought of following up this video with an msf meterpreter video?
You should definitely delve into it!
This dude is actually staring at my soul in every video 🥴
Y e a h 😶
Be careful! Staring in your history my be worse.
@@djparty95 🤣🤣
One of the first viewers. Yesss!!!
I love you videos. ♥️
Terminal Tex in this video is very small. Plz increase the font size next time. Great work guys 👍👍👍👌👌👌
Hey really nice !
Do you know how to bypass firewalls ? For some reason, -sS flag doesnt work when the network is set up with firewall or antivirus
Hey, Whats Up Kody, I Saw U I Kak5 Five And Wanted To Say, You Have Done A Very Good Job With This Channel
sir @Null Byte do you hack with your mac OS terminal or use a VM?
very nicely explained. Thanks
Why hasn't this guy got a million subs he is way better then David bombal and network chuck
May I ask what OS u are using that is best suited for cybersecurity activities 'cause I intend to buy a new one
Just a friendly feedback: you may magnify the terminals, especially when typing the commands when the terminal is cleared and empty, e.g. @ 9:23. The clip looks like a blank screen with some little ascii on the top! :)
Great video! Thank you for sharing!
Have you done any Maltego episode? I just found most of it is America „focused” .
thank you very much for the nikto tutorial man
When I try to output the log to metasploit using '-Format msf+' kali linux spits back an error saying it's an invalid output format
we need tutorials on Klatu and verata next
i like that sepread this just for knowledge purpose
Hello, please provide a session on doing external pen test against public IP
Great tutorial.. in your next videos please zoom in or increase the fonts of your terminal for better visibility
Awesome vid. I don’t think you blinked the entire time 😂👍
maybe he is reading what to say in the camera :)
i am using unity tweak tool i can just switch on windows only like in one window i can watch a video and it is playing but on the other i open a text based app or terminal etc how i can write there i am unable to write i want to use both what i do?
I might be slow or blind but where did you scan for vulnerability eg. website.com ?
NullByte how do I pair it with the exploit since msf+ isn't an option on my kali machine running kali 2020
How do you hack a phone only with the phone number, how can you listen to people calls with a program and see where they are exactly. I saw that they can find you, and listen to you through your phone, even when your phone is offline etc. How?
thank you man this was good
I found sql vuulnerabilty ,,will you help me in, how to search for suitable metasploit exploit for that..
very well explained
Your videos are great, really really helpful 👍🏻
But why don’t you make the font bigger ??
Please we need that.
@1:45 Altego?! Baltego?! What's the tool? Trying to scan our API to find out if there are any vulnerabilities.
Thanks!
Nice class about active scan in websites. But what you've said about using a vpn or thor cause of the "suspicious" behaviour with these tools gave me a doubt.
I'm participating some bugbounty programs, and will only use this tool in authorized scopes of programs. Do you think is needed to use a vpn to hide my ip adress? What do you think about this? Thanks for the knowledge!
Tbh I would use a VPN or proxies no matter WHAT. I wouldn't risk it
Hm.. I have nord vpn but for some reason every time I log into it my internet doesn't work so iv been using mainly proxychains as a backup.
I done this using a VPN and used my Linux server on Hyper V manager! Love your videos!!!
is there any free vpn and best?
new era 2017 most free VPNS are not premium and pretty shit. I would recommend paying for one or just using a free trial
@@fudoshin2776 gud suggestion is there any trail bases for a long period supported 3 to 4 months
new era 2017 no I don’t think so ( very unlikely) Different VPN providers have different time period free trials, some 7 days, 3 days, 1 month etc
@@fudoshin2776 nice
Please kindly make a video series on shodan @Null Byte
10:35 u r using mac ? what is best for other intel pcs
Are we blinking at the same time? Or he won't blinking
Great vid
Whats the intro music?
thanks again, sempai
can u tell me which linux u r using what type of linux system is best for find secure web kali , ubuntu or mac many people confusion on this i like ubuntu bcz its interface is beautiful but most ceh use kali or some red hat(tell me about your suggestions)
Kali linux or Parrot Security OS, you CAN use Ubuntu but Mali Linux has the tools you need to hack.
Hi i did like the video but i had to stop it hundred of times cuz of the texts they are too small thx
Fun fact.
Saying nikto to Saudi. Can lead to injuries.
Lol
Nikto means fucked him
Nikto means "nobody" in Russian.
hey null byte is there a way to run this scan way more faster? its taking such insane amount of time to finish it.
I'm sure there are filtering options that will speed it up. Also limiting the IP range.
Thanks
Very good job
Thanks for the info man!! No puns here.
good stuff but you need a magnifying glass to see the commands
hahaaha he safe his site they just tell how its work
How I can write the stray up lines in the terminal? | awk '/Up$/{print $2}' |
very good video
My friend 🙋♂️
Oh wow this is so cool.
Hi again!
It works on WAN?
well the website I was trying to do sql attack on blocked my IP 😅
Hai, bud
Do one carding vedio and tools used
Muy pequeño lo que se escribe en la terminal. No se alcanza a ver bien.
the best BLINK all the time 1:82
thanks a lot
nikto -h [Domain] -Format msf+ gives me a "+error : Invalid output format" which is lame because I'd like to link it to Metasploit..
@Joey Ds LOL nope, in my Kali linux.
not visible clearly, too small display
i have send u in twitter messege but u didnt answer, i want to talk with u pls
your the best man
null byte never blinks, I'm hear for it.
I have a question, can you somehow break the secure desktop security in windows? In such a way that, for example, a keylogger process would work in order to intercept the password from uac prompt.
I need to learn 😩
I want read results idk where and how
Excellent procedure but text are too small and not making the video interesting. Can you increase the text size a bit?
zwiększ czcionkę. Na telefonie prz 720 nic nie widać
Tells me I shouldn’t do it on my ip at the end of the video after I’ve already done it 😂😂💀
Oooppss
@@NullByteWHT ahahahahahahahha
@@NullByteWHT literally the same, but started trying it on my own websites ;P
How can i bypass an admin login page using kali linux
whats the cmd for windows to install
Please increase the terminal font
WTF are those straight lines in the command for saving the nullbyte.txt file to targetip.txt? i don't have such characters on my keyboard. And where and how does this command work? I just wasted an hour of my life trying to figure out this command.
15:13 wait how could i possibly do this in tor?
Is it illegal to run nikto on websites?
u look like Jake Gyllenhaal in the nightcrawler movie, and bobby fischer all in one
I love nikto. I incorporated it into a tool I wrote in python. 😁.
Great video , once again.😎😎
Tool*. And making a system command via a Python script isn't really something to be proud of.
Can you show me some examples of your incorporation please?
@@mentix002 auch way to stifle people growth and curiosity. What a role model.
@Manan Yadav Why are you like this.
@@netbin build your tools and call nikto to scan for vulnerabilities. If any found than call to search for exploits if there are any than build your app/tool to execute payload.
I can't give u an example here too much to write but if u search how to call nmap or nikto to use in python script it will show u how to call other tools to use in ur app..
Nice
I am New here cool 😎 place to learn! How can one contact you please?
"Now, before you start running Nikto on every site you can think of.." You should have put that warning near the beginning. 😅😅
What do you suggest me to do get an alfa adapter or an wifi pineapple nano?
those are two completely separate things, the amount of script kiddies these videos attract is wild.
Lolzzn12 Please don’t react when you have no knowledge ...
Both are capable of monitor mode and package injection , both are able to start an evil twin attack , both can deauthenticate networks , but the pineapple nano got a better UI and is able to run many modules when the rogue acces point is online. It also has a better range. The only thing that stops me from buying the nano is money ...
How to scan .bazar domain?
Hi sir
Please tell me
How to hack or edit games like a free fire,pubg,mpl,etc
With the help of html language & server side scripting & client side scripting
Please answer me sir please...
Is that actually a macbook or a dell with hackintosh or virtual machine?
I wanna know too..??
$1000 to anyone who can beat him in a staring contest
he said juicy... lol
How do we recover the logs in a machine if an intruder wipes all the logs?
Depends on how these "logs" we're wiped. If they were simply deleted and not overwritten, data recovery tools may help you.
Use bigger fonts!!!