Skip to content

cmarlo246/Website-Vulnerability-Scanning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Lab - Web Vulnerability Scanning.pdf
Lab - Web Vulnerability Scanning.pdf
 
 
README.md
README.md
 
 

Repository files navigation

Website-Vulnerability-Scanning

Vulnerability Scanning with Nikto

Author

Marlo Clarke
Cisco Ethical Hacker Candidate | ParoCyber Bootcamp Student
Cybersecurity & IT Professional

Objective

The objective of this lab was to use the Nikto web vulnerability scanner to identify common security issues, misconfigurations, and outdated software on web servers. The lab demonstrates how automated vulnerability scanning supports defensive security and penetration testing efforts.

Tools Used

  • Kali Linux
  • Nikto
  • Firefox (for vulnerability research)
  • National Vulnerability Database (NVD)

Lab Overview

1. Launching Nikto

Nikto was launched from the command line and explored using the help option to understand available tuning and scan parameters.

Command: nikto –help

2. Basic Vulnerability Scan

A basic scan was performed against scanme.nmap.org, a publicly available test server provided by Nmap for safe scanning.

Command:nikto -h scanme.nmap.org

Findings included missing security headers such as X-Content-Type-Options, which can allow MIME sniffing attacks.

3. HTTPS Scanning

Nikto was configured to scan HTTPS-enabled targets using the -ssl flag.

Command: nikto -h https://nmap.org -ssl

4. Scanning Multiple Web Servers

A list of internal lab IP addresses was created and scanned simultaneously.

Command: nikto -h IP_list.txt

Multiple web servers were identified, including Apache-based systems.

5. Vulnerability Analysis

Reported CVEs were researched using the National Vulnerability Database (NVD), including:

  • CVE-1999-0678
  • CVE-2003-1418

This step helped validate findings and identify remediation strategies such as patching and secure configuration.

6. Exporting Scan Results

Nikto scan results were exported for reporting and further analysis.

Commands: nikto -h 172.17.0.2 -o scan_results.htm nikto -h 172.17.0.2 -o scan_results.txt -Format csv

Findings & Observations

  • Missing security headers increase attack surface
  • Outdated web server configurations expose sensitive information
  • Automated scanners are effective for reconnaissance but require manual validation

Ethical Considerations

All scans were conducted in authorized lab environments or approved public test servers. Vulnerability scanning must only be performed with proper permission.

Skills Demonstrated

  • Web vulnerability scanning
  • CVE research and remediation analysis
  • Secure configuration assessment
  • Ethical hacking documentation

Next Steps

  • Manual testing with OWASP ZAP or Burp Suite
  • Targeted SQL Injection and XSS testing
  • Web application hardening and remediation validation

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published