← Back to home
Nikto Dirb Gobuster Escaneo Web DAST Reconocimiento
Intermediate

Nikto & Dirb: Web Vulnerability Scanning

Apr 18, 2022

Automated scanning is a crucial phase of web reconnaissance (DAST - Dynamic Application Security Testing). Tools like Nikto detect misconfigurations and known CVEs, while Dirb and Gobuster map the attack surface by discovering hidden directories and files.

1. Nikto β€” Web Vulnerability Scanner

Nikto is an open-source scanner written in Perl that audits web servers for over 6700 vulnerabilities, outdated software versions, and configuration flaws. While "noisy" and easily caught by WAFs, it remains an industry standard.

Basic Scanning & Authentication

# Basic scan on port 80:
nikto -h http://192.168.1.10

# Scan through a proxy (e.g., Burp Suite for debugging):
nikto -h http://192.168.1.10 -useproxy http://127.0.0.1:8080

# With HTTP Basic Auth:
nikto -h http://192.168.1.10 -id admin:password

# With Session Cookie:
nikto -h http://192.168.1.10 -c "PHPSESSID=abc12345; security=low"

Nikto Tuning & Evasion

Running all Nikto checks can take hours. You can tune (-Tuning) the scanner to target specific vulnerabilities:

# Search only for info disclosure and interesting files:
nikto -h http://192.168.1.10 -Tuning 13

# IDS/WAF Evasion Techniques (-evasion parameter):
nikto -h http://192.168.1.10 -evasion 128

πŸ”΄ Nikto Forensics Analysis

A Junior analyst has run a full Nikto scan against the company's Legacy server, but doesn't know how to interpret the results. Read the raw scanner report and identify the 3 critical vulnerabilities discovered.

>_ START CTF 17 CHALLENGE

2. Dirb β€” The Classic Discovery Tool

A web server doesn't publish an index of all its pages. Dirb brute-forces paths using wordlists to discover hidden panels.

# Specify a larger dictionary:
dirb http://192.168.1.10 /usr/share/wordlists/dirb/big.txt

# Search for specific extensions (-X):
dirb http://192.168.1.10 -X .php,.txt,.html,.bak,.sql

# Custom User-Agent to avoid basic blocks:
dirb http://192.168.1.10 -a "Mozilla/5.0 (Windows NT 10.0)"

3. Gobuster β€” Modern Speed in Go

Gobuster has replaced Dirb in most modern workflows. Being written in Go, it handles concurrency much better, making it exponentially faster.

# High-speed directory discovery (50 threads):
gobuster dir -u http://192.168.1.10 \
  -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  -x php,html,txt,bak -t 50

# DNS Subdomain Fuzzing:
gobuster dns -d target.com \
  -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

4. The Recon Workflow

  1. Nmap: Discover open ports.
  2. Nikto: Quick check for "Low Hanging Fruit" vulnerabilities.
  3. Gobuster: Massive directory and subdomain brute force in the background.
  4. Burp Suite: Manually exploit the interesting files discovered by Gobuster.