Cuando tenemos varios servicios de apache o servidor web, siempre estamos pendientes de seguridad
para que no sean violada nuestros servicios de apache.Para como administrador siempre debemos
estar al pendiente de los posibles problema que tenga nuestro servicio, para esto existe nikto.

Nikto, es un escáner que permite obtener información detallada de un sitio web, este permite
examinar las vulnerabilidades que tenga nuestra servicio.

Nikto busca las siguientes vulnerabilidades:

1)Problemas de configuración del servicio.
2)Archivos y scripts por defecto.
3)Archivos y scripts inseguros.
4)Versiones no actualizadas.

Instalamos la herramienta nikto:

----debian/ubuntu y derivados
ascariote:~# apt-get install nikto

----Centos/RHEL/Fedora y derivados:
root@ascariote:~# apt-get install nikto

Lo podemos utilizar de la siguiente manera.

Ejemplo 1:
Escareo de vulnerabilidades del servicio apache dentro del mismo loopbak en puerto por default 80:

ascariote:~# nikto -h 127.0.0.1
---------------------------------------------------------------------------
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: 2009-08-06 11:39:12
---------------------------------------------------------------------------
+ Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
- Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should
be disabled. This message does not mean it is vulnerable to XST.
+ mod_perl/2.0.4 appears to be outdated (current is at least 5.8)
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-561: GET /server-status : This reveals Apache information. Comment out appropriate line in
httpd.conf or restrict access to allowed hosts.
+ OSVDB-3092: GET /ftp/ : This might be interesting...
+ OSVDB-3092: GET /pub/ : This might be interesting...
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 4347 items checked: 9 item(s) reported on remote host
+ End Time: 2009-08-06 11:39:29 (17 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
ascariote:~#

Ejemplo 2:
Escareo de vulnerabilidades del servicio apache en la ip 192.168.1.1 con puerto 64157 y ssl:

ascariote:~# nikto -h 192.168.1.1 -p 64157 -s
---------------------------------------------------------------------------
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 192.168.1.1
+ Target Hostname: 192.168.1.1
+ Target Port: 64157
---------------------------------------------------------------------------
+ SSL Info: Ciphers: DHE-RSA-AES256-SHA
Info: /CN=untangle.factordynalias.net
Subject: /CN=untangle.factordynalias.net
+ Start Time: 2009-08-06 11:44:16
---------------------------------------------------------------------------
+ Server: Apache/2.2.9 (Debian) mod_jk/1.2.26 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
- Root page / redirects to: /setup/welcome.do
+ mod_ssl/2.2.9 appears to be outdated (current is at least 2.8.30) (may depend on server version)
+ mod_ssl/2.2.9 OpenSSL/0.9.8g - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow
which may allow a remote shell (difficult to exploit). CAN-2002-0082.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-3092: GET /java/ : This might be interesting...
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3268: GET /images/ : Directory indexing is enabled: /images
+ OSVDB-3268: GET /docs/ : Directory indexing is enabled: /docs
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 2967 items checked: 8 item(s) reported on remote host
+ End Time: 2009-08-06 11:47:50 (214 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
ascariote:~#

Ejemplo 3:
Escareo de vulnerabilidades del servicio apache hacia un dominio alojado.

ascariote:~# nikto -h www.djtux.net
---------------------------------------------------------------------------
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 201.151.133.50
+ Target Hostname: www.djtux
+ Target Port: 80
+ Start Time: 2009-08-06 11:25:28
---------------------------------------------------------------------------
+ Server: Apache
- Root page / redirects to: /portal
- Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and
should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: Retrieved X-Powered-By header: PHP/5.1.6
- /robots.txt - contains 11 'disallow' entries which should be manually viewed. (GET)
+ PHP/5.1.6 appears to be outdated (current is at least 5.2.5)
+ OSVDB-3233: GET /mailman/listinfo : Mailman was found on the server.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially
sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3093: GET /webmail/src/read_body.php : This might be interesting... has been seen in web
logs from an unknown scanner.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 4347 items checked: 11 item(s) reported on remote host
+ End Time: 2009-08-06 11:35:48 (620 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
ascariote:~#

Esto detectamos los problemas que tengamos en nuestro servicios web, como también nos indica
una posible solución a nuestro problemas.