Lab 7 manual.docx Of Information security for students

LAB MANUAL FOR INFORMATION SECURITY (IS)
Lab on nikto and zenmap
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
University of Engineering and Technology
Lahore (Narowal Campus)

Lab 7: Lab on nikto and zenmap in Kali Linux
CONTENTS
Lab 7: Lab on nikto and zenmap in kali Linux........................................................................................................4
Zenmap:............................................................................................................................................................4
Lab Exercises.....................................................................................................................................................6
Basic Network Discovery...............................................................................................................................6
Service and Version Detection.......................................................................................................................7
OS Detection..................................................................................................................................................7
Advanced Scanning Techniques....................................................................................................................7
Nikto..................................................................................................................................................................8
Basic Testing..................................................................................................................................................9
Multiple Ports:.............................................................................................................................................11
Scan an SSL-Enabled Website:.....................................................................................................................12
Don’t look for pages that are not there (–no404):......................................................................................13
Plugins scan:................................................................................................................................................14
University of Engineering & Technology (Narowal-Campus) 2 | P a g e

LAB 7: LAB ON NIKTO AND ZENMAP IN KALI LINUX
ZENMAP:
Brief Overview of Zenmap:
Zenmap is a graphical user interface (GUI) for Nmap, a powerful and versatile open-source tool used for
network exploration and security auditing. Zenmap simplifies the process of network scanning by providing an
intuitive interface that allows users to easily specify targets, scan types, and view results. It displays
comprehensive information about network hosts, open ports, services, and potential vulnerabilities, making it
a valuable asset for network administrators, security professionals, and ethical hackers.
Purpose in Network Scanning and Mapping:
Zenmap serves several key purposes in network scanning and mapping:
Network Discovery: Zenmap enables users to discover live hosts on a network, identify active services, and
map out the network topology. By conducting scans ranging from simple ping sweeps to comprehensive
reconnaissance, Zenmap helps administrators gain insights into their network infrastructure and detect
unauthorized devices or services.
Vulnerability Assessment: Zenmap facilitates the identification of potential security vulnerabilities by
detecting open ports, service versions, and operating systems on target hosts. This information allows security
professionals to assess the security posture of a network, prioritize remediation efforts, and mitigate potential
risks.
Penetration Testing: Zenmap is widely used in penetration testing (pen testing) engagements to simulate real-
world attacks and evaluate the effectiveness of security defenses. By performing targeted scans and analyzing
scan results, pen testers can identify entry points, exploit weaknesses, and provide recommendations for
enhancing security controls.
Why Zenmap is Used in Conjunction with Kali Linux:
Kali Linux is a popular Linux distribution specifically designed for penetration testing, digital forensics, and
security auditing. Zenmap is included as part of the toolset in Kali Linux due to several reasons:

Comprehensive Toolset: Kali Linux provides a comprehensive suite of pre-installed tools and utilities tailored
for security professionals. Zenmap complements these tools by offering robust network scanning and mapping
capabilities, allowing users to conduct thorough security assessments from a single platform.
Integration with Nmap: Zenmap is a graphical front-end for Nmap, leveraging its powerful scanning engine to
perform network reconnaissance tasks. By using Zenmap in conjunction with Kali Linux, users benefit from the
combined strengths of both tools, enhancing efficiency and productivity in security assessments.
User-Friendly Interface: While Kali Linux offers a wide range of command-line tools for advanced users,
Zenmap's graphical interface provides a more user-friendly experience for those who prefer visual feedback
and intuitive controls. This accessibility makes it an ideal choice for security practitioners of varying skill levels.
https://nmap.org/download.html
sudo apt install zenmap

LAB EXERCISES
BASIC NETWORK DISCOVERY
Objective: Introduce students to basic network discovery techniques using Zenmap.
Instructions:
Scan the local network for live hosts.
Perform a ping scan to identify active hosts.
Document the IP addresses and MAC addresses of discovered hosts.

SERVICE AND VERSION DETECTION
Objective: Teach students how to detect services and their versions on remote hosts.
Instructions:
Perform a comprehensive scan (-A) on a selected target IP address.
Analyze the results to identify open ports, services, and their versions.
Discuss the implications of service version detection for security assessments.
OS DETECTION
Objective: Familiarize students with OS detection capabilities in Zenmap.
Instructions:
Conduct an OS detection scan on a target IP address.
Examine the OS fingerprinting results.
Compare the results with the actual operating system of the target machine (if known).
ADVANCED SCANNING TECHNIQUES
Objective: Explore more advanced scanning techniques available in Zenmap.
Instructions:
Perform a stealth scan (SYN scan) on a target IP address.
Discuss the advantages and disadvantages of stealth scanning.
Experiment with different scan options and compare the results.

NIKTO
Overview & Description:
Nikto is an Open Source (GPL) web server scanner, which performs comprehensive tests against web servers
for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of
over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration
items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed
web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in
log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give
it a try (or test your IDS system).
The goal of the project is to examine a web server to find potential problems and security vulnerabilities,
including:
 Server and software misconfigurations
 Default files and programs
 Insecure files and programs
 Outdated servers and programs
 Pointers to lead a human tester to better manual testing
Nikto is built on LibWhisker2 (by Rain Forest Puppy) and can run on any platform which has a Perl
environment. It supports SSL, proxies, host authentication, attack encoding and more.

BASIC TESTING
Single Port: The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is
specified. The host can either be the IP or a hostname of a machine, and is specified using the -h (-host)
option. This will scan the IP 192.168.0.1 on TCP port 80:

To check on a different port, specify the port number with the -p (-port) option. This will scan the IP
192.168.0.1 on TCP port 443:
Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:
perl nikto.pl -h https://192.168.0.1:443/

MULTIPLE PORTS:
Nikto can scan multiple ports in the same scanning session. To test more than one port on the same host,
specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-
delimited list, (i.e., 80,88,90). This will scan the host on ports 80, 88 and 443.
perl nikto.pl -h 192.168.0.1 -p 80,88,443

SCAN AN SSL-ENABLED WEBSITE:

For example, let's start with scanning pbs.org to see some of the types of information that a Nikto scan will
show. After it connects to port 443, we see that there's some useful information about the cipher and a list of
other details like that the server is Nginx, but there's not a whole lot of interesting data here for us.
nikto -h pbs.org -ssl
DON’T LOOK FOR PAGES THAT ARE NOT THERE (–NO404):
The “no404” option specifies Nikto to disable “file not found” checking. This will reduce the total number of
requests made to the target.

PLUGINS SCAN:
We can run a more comprehensive scan using plugins. We can view all available plugins which Nikto supports,
by typing the following:
We will use the test plugin, which will run a comprehensive scan against the webserver for all the basic and
most common vulnerabilities. This can be done using the following command:

Lab 7 manual.docx Of Information security for students

More Related Content

Similar to Lab 7 manual.docx Of Information security for students (20)

Recently uploaded (20)

Lab 7 manual.docx Of Information security for students