How to Perform a Web Page Security Check with Nmap and Nikto in Termux

Penetration testing
Sam Galope dev How to Perform a Web Sam Galope Page Security Check with Nmap and Nikto in Termux wide

In today’s digital world, securing your web pages is more important than ever. If you’re using Termux on Android, you have access to a powerful combination of tools to help secure your website. In this guide, we will show you how to perform a web page security check in Termux by integrating Nmap and Nikto—two of the most widely used tools for detecting vulnerabilities and ensuring your site’s security.

By the end of this tutorial, you’ll be equipped to identify security risks and harden your website against potential attacks.


Table of Contents

  1. Ethical Hacking and Legal Considerations
  2. Why Perform a Web Page Security Check?
  3. Prerequisites
  4. Step 1: Installing Nmap and Nikto in Termux
  5. Step 2: Running Nmap for Initial Scans
  6. Step 3: Using Nikto for Web Page Vulnerability Detection
  7. Integrating Nmap with Other Tools in Termux
  8. Conclusion

Before proceeding with any type of web page security check or network scanning, it’s crucial to understand the ethical and legal implications of these activities. Nmap, Nikto, and similar tools can expose vulnerabilities, which is why they are often used for ethical hacking purposes.

Always ensure you have explicit permission to scan and test the security of any website, server, or network. Unauthorized scanning of systems without consent can be illegal and may result in legal consequences.

Ethical hacking is about identifying vulnerabilities to strengthen security, not exploiting them for malicious purposes. If you’re a website owner or working for a client, get written permission before performing any scans. Responsible disclosure of vulnerabilities is key to maintaining ethical standards in cybersecurity.

Why Perform a Web Page Security Check?

A web page security check is essential to safeguard your online assets from vulnerabilities like SQL injection, cross-site scripting (XSS), and weak SSL certificates. Attackers can exploit these weaknesses to gain unauthorized access to sensitive data or even take control of the website.

Tools like Nmap and Nikto can automate the process of identifying these risks, helping website owners take preventive actions before an attack occurs.


Prerequisites

Before diving into the actual scanning process, you need to have the following:

To install Nmap and Nikto in Termux, follow these steps:


Step 1: Installing Nmap and Nikto in Termux

Nikto is a powerful, open-source tool designed to scan web servers and applications for security risks. It runs in-depth tests, detecting over 6,700 potentially dangerous files and programs that could compromise a server. Beyond that, Nikto helps identify outdated web server software and flags vulnerabilities tied to specific versions, making it a must-have for uncovering weaknesses and keeping your system secure.

Start by updating Termux packages and installing Nmap and Nikto. Open Termux and enter the following commands:

$ pkg update && pkg upgrade
$ pkg install nmap
$ pkg install nikto

This will install both tools, setting up your environment for a comprehensive web page security check.


Step 2: Running Nmap for Initial Scans

Once Nmap is installed, you can start with a basic scan of the target web page to discover open ports and running services. Let’s assume the target domain is example.com.

Nmap Command:

$ nmap -p 80,443 example.com

This command will scan ports 80 and 443, which are used for HTTP and HTTPS traffic.

Sample Output:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-23 12:00 UTC
Nmap scan report for example.com (93.184.216.34)
Host is up (0.040s latency).
PORT    STATE  SERVICE
80/tcp  open   http
443/tcp open   https

Nmap done: 1 IP address (1 host up) scanned in 3.21 seconds

This shows that both the HTTP and HTTPS ports are open, meaning web traffic is being served from these ports. However, this is just the first step in a web page security check.


Step 3: Using Nikto for Web Page Vulnerability Detection

After identifying open ports with Nmap, you can now proceed to use Nikto to perform a thorough scan of the web server for vulnerabilities.

Nikto Command:

$ nikto -h http://example.com

Sample Output:

Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          93.184.216.34
+ Target Hostname:    example.com
+ Target Port:        80
+ Start Time:         2024-09-23 12:15:22 (GMT)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The X-XSS-Protection header is not defined.
+ /wp-login.php: WordPress login page
+ Scan completed in 10.01 seconds.
---------------------------------------------------------------------------

Nikto detects vulnerabilities such as the lack of X-XSS-Protection headers and exposed admin pages (like /wp-login.php), which could be targets for brute-force attacks. This output shows potential security risks in the web application.


Integrating Nmap with Other Tools in Termux

To perform a more in-depth web page security check, you can integrate Nmap with other security tools in Termux:

Hydra: To perform brute-force attacks on login pages detected by Nikto.

$ hydra -l admin -P passlist.txt example.com http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:Invalid username"

Metasploit: To exploit detected vulnerabilities in outdated server software.

$ msfconsole use exploit/unix/ftp/vsftpd_234_backdoor set RHOST example.com run

Combining these tools creates a powerful workflow for identifying and addressing web security issues.


Conclusion

By following this guide, you’ve learned how to use Nmap and Nikto in Termux to perform a web page security check. These tools, along with others like Hydra and Metasploit, allow for a comprehensive security audit of your website, identifying potential vulnerabilities that need to be addressed.

Whether you are a developer or a system administrator, integrating Nmap with other security tools in Termux is an essential skill for anyone concerned with online security.

Leave a Reply

Your email address will not be published. Required fields are marked *