Tag Archives: testing

nikto: Web server testing in brief

I have almost zero experience with web servers, and it follows that my experience testing them is likewise almost nil.

So I don’t know if nikto is a good way or a bad way to test yours.

2014-02-08-lv-r1fz6-nikto

It is kind of fun to watch it run though. Some of what it describes is familiar to me, but a large part of it is unknown.

If you have more experience with web servers and know enough to test them as well, I see that nikto has quite a few options in its arsenal.

And judging by the description on the home page, it likewise seems to have a healthy grasp of what it’s testing for.

But again, most of this is way over my head. I doubt I’ll get the chance to use it again, and if I don’t stop harassing Google’s home page with it, I might not get to use that again either. 😕

hping: More network novelty

Once again I clamber into vague territory with hping, a tool whose web page describes it as a packet assembler and analyzer, with the ability to send files, traceroute and handle a lot of different protocols.

2013-11-24-lv-r1fz6-hping

Most of which is Greek to me. I got a little traction with the help of a few obscure howto pages tacked up to the Internet, but network security is not my strong point.

I can see what hping is doing and I understand that in some cases, no response means the target is there and listening, but I’m not an expert by any stretch.

There are three versions of hping, as I understand it: the original, a rewrite and a third that offers some scripting support.

Which one you use will depend on your distro and your level of expertise, I imagine. This is quite a bit more complex than just the old fashioned ping tool. Be prepared.

And that’s all I’ll say for now. A person’s got to know their limitations. 😐