Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/seism0saurus/nikto-inspec
This is a custom inspec inspec from Ulrich Viefhaus. This is neither an official product of inspec nor nikto. The profile test an http/https server with the open source web server scanner nikto2. Nikto checks for known insecure files on the webserver, outdated software versions and insecure configuration items. You can customoze the profile with attribute files and set hosts, ports and commandline options.
https://github.com/seism0saurus/nikto-inspec
devops inspec nikto security
Last synced: 4 days ago
JSON representation
This is a custom inspec inspec from Ulrich Viefhaus. This is neither an official product of inspec nor nikto. The profile test an http/https server with the open source web server scanner nikto2. Nikto checks for known insecure files on the webserver, outdated software versions and insecure configuration items. You can customoze the profile with attribute files and set hosts, ports and commandline options.
- Host: GitHub
- URL: https://github.com/seism0saurus/nikto-inspec
- Owner: seism0saurus
- License: apache-2.0
- Created: 2019-09-07T14:57:52.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2021-05-13T12:27:06.000Z (over 3 years ago)
- Last Synced: 2023-12-01T14:04:07.507Z (12 months ago)
- Topics: devops, inspec, nikto, security
- Language: Ruby
- Homepage:
- Size: 14.6 KB
- Stars: 1
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Nikto inspec profile
This is a custom inspec [inspec](https://www.inspec.io/) from Ulrich Viefhaus. This is neither an official product of Chef InSpec nor Nikto.
The profile test an http/https server with the open source web server scanner [nikto2](https://cirt.net/Nikto2).
Nikto checks for known insecure files on the webserver, outdated software versions and insecure configuration items.
You can customoze the profile with attribute files and set hosts, ports and commandline options.
## Preperations
### Inspec
You need access to the inspec command on your testmachine. If you don't have inspec installed, follow the instructions here: https://www.inspec.io/downloads/
### Access to the Docker Demon
You need access to the docker deamon on your testmachine. If you don't have docker installed, follow the instructions here: https://docs.docker.com/install/. Please see the Docker documentation on how to
### Download the Nikto Docker image
before you can run the nikto profile you have to build the nikto docker image. To build it run
```bash
git clone https://github.com/sullo/nikto
cd nikto
docker build -t sullo/nikto .
```
This repository is linked on the official nikto homepage. There are a lot of nikto images on the docker hub.
If you trust one of them and want to use it instead the sullo/nikto image, change it in the example[inputs.example.yml](inputs.example.yml) or create a custom attributes file.
## Running the Profile
You can define as many hosts and urls as you want. As a best practice, copy and rename the `inputs.example.yml` to `your-updated-inputs.yml` for your environment, organization or system.
After you have configured your services go into the folder you have downloaded nikto-spec and run
```bash
inspec exec . --input-file
```
### Passing Options to Nikto
Options you can pass to nikto can be found under https://cirt.net/nikto2-docs/options.html