[Nikto-discuss] Nikto Not Finding Webserver

maddaemon at gmail.com maddaemon at gmail.com
Tue Jan 13 21:34:37 UTC 2009 

All,

I just reinstalled nikto from ports (FreeBSD 7.0-RELEASE) and
attempted to scan a host and got the following:

MadDaemon at darkhorse [~]$ sudo nikto -host tracker.mydomain.tld -ssl -port 443
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ No web server found on 10.0.10.25:443
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -host tracker.mydomain.tld -ssl -port 443
---------------------------------------------------------------------------

Knowing there *IS* a webserver running on that box, I verified the
ports were indeed open and listening:

MadDaemon at darkhorse [~]$ sudo nmap -v -P0 -PN -R -p80,443 tracker

Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-13 16:20 EST
Initiating ARP Ping Scan at 16:20
Scanning 10.0.10.25 [1 port]
Completed ARP Ping Scan at 16:20, 0.21s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 16:20
Scanning tracker.mydomain.tld (10.0.10.25) [2 ports]
Discovered open port 80/tcp on 10.0.10.25
Discovered open port 443/tcp on 10.0.10.25
Completed SYN Stealth Scan at 16:20, 1.14s elapsed (2 total ports)
Host tracker.mydomain.tld (10.0.10.25) appears to be up ... good.
Interesting ports on tracker.mydomain.tld (10.0.10.25):
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

So, I tried it again without using the SSL option and got the same exact thing:

root at darkhorse [~]# nikto -host tracker.mydomain.tld
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ No web server found on 10.0.10.25:80
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -host tracker.mydomain.tld
---------------------------------------------------------------------------

Feeling frustrated, I then verified that Apache was actually running
on that box:

MadDaemon at darkhorse [~]$ ssh tracker
[Tracker]

                          *** NOTICE ***

THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY!

UNAUTHORIZED ACCESS IS PROHIBITED.

THIS SYSTEM AND EQUIPMENT ARE SUBJECT TO MONITORING TO ENSURE PROPER
FUNCTIONING, TO PROTECT AGAINST IMPROPER OR UNAUTHORIZED USE OR ACCESS,
AND TO VERIFY THE PRESENCE OR PERFORMANCE OF APPLICABLE SECURITY
FEATURES OR PROCEDURES, AND FOR OTHER LIKE PURPOSES.  SUCH MONITORING
MAY RESULT IN THE ACQUISITION, RECORDING, AND ANALYSIS OF ALL DATA
BEING COMMUNICATED, TRANSMITTED, PROCESSED OR STORED IN THIS SYSTEM BY
A USER.  IF MONITORING REVEALS EVIDENCE OF POSSIBLE CRIMINAL ACTIVITY,
SUCH EVIDENCE MAY BE PROVIDED TO LAW ENFORCEMENT PERSONNEL.

     USE OF THIS SYSTEM CONSTITUTES CONSENT TO SUCH MONITORING.


Last login: Fri Jan  9 16:55:22 2009 from artemis

MadDaemon at tracker [~]$ sudo ps wax | grep http
20220  ??  Ss     0:07.43 /usr/local/sbin/httpd -DSSL
20279  ??  I      0:00.09 /usr/local/sbin/httpd -DSSL
20311  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
20518  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
20606  ??  I      0:00.01 /usr/local/sbin/httpd -DSSL
20742  ??  I      0:00.12 /usr/local/sbin/httpd -DSSL
20832  ??  I      0:00.00 /usr/local/sbin/httpd -DSSL
99321  p0  S+     0:00.00 grep http
MadDaemon at tracker [~]$

Any idea why Nikto isn't finding the webserver ports being open?  This
is driving me up a wall...

Thanks,
~MD

More information about the Nikto-discuss mailing list