Nikto: Web Security Testing Tool Guide English

🛡️ Nikto: Web Security Testing Tool

Nikto Web Security Tool

Nikto is an open-source web server security scanner that performs comprehensive tests against web servers for multiple vulnerabilities.

🔧 Key Features of Nikto:

  • Written in Perl - Cross-platform compatibility
  • Web server scanning - Detects dangerous files/CGIs
  • Vulnerability identification - Finds security weaknesses
  • Misconfiguration detection - Identifies server issues
  • Software version checking - Checks outdated software
  • Plugins support - Extensible with additional checks

💻 Basic Nikto Commands:

Basic Scan:

nikto -h https://example.com

Scan with Specific Port:

nikto -h example.com -p 443

Save Output to File:

nikto -h example.com -o results.txt

🎯 Common Use Cases:

Scenario Command Purpose
Basic vulnerability scan nikto -h target.com General security check
SSL/TLS scan nikto -h target.com -ssl Check SSL configuration
Specific port scan nikto -h target.com -p 8080 Scan non-standard ports
Aggressive scan nikto -h target.com -Tuning 5 More thorough testing

⚠️ Important Notes:

Legal and Ethical Use:

  • Only scan servers you own or have permission to test
  • Unauthorized scanning is illegal in many countries
  • Always get written permission before testing
  • Use in controlled environments (labs, authorized pentests)

📊 Sample Output Interpretation:

Understanding Nikto Results:

+ Server: Apache/2.4.29 (Ubuntu)
+ Retrieved x-powered-by header: PHP/7.2.24
+ Root page / redirects to: http://example.com/login.php
+ OSVDB-3092: /phpmyadmin/: phpMyAdmin directory found

What to look for:

  • ❌ Red flags: Default files, outdated software
  • ⚠️ Warnings: Directory listings, information disclosure
  • ✅ Good signs: Security headers, updated software

🔧 Installation Guide:

🐧 Linux (Kali/Ubuntu)

sudo apt update
sudo apt install nikto

🍎 macOS

brew update
brew install nikto

🪟 Windows (via WSL)

wsl --install
sudo apt install nikto

📚 Learning Resources:

💡 Pro Tip:

Nikto is best used as part of a comprehensive security assessment. Combine it with other tools like:

  • Nmap - Network scanning
  • OWASP ZAP - Application security testing
  • Burp Suite - Web vulnerability scanning
  • Metasploit - Exploitation framework

🛡️ Nikto: Ferramenta Teste Seguransa Web

Ferramenta Seguransa Web Nikto

Nikto mak sai ferramenta ida ba teste seguransa web ne'ebé uza hodi hasai informasaun kona-ba server web no pájina web sira.

🔧 Funsaun Nikto nian:

  • Hakerek ho lian Perl - Kompatibilidade multiplataforma
  • Eskaneamentu server web - Deteta arquivu/CGI perigozu
  • Identifika vulnerabilidade - Hetan frakeza seguransa
  • Deteta konfigurasaun la loos - Identifika problema server
  • Verifika versão software - Hetke software tuan
  • Suporta plugins - Bele estende ho verifikasaun adicional

💻 Komandu Báziku Nikto:

Eskaneamentu Báziku:

nikto -h https://ezemplu.com

Eskaneamentu ho Portu Espesífiku:

nikto -h ezemplu.com -p 443

Rai Rezultadu ba Ficheiru:

nikto -h ezemplu.com -o rezultadu.txt

🎯 Kazu Uza Komún:

Szenáriu Komandu Objetivu
Eskaneamentu vulnerabilidade báziku nikto -h alvu.com Verifikasaun seguransa jeral
Eskaneamentu SSL/TLS nikto -h alvu.com -ssl Hetke konfigurasaun SSL
Eskaneamentu portu espesífiku nikto -h alvu.com -p 8080 Eskaneamentu portu la padrón
Eskaneamentu agresivu nikto -h alvu.com -Tuning 5 Teste kompletu liu

⚠️ Nota Importante:

Uzu Légal no Étiku:

  • De'it eskaneia server ne'ebé ita boot sai donu ka iha permissaun atu testa
  • Eskaneamentu la autorizadu ilegal iha nasaun barak
  • Sempre hetan permissaun hakerek molok testa
  • Uza iha ambiente kontroladu (laboratóriu, pentest autorizadu)

📊 Interpretasaun Rezultadu Amostra:

Komprende Rezultadu Nikto:

+ Server: Apache/2.4.29 (Ubuntu)
+ Retrieved x-powered-by header: PHP/7.2.24
+ Root page / redirects to: http://ezemplu.com/login.php
+ OSVDB-3092: /phpmyadmin/: phpMyAdmin directory found

Buat ne'ebé tenke hare:

  • ❌ Bandeira mean: Ficheiru padrón, software tuan
  • ⚠️ Avisu: Listajen diretóriu, diskolse informasaun
  • ✅ Sinál di'ak: Header seguransa, software atualizadu

🔧 Guida Instalasaun:

🐧 Linux (Kali/Ubuntu)

sudo apt update
sudo apt install nikto

🍎 macOS

brew update
brew install nikto

🪟 Windows (via WSL)

wsl --install
sudo apt install nikto

📚 Rekursu Aprendizajen:

🇹🇱 Nikto iha Timór-Leste:

Ema uza Nikto iha Timór hodi:

  • Teste seguransa website governu nian - Garante website governu seguru
  • Proteje server hosi atake hacker - Identifika frakeza molok hacker hetan
  • Haree frakeza iha sistema komputadór nian - Imajina se mak baze iha Timór
  • Edukasaun seguransa sibér - Uza ba fins edukasaun iha universidade

Nikto hanesan "tester" ida ne'ebé ajuda hetan problema molok hacker sira utiliza.

💡 Dika Profisionál:

Nikto di'ak liu uza hanesan parte ida husi avaliasaun seguransa kompletu. Kombina ho ferramenta seluk hanesan:

  • Nmap - Eskaneamentu rede
  • OWASP ZAP - Teste seguransa aplikasaun
  • Burp Suite - Eskaneamentu vulnerabilidade web
  • Metasploit - Framework eksploitasaun

Password Security Guide: Protect Your Digital Data English

🔐 Password Security Guide: Protect Your Digital Data

Topic: Digital Security | Level: All Levels | Time: 8 minutes

Cyber Security

🎯 Why Are Passwords Important?

Passwords are your digital keys. 81% of data breaches occur due to weak passwords!

⚠️ SHOCKING STATISTICS:

  • 123456 is the most popular password (23 million accounts!)
  • The average person has 100+ online accounts
  • 53% of people use the same password for multiple accounts
  • Only 35% of people use 2FA (Two-Factor Authentication)

❌ WORST Passwords (Don't Use These!)

TOP 10 Weakest Passwords:

1. 123456
HACKED in 0 seconds
2. password
HACKED in 0 seconds
3. 12345678
HACKED in 0 seconds
4. qwerty
HACKED in 0 seconds
5. 123456789
HACKED in 0 seconds

Other dangerous ones: "admin", "iloveyou", "welcome", "monkey", "abc123", "letmein"

✅ How to Create STRONG Passwords

📏 Strong Password Rules:

MINIMUM:
  • ✅ 12+ characters
  • ✅ Uppercase & lowercase letters
  • ✅ Numbers (0-9)
  • ✅ Symbols (!@#$%)
  • ✅ No dictionary words
  • ✅ No personal information
IDEAL:
  • 🎯 16+ characters
  • 🎯 Passphrase (sentence)
  • 🎯 Unique per account
  • 🎯 Change every 3-6 months
  • 🎯 Store in password manager

💡 Techniques for Creating Strong Passwords:

  1. Passphrase Method: Take a favorite sentence, take the first letter of each word, add numbers/symbols
    "I love to eat fried rice every day!"Iltefre!2024
  2. Acronym Method: Create acronyms from something memorable
    "My first child was born on January 15, 2020 in Jakarta"Mfcwbo15J@n2020iJkt
  3. Pattern Method: Use complex keyboard patterns
    1qazXSW@3edcVFR$ (look at the keyboard pattern)

🔄 Password vs Passphrase

Type Example Time to Crack Advantages
Weak Password andy123 < 1 second Easy to remember
Strong Password A@nd1!2024# 3 years Hard to guess
Passphrase MyCatEats3Times@Day! 1 million years Easy to remember & very strong

💡 Conclusion: Use passphrases for strength and ease of remembering!

📱 Password Managers: The Best Solution

🤖 Why Do You Need a Password Manager?

Password managers are like digital vaults for all your passwords:

🔐 LastPass
✅ Free version available
✅ Cross-platform
✅ Password generator
lastpass.com
🛡️ Bitwarden
✅ Open source
✅ Self-host option
✅ Very secure
bitwarden.com
🔑 1Password
✅ Family plans
✅ Travel mode
✅ Great UX
1password.com

How Password Managers Work:

  1. Create a SUPER STRONG MASTER PASSWORD (remember this one only!)
  2. Install browser extension
  3. The password manager will:
    • ✅ Automatically save new passwords
    • ✅ Generate strong passwords
    • ✅ Auto-fill login forms
    • ✅ Sync across devices
    • ✅ Alert about data breaches

🔒 Two-Factor Authentication (2FA)

⚡ 2FA: Extra Security Layer

2FA = Password + Something you have/are

🎯 Types of 2FA:
  1. SMS Code (most common)
  2. Authenticator App (more secure)
  3. Biometric (fingerprint, face ID)
  4. Security Key (YubiKey)
  5. Backup Codes (if others fail)
📱 Best Authenticator Apps:
  • ✅ Google Authenticator
  • ✅ Microsoft Authenticator
  • ✅ Authy (cloud backup)
  • ✅ LastPass Authenticator
How to Setup 2FA on Gmail:
  1. Login to Google Account
  2. Security → 2-Step Verification
  3. Select "Authenticator app"
  4. Scan QR code with the app
  5. Save backup codes
  6. Done! Now login requires password + 6-digit code

⚠️ Common Password Mistakes

❌ Mistake ✅ Solution 💀 Risk
Same password for all accounts Password manager + unique passwords One breach = All breached
Never change passwords Reminder every 3-6 months Long exposure
Share password via email/chat Password manager sharing feature Interception
Write on sticky note Password manager Physical theft

🔍 Check Your Password Strength

📊 Password Strength Meter:

VERY WEAK
< 8 characters
Only letters/numbers
WEAK
8-11 characters
Basic combination
GOOD
12-15 characters
Letters, numbers, symbols
STRONG
16+ characters
Complex passphrase

Tools to Check Passwords:

  • Have I Been Pwned (haveibeenpwned.com) - Check if your password has been leaked
  • Password Strength Testers (online tools) - Test password strength
  • Google Password Checkup - Built into Chrome

⚠️ WARNING: Don't test real passwords on untrusted websites!

🚀 Action Plan: Secure Your Accounts NOW!

📋 Password Security Checklist:

Priority 1: Critical Accounts Email, Banking, Social Media
1. Install password manager LastPass/Bitwarden/1Password
2. Enable 2FA Google/Microsoft Authenticator
3. Change to strong passphrase Minimum 16 characters
4. Check for breaches haveibeenpwned.com
Priority 2: Important Accounts Shopping, Cloud Storage, Work
5. Update all passwords Unique per account
6. Enable 2FA if available
Priority 3: Maintenance Routine & Education
7. Setup password change reminder Every 3-6 months
8. Educate family/friends Share knowledge
9. Backup recovery methods Store in safe place

👨‍👩‍👧‍👦 Passwords for Families

💝 Family Password Management:

  1. Family Password Manager (LastPass Families, 1Password Families)
  2. Shared Folder for common passwords (WiFi, streaming, etc)
  3. Emergency Access setup for emergencies
  4. Digital Legacy planning - who can access if something happens
  5. Education for children about online safety

Family Password Example: OurFamily@2024#Jakarta!

📱 Passwords on Smartphones

📱 Android
  • Google Smart Lock
  • Biometric authentication
  • Password manager apps
  • Encrypted backup
🍎 iOS
  • iCloud Keychain
  • Face ID / Touch ID
  • Auto-fill passwords
  • Security recommendations

🛡️ Password Security Challenge: 7 Days

Day 1: Install PM
Day 2: Update Email
Day 3: Setup 2FA
Day 4: Banking
Day 5: Social Media
Day 6: Backup
Day 7: Family

Goal: All main accounts protected with strong passwords + 2FA!

🔐 More Security Materials 🔑 Password Tips

📞 Emergency: If Password is Stolen

  1. IMMEDIATELY change the stolen password
  2. Check for suspicious activity in the account
  3. Enable 2FA if not already
  4. Report to service provider
  5. Monitor financial accounts
  6. Consider identity theft protection

🔐 Guida Seguransa Password: Proteje Ita Boot Nia Dadus Digitál

Tópiku: Seguransa Digitál | Nível: Hotu-hotu | Tempu: Minutu 8

Seguransa Sibér

🎯 Tansa Password Importante?

Password maka ita boot nia kiís digitál. 81% violasaun dadus akontese tanba password fraku!

⚠️ ESTATÍSTIKA ASSUSTADÓRU:

  • 123456 maka password popular liu (kontu 23 millaun!)
  • Pessoa médiu iha kontu online 100+
  • 53% ema uza password hanesan ba kontu barak
  • De'it 35% ema uza 2FA (Two-Factor Authentication)

❌ Password AAT LIU (La'os Uza sira ne'e!)

TOP 10 Password Fraku Liu:

1. 123456
HACKED iha segundu 0
2. password
HACKED iha segundu 0
3. 12345678
HACKED iha segundu 0
4. qwerty
HACKED iha segundu 0
5. 123456789
HACKED iha segundu 0

Seluk ne'ebé perigozu: "admin", "iloveyou", "welcome", "monkey", "abc123", "letmein"

✅ Oinsá atu Kria Password FORTE

📏 Regra Password Forte:

MÍNIMU:
  • ✅ Karakter 12+
  • ✅ Letra boot & ki'ik
  • ✅ Númeru (0-9)
  • ✅ Símbulu (!@#$%)
  • ✅ La iha liafuan disionáriu
  • ✅ La iha informasaun pessuál
IDEÁL:
  • 🎯 Karakter 16+
  • 🎯 Passphrase (sentensa)
  • 🎯 Úniku ba kada kontu
  • 🎯 Troka kada fulan 3-6
  • 🎯 Rai iha password manager

💡 Tékníka atu Kria Password Forte:

  1. Metódu Passphrase: Fotí sentensa favoritu, fotí letra primeiru husi kada liafuan, tau númeru/símbulu
    "Hau gosta han nasi goreng loron-loron!"Hghngll!2024
  2. Metódu Akrónimu: Kria akrónimu husi buat ne'ebé fasil atu recorda
    "Oan primeiru hau nian moris iha Janeiru 15, 2020 iha Jakarta"Ophnmih15J@n2020iJkt
  3. Metódu Padraun: Uza padraun tekladu kompleksu
    1qazXSW@3edcVFR$ (haree padraun iha tekladu)

🔄 Password vs Passphrase

Tipu Ezemplu Tempu atu Konsege Vantajen
Password Fraku andi123 < 1 segundu Fasil atu recorda
Password Forte A@nd1!2024# Tinan 3 Susar atu advinha
Passphrase BisuHau3xHan@Loron! Tinan 1 millaun Fasil atu recorda & forte tebes

💡 Konkluzaun: Uza passphrase ba forteza no fasilidade atu recorda!

📱 Password Manager: Solusaun Di'ak Liu

🤖 Tansa Presiza Password Manager?

Password manager hanesan kofre digitál ba ita boot nia password hotu:

🔐 LastPass
✅ Versaun grátis disponível
✅ Multiplataforma
✅ Jeradór password
lastpass.com
🛡️ Bitwarden
✅ Open source
✅ Opsaun self-host
✅ Seguru tebes
bitwarden.com
🔑 1Password
✅ Planu família
✅ Modu viajen
✅ UX di'ak
1password.com

Oinsá Password Manager Servisu:

  1. Kria MASTER PASSWORD SUPER FORTE (recorda ida ne'e de'it!)
  2. Instala ekstensaun browser
  3. Password manager sei:
    • ✅ Automátikamente rai password foun
    • ✅ Jeradór password forte
    • ✅ Automátikamente prenxe formuláriu login
    • ✅ Sinkroniza entre dispositivu
    • ✅ Alerta kona-ba violasaun dadus

🔒 Two-Factor Authentication (2FA)

⚡ 2FA: Kada Seguransa Extra

2FA = Password + Buat ne'ebé ita boot iha/sai

🎯 Tipu 2FA:
  1. SMS Code (komum liu)
  2. Authenticator App (seguru liu)
  3. Biométriku (fingerprint, face ID)
  4. Security Key (YubiKey)
  5. Backup Codes (se seluk falla)
📱 Authenticator App Di'ak Liu:
  • ✅ Google Authenticator
  • ✅ Microsoft Authenticator
  • ✅ Authy (cloud backup)
  • ✅ LastPass Authenticator
Oinsá atu Setup 2FA iha Gmail:
  1. Login ba Konta Google
  2. Seguransa → Verifikasaun 2-Step
  3. Hili "Authenticator app"
  4. Scan kódigu QR ho app
  5. Rai backup codes
  6. Done! Agora login presiza password + kódigu 6-digit

⚠️ Sala Password Komún

❌ Sala ✅ Solusaun 💀 Risku
Password hanesan ba kontu hotu Password manager + password úniku Violasaun ida = Hotu violadu
Nunka troka password Lembrante kada fulan 3-6 Espozisaun naruk
Fahe password via email/chat Funsaun fahe password manager Interkepsaun
Hakerek iha sticky note Password manager Roubu fíziku

🔍 Hetke Forteza Ita Boot Nia Password

📊 Medidór Forteza Password:

FRAKU TE-BES
< karákter 8
De'it letra/númeru
FRAKU
Karákter 8-11
Kombinasaun báziku
DI'AK
Karákter 12-15
Letra, númeru, símbulu
FORTE
Karákter 16+
Passphrase kompleksu

Ferramenta atu Hetke Password:

  • Have I Been Pwned (haveibeenpwned.com) - Hetke se ita boot nia password tiha ona leek
  • Testadór Forteza Password (ferramenta online) - Teste forteza password
  • Google Password Checkup - Inklui iha Chrome

⚠️ ATENSAUN: La'os teste password reál iha website la konfia!

🚀 Planu Asaun: Seguru Ita Boot Nia Konta AGORA!

📋 Checklist Seguransa Password:

Prioridade 1: Konta Krítiku Email, Banku, Média Sosiál
1. Instala password manager LastPass/Bitwarden/1Password
2. Ativa 2FA Google/Microsoft Authenticator
3. Troka ba passphrase forte Mínimu karákter 16
4. Hetke violasaun haveibeenpwned.com
Prioridade 2: Konta Importante Sosa, Armajen Cloud, Servisu
5. Atualiza password hotu Úniku ba kada kontu
6. Ativa 2FA se disponível
Prioridade 3: Manutensaun Rutina & Edukasaun
7. Setup lembrante troka password Kada fulan 3-6
8. Eduka família/ maluk Fahe koñesimentu
9. Backup metódu rekuperasaun Rai iha fatin seguru

👨‍👩‍👧‍👦 Password ba Família

💝 Jestu Password Família:

  1. Password Manager Família (LastPass Families, 1Password Families)
  2. Pasta Fahe ba password komún (WiFi, streaming, etc)
  3. Aksesu Emerjénsia setup ba situasaun emerjénsia
  4. Planu Legadu Digitál - sé mak bele asesu se akontese buat ruma
  5. Edukasaun ba oan kona-ba seguransa online

Ezemplu Password Família: FamíliaIta@2024#Jakarta!

📱 Password iha Smartphone

📱 Android
  • Google Smart Lock
  • Autentikasaun biométriku
  • Password manager apps
  • Backup enkriptadu
🍎 iOS
  • iCloud Keychain
  • Face ID / Touch ID
  • Auto-fill passwords
  • Rekomendasaun seguransa

🛡️ Desafiu Seguransa Password: Loron 7

Loron 1: Instala PM
Loron 2: Atualiza Email
Loron 3: Setup 2FA
Loron 4: Banku
Loron 5: Média Sosiál
Loron 6: Backup
Loron 7: Família

Objetivu: Konta prinsipál hotu protejidu ho password forte + 2FA!

🔐 Materiál Seguransa Seluk 🔑 Dika Password

📞 Emerjénsia: Se Password Hetan Rouba

  1. IMEDIATAMENTE troka password ne'ebé rouba tiha
  2. Hetke atividade suspeitu iha konta
  3. Ativa 2FA se seidauk
  4. Rapórtu ba provider servisu
  5. Monitoriza konta finansiál
  6. Konsidera protesaun identidade roubu
Next →