SlackwareInstallSLLNikto

Make nikto work with SSL under Slackware

Nikto is a powerful and simple web scanner, that provides a measure of security by discovering automatically the worst security breaches in a web server.

While not perfect, nikto can be used to provide a security baseline, in order to isolate rapidly the hosts most at risk on your internet-facing LAN.

By the way, the information here is not limited to Slackware: it should work pretty much the same with all versions of Linux.

To install nikto, simply download the archive and unpack with:

$ tar xvjf ./nikto-2.1.4.tar.bz2

In the example above, the version used is 2.1.4, which is the latest as I write this, your version number may vary, of course.

Now, to make nikto work with SSL, all that is needed is to install the corresponding Perl package (named: Net::SSLeay)from the CPAN. To do this, as root, enter the following:

# perl -MCPAN -eshell                                
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install Net::SSLeay
CPAN: Storable loaded ok (v2.20)
.
.
.
.
[... etc ...]
.
.
.
Installing /usr/share/man/man3/Net::SSLeay::Handle.3
Appending installation info to /usr/lib/perl5/5.10.1/i486-linux-thread-multi/perllocal.pod
  MIKEM/Net-SSLeay-1.48.tar.gz
  /usr/bin/make install  -- OK

cpan[2]> quit
Terminal does not support GetHistory.
Lockfile removed.
#

(In the example above, I have - of course - removed all the information displayed by CPAN, except for the very first and the very last lines of the output)

That's all there is to it: nikto will now work with SSL added! Simple, no? You can test this with the following:

$ ./nikto.pl -ssl -host <your URL here>

Some distribution of Linux may require OpenSSL to be installed, but Slackware incorporates pretty much everything and that saves you a lot of work.

See Also: