Run attack scripts

Run an attack script to see how Contrast captures attack data while protecting your applications.

How it works

The following guide is written for customers using Nikto Web Scanner, an open-source web server scanner. While the Nikto scan is running, your Contrast agent will identify the attack and alert you in the UI.

Note

The attack script will also work on an out-of-the-box application, such as WebGoat, which allows you to observe how Contrast works in your environment.

Before you start

Complete the following steps to prepare to run the attack script.

  1. Onboard an application.

  2. Download and set up a Contrast agent.

  3. Make sure that Contrast Protect is enabled.

  4. Download the latest version of Nikto.

  5. Verify that Nikto is working correctly by running ./nikto.pl. You should see the default help message as a result.

  6. Download and install Perl, which is required by Nikto. If you think that you already have Perl installed, run perl -v to verify.

Run the script

With an application setup with Contrast Protect, and Nikto downloaded and verified, complete the following steps to run the attack script and observe the results.

  1. Log in to your account in Contrast.

  2. Verify that the IP address of the machine that’s running Nikto isn’t blacklisted.

  3. In a terminal window, navigate to the program directory under the Nikto folder, and run the following command to initiate the scan.

    ./nikto.pl -useragent “MyAgent (Demo/1.0)” -h http://www.your-site.com

    Note

    If your web application has its files under a certain directory, use the -r option to prepend a directory.

  4. Once the script runs, Contrast will alert you of the new attack in the UI and by email.

  5. Click on the alert or navigate to the Attacks tab in the Attacks page.

  6. Details of the incident will show up in the Attacks grid. Click on the Source IP link in the grid row to go to the attack’s details page, which displays more specific information on each attack event.