Skip to main content

Run attack scripts

To see how Contrast captures attack data, you can run an attack script using Nikto, an open-source web server scanner.

Note

To run an attack script you must have a Contrast agent installed and an application with Contrast Protect enabled.

To run an attack script:

  1. Run ./nikto.pl in your terminal to make sure Nikto is configured correctly. If it is, you'll see a default help message return.

  2. In Contrast, ensure that the IP address of the machine running Nikto isn’t denylisted.

  3. In the terminal, go to the program directory.

  4. Initiate a scan by running

    ./nikto.pl -useragent “MyAgent (Demo/1.0)” -h http://www.your-site.com

    Note

    If your web application has its files under a certain directory, use the -r option to prepend a directory.

  5. Once the script has finished running, Contrast will alert you about a new attack with an in-app notification and email.

  6. To see a summary of the attack, select the alert, go to Attack events (hosted customers), or go to Attacks (on-premises customers).

In this section: