I say hello to you, as a website adminitrator , i have learned from web to
have the habit to use webscanners on our own web.Thus i hav used nikto
to do thid. But i have been surprised that it found a lot of bugs on my website:
+ 20perl - Shell/interpreter found (GET)
+ 20perlshop.cgi (GET)
+ 20ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd (GET)...and so many on...
On trying to access these files in the browser by pasting them i get error message: not found on server... and other
would NIKTO be reporting false bugs or i am he who doesn't make the good job.If so what should i do to check up my system efficiently with nikto ?

This is simply due to nikto is not able to know wether some 404 messages really are
404's or if the site responds with that the file exists. On sites only saying "file not found"
and nothing more on a white page, nikto might confuse itself and think the desired file
was actually found.

To make sure you don't get such problems, you should update the plugins in nikto.
That might help you, if not you should try make your own 404 update to nikto ;)

This is the file i would update and re-run nikto :P
/pentest/scanners/nikto/plugins/db_404_strings

Also some sites that has like a page before you can enter the actual site will also
confuse nikto, subdomains can also confuse scanners and so on.. There's a lot of
possibilities to make sure you can be safe from skiddies :D

This is why IT people who know nothing about security should hire contractors or take some courses.

This is why IT people who know nothing about security should hire contractors or take some courses.

IT people who don't know about security should school themselves on the aspects of it so that when they do need to hire a contractor, they don't get ripped off, and they understand what the contractor is talking about.

Everything true of what streaker69 said.
I am not educated into computers but i have allways used them and they are
a very big part of every day seeing as it's the future.

Hello, MaXe Legend

thanks for having responded. But i'd like to know how to use the GET, POST ... methods..just in case i would try to check up again after update

Sorry to say, but your best friend will be google to read stuff up.

it is google which made me know that i have got to paste the results in the url...
maybe i am wrong ... i need some help coz before coming here i already used google....thanx

Well then please explain what you mean by the GET/POST exactly as I misunderstood you then, sorry.

in mu mind if you see this wit nikto :
+ 20ksh - Shell found in CGI dir! (GET)

...then it would mean to paste this in url like this:
wwwmyurlcom/ 20ksh owing to GET in the message...
that is what i did and i saw "not found"...
what is it really ?...thanx!!!

Hello, MaXe Legend

thanks for having responded. But i'd like to know how to use the GET, POST ... methods..just in case i would try to check up again after update

Read these:
http://www.w3.org/Protocols/
http://www.w3.org/Protocols/rfc2616/rfc2616.html

BTW, the rocket science answer is:
1) Have Nikto write the output as HTML so you can just click the links.
2) Read what others have said about error pages. Based on what you've described your server for one reason or another is not correctly generating HTTP 404 errors for content which doesn't exist.
3) Edit the nikto error page database (also as suggested).
4) Since you can't understand Nikto's output or how to use the tool:
a) hire someone who can
b) take some classes, because these are basic details which are flying WAY over your head.

you right saying that i've got some basics flying away from my head ,
by the way , i'd like to ask a question...is it possible to make my installation to be assisted by a remote user, i know i 've got to open my ssh port for this and do an ip forwarding but here i m using a dial up modem and when i paste my modem ip in the url i am nothing but connected to mu isp which need a user and pass to connect...
i don't have that pass cause for connecting i just need to strike a card number in the phone provided by my isp...
what to do?

Yet another question which brings us back to networking 101. Good luck with your courses and reading.