Nikto is an open source scanner written by Chris Sullo. Used with any web servers (Apache, Nginx, IHS, OHS, Litespeed, etc.). This is a perfect in-house tool for scanning web servers. if you need test Intranet applications or in-house applications, then Nikto web scanner is what you need.
Nikto can scan for over 6700 items enabling it to detect misconfiguration, risky files, etc. It’s notable features include;
- Ability to save reports in HTML, XML, CSV
- Supporting SSL
- Scanning multiple ports on the server
- Finding subdomain
- Apache user enumeration
- Checking for outdated components
- Detecting parking sites
We will begin with the installation process and then we will show how to use the tool to perform some basic operations over example systems. Nikto can be installed on Kali Linux or other Operating Systems (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.) that support Perl.
On this particular article, I will show you how to use it on Ubuntu Linux
Note: lots of requests are made to your web server when performing scans.
First of all, we have to download the file that contains Nikto we can do this by typing the following command:
Once the file is downloaded, we use the following command:
After we are completed the extraction of the files, we can locate ourselves into the Nikto folder to use the tool, we can use the following command to achieve this:
cd nikto-master/programperl nikto.pl
There are several ways/syntax one can use when running the scan. However, this is the quickest way to do it:
nikto –h webserverurl
Be sure to change $webserverurl to your actual web server IP or FQDN. On the example