Nikto open source scanner

Nikto is an open source scanner written by Chris Sullo. Used with any web servers (Apache, Nginx, IHS, OHS, Litespeed, etc.). This is a perfect in-house tool for scanning web servers. if you need test Intranet applications or in-house applications, then Nikto web scanner is what you need.

Technical Characteristics:

Nikto can scan for over 6700 items enabling it to detect misconfiguration, risky files, etc. It’s notable features include;

  • Ability to save reports in HTML, XML, CSV
  • Supporting SSL
  • Scanning multiple ports on the server
  • Finding subdomain
  • Apache user enumeration
  • Checking for outdated components
  • Detecting parking sites

We will begin with the installation process and then we will show how to use the tool to perform some basic operations over example systems. Nikto can be installed on Kali Linux or other Operating Systems (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.) that support Perl.

On this particular article, I will show you how to use it on Ubuntu Linux

Note: lots of requests are made to your web server when performing scans.

Installation Process:

First of all, we have to download the file that contains Nikto we can do this by typing the following command:

wget https://github.com/sullo/nikto/archive/master.zip

Once the file is downloaded, we use the following command:

unzip master.zip

After we are completed the extraction of the files, we can locate ourselves into the Nikto folder to use the tool, we can use the following command to achieve this:

cd nikto-master/program
perl nikto.pl

Attacking Process:

There are several ways/syntax one can use when running the scan. However, this is the quickest way to do it:

nikto –h webserverurl

Be sure to change $webserverurl to your actual web server IP or FQDN. On the example

This post was written by Ruben Dario Caravajal Herrera

One thought on “Nikto open source scanner

  1. Additionally, you should include the interactive commands (while the scan is running..)
    Here’s the full list:
    • SPACE – Report current scan status
    • v – Turn verbose mode on/off
    • d – Turn debug mode on/off
    • e – Turn error reporting on/off
    • p – Turn progress reporting on/off
    • r – Turn redirect display on/off
    • c – Turn cookie display on/off
    • o – Turn OK display on/off
    • a – Turn auth display on/off
    • q – Quit
    • N – Next host
    • P – Pause

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.