Nikto Web Scanner: Unveiling Vulnerabilities and Strengthening Web Security

Website information Gathering through Nikto tool

What is nikto web Scanner?

Nikto is one of the most popular web server scanners designed to fingerprint and test web servers for a variety of possible weaknesses including potentially dangerous files and out-of-date versions of applications and libraries. It is written in the Perl language.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Features of Nikto Web Scanner

  • • SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
    • Full HTTP proxy support
    • Checks for outdated server components
    • Save reports in plain text, XML, HTML, NBE or CSV
    • Template engine to easily customize reports
    Scan multiple ports on a server, or multiple servers via input file (including nmap output)
    • LibWhisker’s IDS encoding techniques
    • Easily updated via command line
    • Identifies installed software via headers, favicons and files
    • Host authentication with Basic and NTLM
    • Subdomain guessing
    • Apache and cgiwrap username enumeration
    • Mutation techniques to “fish” for content on web servers
    • Scan tuning to include or exclude entire classes of vulnerability
    • Guess credentials for authorization realms (including many default id/pw combos)
    • Authorization guessing handles any directory, not just the root
    • Enhanced false positive reduction via multiple methods: headers,
    page content, and content hashing
    • Reports “unusual” headers seen
    • Interactive status, pause and changes to verbosity settings
    • Save full request/response for positive tests
    • Replay saved positive requests
    • Maximum execution time per target
    • Auto-pause at a specified time
    • Checks for common “parking” sites
    More detail go for original documentation page

How do I use a Nikto web Scanner to scan the Website?

Run Nikto

run nikto

The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP on TCP port 80:
#nikto -h

available options in Nikto

#nikto -h

nikto cyberpedia

To check on a different port, specify the port number with the -p (-port) option. This will scan the IP on TCP port 443:
#nikto -h -p 443
Hosts, ports and protocols may also be specified by using a full URL syntax, and it will be scanned:
#nikto -h

nikto 4 scan website port

There is no need to specify that port 443 may be SSL, as Nikto will first test regular HTTP and if that fails, HTTPS. If you are sure it is an SSL server, specifying -s (-ssl) will speed up the test.
#nikto -h -p 443 -ssl
There is one option to save scan report into the file with the difference-2 format, for example, xml txt CSV, etc
#nikto -h –output /root/Destop/nikto.txt

nikto 4 scan website saveoutput

Nikto can scan multiple ports in the same scanning session. To test more than one port on the same host, specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). This will scan the host on ports 80, 88 and 443.
#nikto -h -p 80,88,443
Nikto support scanning multiple hosts in the same session via a text file of hostnames or IPs. Instead of giving a hostname or IP for the -h (-host) option, a file name can be given. A file of hosts must be formatted as one host per line, with the port number(s) at the end of each line. Ports can be separated from the host and other ports via a colon or a comma. If no port is specified, port 80 is assumed.


MODULE 4:- Information Gathering

  1. How to use dnsenum for dns enumeration – Kali
  2. How to use dig command in Kali Linux
  3. whois Kali Linux commands with example
  4. Enumerating DNS Records through dnsenum tool in Kali Linux
  5. Email Harvesting by theharvester tool in Kali Linux
  6. Google Hacking | Open Web Information Gathering
  7. dnsmap | DNS Domain name system brute force attacks
  8. Zone Transfer using dnswalk tool
  9. Website information Gathering through Nikto tool
  10. Search Senstive Data through Metagoofil Kali Linux 2.0
  11. 8 Steps to run Maltego Kali Linux – beginner guide

If you like our content, please consider buying us a coffee.
Thank you for your support!

Leave a Reply

Your email address will not be published. Required fields are marked *