top of page
Writer's pictureDiniz Martins

Nikto Web Scanner

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.


Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).


Not every check is a security problem. There are some items that are "info only" type checks that look for things that may not have a security flaw, but Pentester may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.


The goal of the project is to examine a web server to find potential problems and security vulnerabilities, including:

  • Server and software misconfigurations;

  • Default files and programs;

  • Insecure files and programs;

  • Outdated servers and programs;

  • Pointers to lead a human tester to better manual testing.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License only.


Installation:


Installing Nikto on Ubuntu system is basically straightforward as the package is already accessible on the default repositories.


First to update the system repositories we will use the following command:

sudo apt-get update && sudo apt-get upgrade

After updating your system run the following command to Install Nikto:

sudo apt-get install nikto -y

Usage:


Option help:

nikto -help

Scan domain/host:

nikto -h 10.0.0.1
nikto -h website.com

To specify an SSL website:

nikto -h website.com -ssl

Specifying Ports:

nikto -t 10.0.0.1 -p 80
nikto -t 10.0.0.1 -p 80,443
nikto -t 10.0.0.1 -p 1-100

Report via browser:

nikto -h 10.0.0.1 -o report.html -F html

Pairing scans with Metasploit:

nikto -h 10.0.0.1 -Format msf+

Scan Multiple IP Addresses From a Text File:

nikto -h domains.txt

To export a scan result, use the -o flag followed by the file name:

nikto -h scanme.nmap.org -o scan.txt
nikto -h scanme.nmap.org -o scan.csv -Format csv


Nikto can also be used on the local network to search for any embedded servers. To do that, we’ll need to know our IP address. Type the following in command terminal to see the IP address of your local machine’s use.

ifconfig

The IP address that we require is the one followed by ‘inet’, so note it down. You can work out your network range by running an ipcalc on it, which you can easily download and install with apt install ipcalc if you don’t have it installed already.


Let’s scan for services running on our local network by scanning port 80 within our range using Nmap. This will extract only the hosts that are currently up and running, as these are the ones with their port 80 open. Here, we’re exporting this data into a file we’ll name hosts.txt:

sudo nmap -p 80 192.168.0.0/24 -oG hosts.txt

To forward the list of all the current hosts extracted by Nmap to Nikto, we can use the cat to read the file we exported the info to. Here’s the code to run to do so:

cat hosts.txt |awk'/Up$/{print $2}'|cat>> targetIP.txt

Send its output over to Nikto with the following command:

nikto -h targetIP.txt

Notice how similar the results here are when compared to those we received in SSL web scanning.


Tuning:


Tuning options will control the test that Nikto will use against a target. By default, if any options are specified, only those tests will be performed. If the “x” option is used, it will reverse the logic and exclude only those tests. Use the reference number or letter to specify the type, multiple may be used:


0 – File Upload

1 – Interesting File / Seen in logs

2 – Misconfiguration / Default File

3 – Information Disclosure

4 – Injection (XSS/Script/HTML)

5 – Remote File Retrieval – Inside Web Root

6 – Denial of Service

7 – Remote File Retrieval – Server Wide

8 – Command Execution / Remote Shell

9 – SQL Injection

a – Authentication Bypass

b – Software Identification

c – Remote Source Inclusion

x – Reverse Tuning Options (i.e., include all except specified)


So, to only perform an SQL injection test against your target:

nikto -Tuning 9 -h example.com

or to run everything except DOS:

nikto -Tuning x 6 -h example.com

Saving results:

nikto -Display V -o results.html -Format htm -Tuning 9 -h example.com


29 views0 comments

Recent Posts

See All

IPSec vs. TLS

When it comes to securing data over networks, IPSec (Internet Protocol Security) and TLS (Transport Layer Security) are two of the most...

VyOS Basic Configuration

VyOS is an open-source network operating system that provides software-based network routing, firewall, and VPN services. It is designed...

Comments


bottom of page