Nikto Vulnerability Scanner

Nikto Vulnerability Scanner 

Nikto is a web server vulnerability assessment tool. Nikto scanner is useful in finding various default and insecure files, 
configurations, and programs on any type of web server. this nikto tutorial will help you in all types of scans in Nikto.


Nikto comes previously installed in Kali Linux  if it's not then

apt install nikto 

In windows check this

And in other operating systems use your systems  downloader or use GitHub here.


For start will going to see what's inside Nikto using simple command 
nikto -h

Nikto help

To see more options type 

nikto -H

we are going to see important commands used in nikto
 First of all will see  how to Scan web servers and websites using Nikto for that we will going to use the command -host

nikto -host (host url or IP address )

In my case I'm using Internal Lightppt webserver to test

nikto -host loacalhost:8001

Scan result

Nikto Vulnerability Scanner
Nikto Vulnerability Scanner

here you can see Nikto found out XSS, outdated server and other vulnerability in a webserver.

Nikto requires a port to scan trough if it's not specified in there Nikto will use port 80 as a default port.

Scanning specified ports in nikto

in nikto we can specify ports using -p (-port) option to scan using port specified. 

nikto -host -p 443
here we are scanning port 443 manually

Scanning multiple ports in nikto 

nikto -host -p 80,84,443

here we are specified multiple ports in scanning using Nikto

 Using Proxy in Nikto Scan

To set the proxy on the command, use the option -useproxy with the proxy and port set in there.

 nikto -host -useproxy (proxy address:port)

In Nikto scanner, I really recommend using a proxy because as you can see previous image nikto sent over 7000 requests to a web server which is too noisy for them. IDS will block your IP when it will analyze all these requests coming from single Ip.

Mutations in  nikto 

 Mutation technique:
 In mutation, Nikto uses brute force or other tests to guess the value of the following parameters. this mutation techniques can use the very large extent of requests and tests with the target. 
you can specify the number to which mutation you want to use
 1     Root directories files testing.

  2     password file names guess

   3     Using Apache (/~user type requests) to enumerate username

   4     Using cgiwrap (/cgi-bin/cgiwrap/~user type requests) to enumerate user names

    5      sub-domain brute-forcing names assuming that the hostname is the parent domain without www.
   6     Attempt to guess directory names from the supplied dictionary file

Using mutations in Nikto
Using mutations in Nikto

just like the above image mutation reference number can be used in front of 
-mutate (number)  to execute that mutation

-mutate-options can be used to
Provide extra information for mutates, 
for example. a dictionary file

Output file in nikto

we can use -o command which is -output command used for the output of Nikto in different formats which are.

  -Format+           Save file (-o) format:

                               csv   Comma-separated-value
                               json  JSON Format
                               htm   HTML Format
                               nbe   Nessus NBE format
                               sql   Generic SQL (see docs for schema)
                               txt   Plain text
                               xml   XML Format
                               (if not specified the format will be taken from the file extension passed to -output)

nikto -host <Hostname/IP> -output <filename>

You may like these posts