Nikto Vulnerability Scanner
Nikto Vulnerability Scanner
Nikto is a web server vulnerability assessment tool. Nikto scanner is useful in finding various default and insecure files,
configurations, and programs on any type of web server. this nikto tutorial will help you in all types of scans in Nikto.
Nikto comes previously installed in Kali Linux if it's not then
configurations, and programs on any type of web server. this nikto tutorial will help you in all types of scans in Nikto.
Installation
Nikto comes previously installed in Kali Linux if it's not then
apt install nikto
In windows check this
And in other operating systems use your systems downloader or use GitHub here.
Operation
For start will going to see what's inside Nikto using simple command
To see more options type
nikto -H
Now,
we are going to see important commands used in nikto
First of all will see how to Scan web servers and websites using Nikto for that we will going to use the command -host
nikto -host (host url or IP address )
nikto -host loacalhost:8001
![]() |
Nikto Vulnerability Scanner |
here you can see Nikto found out XSS, outdated server and other vulnerability in a webserver.
Nikto requires a port to scan trough if it's not specified in there Nikto will use port 80 as a default port.
Scanning specified ports in nikto
in nikto we can specify ports using -p (-port) option to scan using port specified.
nikto -host 127.0.0.1 -p 443here we are scanning port 443 manually
Scanning multiple ports in nikto
nikto -host 127.0.0.1 -p 80,84,443
here we are specified multiple ports in scanning using Nikto
Using Proxy in Nikto Scan
To set the proxy on the command, use the option -useproxy with the proxy and port set in there.
nikto -host 127.0.0.1 -useproxy (proxy address:port)
Mutations in nikto
Mutation technique:
In mutation, Nikto uses brute force or other tests to guess the value of the following parameters. this mutation techniques can use the very large extent of requests and tests with the target.
you can specify the number to which mutation you want to use
In mutation, Nikto uses brute force or other tests to guess the value of the following parameters. this mutation techniques can use the very large extent of requests and tests with the target.
you can specify the number to which mutation you want to use
1 Root directories files testing.
2 password file names guess
3 Using Apache (/~user type requests) to enumerate username
4 Using cgiwrap (/cgi-bin/cgiwrap/~user type requests) to enumerate user names
5 sub-domain brute-forcing names assuming that the hostname is the parent domain without www.
6 Attempt to guess directory names from the supplied dictionary file
![]() |
Using mutations in Nikto |
just like the above image mutation reference number can be used in front of
-mutate (number) to execute that mutation
-mutate (number) to execute that mutation
-mutate-options can be used to
for example. a dictionary file
Output file in nikto
we can use -o command which is -output command used for the output of Nikto in different formats which are.
-Format+ Save file (-o) format:
csv Comma-separated-value
json JSON Format
htm HTML Format
nbe Nessus NBE format
sql Generic SQL (see docs for schema)
txt Plain text
xml XML Format
(if not specified the format will be taken from the file extension passed to -output)
nikto -host <Hostname/IP> -output <filename>