New Year Learning Carnival: Get Free Courses and Up to 50% off on Career Booster Combos!
D H M S

Web Vulnerability Scanning with Nikto

Author by: Ruchi Bisht
Jan 30, 2025 541

Introduction to Nikto

Nikto is an open-source web vulnerability scanner widely used by cybersecurity professionals to identify security issues in web servers and applications. Created to be both comprehensive and user-friendly, Nikto quickly scans web applications for vulnerabilities, misconfigurations, and outdated components. As it is freely available, it is accessible to professionals, students, and hobbyists alike, providing a hands-on tool for real-world vulnerability assessment.

Web Vulnerability Scanning with Nikto

Key Features of Nikto

  • Detection of Over 6,700 Vulnerabilities: Nikto scans for a vast array of issues, including server misconfigurations, insecure files, outdated versions, and more.
  • Fast Scanning and Reporting: Nikto is designed to be thorough yet fast, providing detailed results in just a few minutes.
  • Customizable Scan Options: Nikto allows custom configurations, such as choosing specific modules, target directories, or user agents, making it adaptable for different scanning needs.

Getting Started with Nikto

To use Nikto effectively, you’ll first need to install and configure it. Here is how to set up Nikto on different operating systems.

Installing Nikto

1. On Linux: Most Linux distributions allow you to install Nikto through package managers, or you can install it directly from the source.

Install using apt (Debian/Ubuntu)

sudo apt update
sudo apt install nikto

Installing from source (for any Linux distribution)

git clone https://github.com/sullo/nikto.git
cd nikto
sudo chmod +x nikto.pl

On macOS: You can use Homebrew to install Nikto

brew install nikto

2. On Windows: Nikto is a Perl-based application, so you will need to install Perl first. Afterward, you can use Git Bash or any command line to run Nikto.

Step 1: Install Perl for Windows (ActivePerl)

Step 2: Clone the Nikto repository

git clone https://github.com/sullo/nikto.git
cd nikto

Command to check the current version of Nikto’s plugins and database:

nikto.pl -Version

Command to check the current version of Nikto’s plugins and database

Nikto is now set up, and you’re ready to perform your first scan!

Core Functionalities of Nikto

Nikto offers a wide range of scanning capabilities, helping you detect various types of vulnerabilities, including:

  • Outdated Software: Identifies outdated versions of software components on the server.
  • Default Files and Directories: Checks for files like php or admin directories left from development.
  • Configuration Issues: Detects common misconfigurations, such as HTTP methods (OPTIONS, TRACE), that may increase attack surfaces.
  • Security Headers: Checks for missing or misconfigured security headers that could expose vulnerabilities.

Here are commands to use Nikto’s core scanning functionalities effectively.

Running Basic Scans with Nikto

Basic Scan Command: The simplest command to scan a website is as follows:

nikto -h <URL or IP address>

Example

nikto -h http://example.com

This command initiates a basic scan, which will test the target for known vulnerabilities, misconfigurations, and outdated software.

Basic Scan Command

Useful Parameters:

  • -output: Saves the scan results to a file.
  • -timeout: Sets a timeout for the scan.
  • -ssl: Specifies SSL if the site doesn’t use HTTP.
  • -C: Checks for HTTP-related vulnerabilities.
nikto -h http://example.com -output example_scan.txt -timeout 10 -C all

Useful Parameters

Scan for Specific Vulnerabilities: Nikto can target specific types of vulnerabilities by using the -Tuning option. The Tuning codes allow you to specify the scan focus.

  • Scan for File Upload Vulnerabilities (Code 4)
nikto -h -Tuning 4

Scan for File Upload Vulnerabilities

  • Scan for Injection Vulnerabilities (Code 5)
nikto -h -Tuning 5

Scan for Injection Vulnerabilities

Tuning codes reference

  • 0: File upload
  • 1: Interesting files / Seen in logs
  • 2: Misconfiguration / Default files
  • 3: Information disclosure
  • 4: Injection (XSS/Script/HTML)
  • 5: Remote file retrieval (shells)

Exporting Results to a Report: To export the results to a file, you can use the -o (output) option:

nikto -h -o output.txt

Exporting Results to a Report

Exporting Results to a Report

Advanced Scanning Options

Nikto also supports various advanced options for custom scans.

  • Limiting Scan Scope: Use the -p option to specify a particular port (useful if the server runs multiple services):
nikto -h -p 443

Limiting Scan Scope

  • Customizing the User-Agent: A great way to mimic legitimate browser traffic (Google Chrome browser on Windows 10) and avoid detection by simple monitoring tools.
nikto -h -useragent “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36”

Customizing the User-Agent

  • Using Nikto with Burp Suite: You can proxy Nikto through Burp Suite for enhanced interception:
nikto -h -useproxy http://127.0.0.1:8080

Using Nikto with Burp Suite

  • Rate Limiting (Pause): The -Pause parameter adds a delay between requests during scans, minimizing server impact and reducing detection by IDS/IPS.
nikto -h 192.168.xxx.xxx -Pause 3

Rate Limiting

-h 192.168.xxx.xxx: Specifies the target server’s IP address.

-Pause 3: Introduces a 3-second delay between each request sent during the scan.

Best Practices for Web Vulnerability Scanning with Nikto

  • Schedule Regular Scans: Automate scans to ensure continuous monitoring.
  • Avoid Scanning Critical Environments without Permission: Nikto is an intrusive tool that can generate a lot of traffic. Make sure you have authorization to avoid network disruptions or detection alerts.
  • Use Scan Results to Guide Mitigation: Regularly update software, implement recommended security headers, and close access to exposed directories based on Nikto’s findings.

In Conclusion

Nikto is an excellent tool for identifying common vulnerabilities and misconfigurations in web applications. By understanding its features and limitations, you can incorporate it effectively into your cybersecurity toolkit.

Check out other related articles:

CEH v13 AI with InfosecTrain

Join InfosecTrain’s CEH v13 AI certification training to master tools like Nikto and other critical cybersecurity techniques. This hands-on course combines practical insights with real-world applications, empowering you to identify web vulnerabilities, strengthen security defenses, and tackle cyber threats effectively. Gain in-depth expertise, sharpen your ethical hacking skills, and become job-ready in the fast-evolving cybersecurity landscape. Take the next step in your career with InfosecTrain!

CEH v13 AI Certification Training

TRAINING CALENDAR of Upcoming Batches For CEH v13

Start Date End Date Start - End Time Batch Type Training Mode Batch Status
01-Feb-2025 09-Mar-2025 19:00 - 23:00 IST Weekend Online [ Close ]
15-Feb-2025 30-Mar-2025 09:00 - 13:00 IST Weekend Online [ Close ]
02-Mar-2025 12-Apr-2025 19:00 - 23:00 IST Weekend Online [ Open ]
23-Mar-2025 03-May-2025 09:00 - 13:00 IST Weekend Online [ Open ]
3-Day Free Ethical Hacking Masterclass
TOP