Nikto, also known as Nikto2, is an open source (GPL) and free-to-use web server scanner which performs vulnerability scanning against web servers for multiple items including dangerous files and programs, and checks for outdated versions of web server software. It also checks for server configuration errors and any possible vulnerabilities they might have introduced.
The Nikto vulnerability scanner project is a fast-moving effort, frequently updated with the latest known vulnerabilities. This allows you to scan your web servers with confidence as you search for any possible issues.
The key features of Nikto include:
1. Comprehensive Web Server Scanning:
– Detects over 6,700 potentially dangerous files, configurations, and vulnerabilities.
– Identifies outdated versions of server software and common vulnerabilities such as XSS, SQL injections, and others.
2. Detection of Server Misconfigurations:
– Checks for common security misconfigurations like missing HTTP headers (e.g., security headers), open directories, and more.
3. Multiple Protocol Support:
– Can scan servers using different protocols like HTTP, HTTPS, HTTPs, and HTTP-based services such as WebDAV.
4. SSL Certificate Analysis:
– Provides details about SSL/TLS configuration, such as weak cipher suites, certificate expiration dates, and other vulnerabilities.
5. Customizable and Extensible:
– Nikto uses a plugin-based architecture, allowing for easy updates and the ability to customize scan behavior with user-defined tests.
6. Report Generation:
– Supports various output formats, including plain text, HTML, CSV, and XML, making it easier to document findings or integrate with other tools.
7. Fast and Lightweight:
– Capable of scanning a web server quickly, ideal for basic web server vulnerability assessments without significant resource usage.
8. Open Source and Actively Maintained:
– Available for free under the GPL license, ensuring it remains up to date with regular contributions from the community.
9. ntegration with Other Security Tools:
– Can be integrated into broader security testing frameworks, offering compatibility with tools like Metasploit for more comprehensive penetration testing.
Here are some of the cool things that Nikto can do:
- Find SQL injection, XSS, and other common vulnerabilities
- Identify installed software (via headers, favicons, and files)
- Guess subdomains
- Includes support for SSL (HTTPS) websites
- Saves reports in plain text, XML, HTML or CSV
- “Fish” for content on web servers
- Report unusual headers
- Check for server configuration items like multiple index files, HTTP server options, and so on
- Has full HTTP proxy support
- Guess credentials for authorization (including many default username/password combinations)
- Is configured with a template engine to easily customize reports
- Exports to Metasploit
Nikto installation
The Nikto vulnerability scanner can be installed in multiple ways on both Windows- and Linux-based systems. It is available in package format on Linux for easy installation via a package manager (apt, yum, etc.) and also available via GitHub to be installed or run directly from the project source.
For our tutorial, we’ll install Nikto from an operating system distribution package as well as from GitHub directly. This will give us multiple ways to install and integrate the Nikto web scanner into our tool sets.
GitHub-based installation
While the Nikto web scanner can be installed from most operating systems’ software repositories, installation from GitHub will always ensure you have the latest version of Nikto working with your system. This is important for any security analysis tool, ensuring the search for vulnerabilities is working with the most current information possible.
The GitHub-based installation method is also ideal for Linux distributions which do not carry Nikto in their software repositories, which makes installing Nikto possible on nearly every Linux distribution/platform.
To begin the installation from GitHub, clone the git repository:
git clone https://github.com/sullo/nikto
Kali Linux-based installation
Kali Linux is the go-to Linux distribution for users who are into pentesting and security analysis. And adding the Nikto vulnerability scanner to your security analysis tool set on Kali Linux can be achieved with just a couple of commands, as shown below.
First, refresh your APT package lists and install any pending updates:
sudo apt-get update && sudo apt-get upgrade
Next, install the Nikto web scanner with the command:
sudo apt-get install nikto -y
To verify that the Nikto website vulnerability scanner is installed and ready for use, run the command:
nikto
Practical
Running a basic website scan
The most basic way to scan a host with Nikto is to use the -h flag with the nikto command:
Running a scan on a website with SSL
Nikto also has an SSL scanner mode, for SSL certificates installed on a website. With this you can get SSL cipher and issuer information.
To run a website SSL scan run:
Command: nikto –h amazon.in -ssl
Scanning specific ports with Nikto
On certain deployments, web servers are run on non-standard ports like 8081 or 8080, or multiple web servers are run on the same host on different network ports. It’s therefore vital to have the ability to scan specific ports as well as the main 80 and 443 ports.
This can be achieved by running the command:
nikto -h amazon.in 80(port no)
Save Nikto output to a specific file
The Nikto scanner also includes the ability to save the scan output to a file for future reference. This is ideal when running multiple scans and/or large scans which can be easier to reference from a file.
This is achieved by running the command:
nikto -h amazon.in -o nikto2.txt
To check the file name
Save file with special file format
Command : nikto –h amazon.in –o nikto1.csv –Format csv
To check the file format