**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
An open-source web server scanner called Nikto runs extensive tests to find all types of vulnerabilities on web servers. It evaluates for outdated versions, insecure configurations, common vulnerabilities, and potentially dangerous files and scripts.
Nikto scans for over 6700 potentially dangerous files and CGIs and identifies outdated versions of more than 1250 servers. It identifies version-specific issues across more than 270 servers. It also spots server configuration problems, including multiple index files & HTTP server options. Moreover, it tries to detect installed web servers as well as software. This tool can scan through SSL/TLS and works well with proxy and authentication methods. Nikto is a comprehensive solution that plays a crucial role in evaluating & securing web servers against various vulnerabilities and misconfigurations.
The Right way to use Nikto:
When using Nikto on a specific website, the raw results might not give you immediate actionable insights. Think of Nikto as a preliminary tool. It’s like a laser pointer—helpful in revealing vulnerabilities & potential entry points for further attack strategies.
Before exploring Nikto’s effective use, it’s imperative to grasp the idea of your target surface. This means looking at all potential attack points, which can include anything from printers exposed to the network to web servers and many more.
As you utilize Nikto later, remember to give it precise details: an IP address for a local service, a web domain for assessment, or an SSL/HTTPS secured site. Each input guides Nikto to scan & analyze vulnerabilities linked to the target’s digital footprint. This way, the approach is more focused & strategic when assessing cybersecurity.
Installation:
For those on Kali Linux, Nikto is conveniently available since it comes pre-installed under the “Vulnerability Analysis” category. If you find that it’s not installed, no worries! You can easily access Nikto from its GitHub repository or by using the simple “apt install” command, which means you can enjoy Niko’s powerful scanning without additional downloads or installation.
Git clone https://github.com/sullo/nikto.git
Get to know Nikto:
Before you start scanning web servers with Nikto, use the -h option to view all the available features and commands.
Basic Scan to the target URL:
As noted in the previous step, Nikto offers many switches, but we’ll use the basic syntax provided for our demonstration. Replace <IP or hostname> with the actual IP address or hostname, without the angle brackets.
- Scan a specific port on the target.
$ nikto -h <target ip> -p 80
- nikto: This command is used to run the Nikto tool.
- -h: This option specifies the host or target IP address. It tells nikto which web server it should scan.
- Target ip: Replace this with the actual IP address or hostname of the target.
- -p: specifies the port number on which the web server is running.
By specifying a port with -p 80, Nikto focuses on HTTP traffic on port 80. It scans the server for vulnerabilities, including outdated software, configuration issues, potentially dangerous files, and commonly used default directories. After the scan, Nikto generates a report listing all detected vulnerabilities, which can be used to address and improve the server’s security.
- Scan the specified IP address or hostname for vulnerabilities
$ nikto -h URL
- nikto: This command is to run the Nikto tool.
- -h: specifies the host or target, which can be an IP address or a URL.
- URL: Replace this with the actual URL of the target web server you want to scan.
When you use `nikto -h URL`, Nikto targets the specified web server by resolving the URL to its IP address. It scans the URL http://192.168.64.150 and gives results based on it. The tool checks for vulnerabilities like outdated software, misconfigurations, and potentially dangerous files or scripts. After the scan, Nikto generates a report detailing all detected issues, helping to identify and fix security weaknesses.
- Scan an SSL- enabled website
$ nikto -h url ssl
- nikto: This command is to run the Nikto tool.
- -h: specifies the host or target, which can be an IP address or a URL.
- url: Replace this with the actual URL of the target web server you want to scan.
Tuning option
Nikto provides a variety of tuning options that allow you to specify which types of tests to run during a scan. This can help tailor the scan to focus on particular vulnerabilities or areas of interest. The ‘-Tuning’ option allows you to select specific categories of tests to run. By providing a comma-separated list of tuning options, you can customize the scan according to your needs.
Tuning options include:
- 0 – File Upload
- 1 – Interesting File/Seen in logs
- 2 – Misconfiguration/Default File
- 3 – Information Disclosure
- 4 – Injection (XSS/Script/HTML)
- 5 – Remote File Retrieval – Inside Web Root
- 6 – Denial of Service
- 7 – Remote File Retrieval – Server Wide
- 8 – Command Execution / Remote Shell
- 9 – SQL Injection
$ nikto -h <target IP> -Tuning 123
There are few other advanced scan options we have:
- Scan Multiple host:
$nikto -h hosts.txt
- Verbose mode: to run nikto in verbose mode for more detailed output:
$nikto -h <target IP> -Display -v
Nikto’s flexibility along with its user-friendly interface makes it vital for security professionals & administrators. It offers various scanning & tuning options that help focus assessments on particular vulnerabilities or areas of interest—allowing for efficient security evaluations.
Whether you’re conducting routine security checks or engaging in thorough penetration testing, Nikto serves as a reliable tool to identify and manage potential risks in web server environments.
Note: Ensure you have proper authorization before running any scans to avoid legal or ethical implications.
