Nikto
Nikto is an open-source web server scanner written in Perl. It is designed to identify potential vulnerabilities, misconfigurations, outdated software, and insecure files or scripts on web servers.
Nikto performs comprehensive tests against web servers for:
- Dangerous files/CGIs
- Outdated server software
- Insecure HTTP headers
- Common configuration issues
βοΈ How Nikto Works
Section titled ββοΈ How Nikto WorksβNikto uses a database of known vulnerabilities and scan signatures. It sends crafted HTTP requests to the target server and analyzes the responses to identify issues.
It is not stealthy β itβs fast and noisy, meaning it can be easily detected by intrusion detection/prevention systems.
π Basic Usage
Section titled βπ Basic Usageβnikto -h <target>β Example:
Section titled ββ Example:βnikto -h http://192.168.1.100Scans the target web server for vulnerabilities.
π§ Common Options
Section titled βπ§ Common Optionsβ| Option | Description |
|---|---|
-h | Host to scan (IP or URL) |
-p | Port to scan (default: 80 for HTTP) |
-ssl | Force SSL connection (useful for HTTPS on non-443 ports) |
-Tuning | Tune the scan type (e.g., files, robots.txt, etc.) |
-o | Output results to file |
-Format | Output format: csv, txt, xml, etc. |
-Display | Customize output verbosity |
-timeout | Set request timeout |
-evasion | Attempt evasion techniques to avoid WAFs |
π§ Example: Scan HTTPS on custom port with output
Section titled βπ§ Example: Scan HTTPS on custom port with outputβnikto -h https://example.com -p 8443 -o scan_results.txt -Format txtπ Scan Tuning
Section titled βπ Scan TuningβUse the -Tuning option to focus on specific types of tests. Values include:
| Code | Scan Type |
|---|---|
| 0 | File Upload |
| 1 | Interesting Files |
| 2 | Misconfigurations |
| 3 | Information Disclosure |
| 4 | Injection Vulns (e.g., XSS) |
| 5 | Remote File Retrieval |
| 6 | Denial of Service |
| 7 | Remote Execution |
| 8 | Command Execution |
| 9 | SQL Injection |
Example:
nikto -h http://192.168.1.100 -Tuning 123This scans for interesting files, misconfigurations, and info disclosure.
β οΈ Limitations of Nikto
Section titled ββ οΈ Limitations of Niktoβ- Not stealthy β easily detectable
- Can produce false positives
- Does not exploit vulnerabilities, only detects
- Can be slow on large servers with many endpoints
β When to Use Nikto
Section titled ββ When to Use Niktoβ- Reconnaissance and enumeration during penetration testing
- Quick scans for common vulnerabilities in web apps
- Checking default and dangerous files (like
/phpinfo.php,/admin/, etc.)
π‘ Pro Tip
Section titled βπ‘ Pro TipβRun Nikto in combination with tools like Nmap, Gobuster, and Burp Suite for better coverage and correlation of results.