Nikto is a powerful, open-source web server scanner that’s been a staple in the security community for years. Designed to identify vulnerabilities and misconfigurations on web servers, Nikto checks for dangerous files, outdated software, and other common issues that can leave systems exposed. In this post, we’ll explore what Nikto is, how to get it up and running, and provide practical examples to help you integrate it into your security assessments.

What is Nikto?

Nikto is a Perl-based tool that performs comprehensive tests against web servers. It scans for over 6,700 potentially dangerous files, outdated server components, and other vulnerabilities. Whether you’re conducting a penetration test or performing routine security audits, Nikto can help you uncover weaknesses before they’re exploited.

Installation

You can easily install Nikto by cloning its GitHub repository. Ensure you have Perl installed on your system, then run the following commands:

git clone https://github.com/sullo/nikto.git
cd nikto
perl nikto.pl -update

The -update flag refreshes the plugins and checks for the latest vulnerability database, ensuring your scans are up-to-date.

Usage Examples

Here are some practical examples to get you started with Nikto:

1. Basic Scan

To perform a basic scan on a target web server:

perl nikto.pl -h http://target-website.com

This command initiates a scan on http://target-website.com and outputs a list of vulnerabilities and configuration issues found.

2. Specifying a Port

If the web server is running on a non-standard port, you can specify it using the -p option:

perl nikto.pl -h http://target-website.com -p 8080

This tells Nikto to scan the target on port 8080.

3. Outputting Results to a File

For documentation or further analysis, you might want to save the scan results to a file:

perl nikto.pl -h http://target-website.com -output nikto_scan_results.txt

This command writes the output to nikto_scan_results.txt, which you can review later or include in your reports.

4. Enabling SSL Scanning

If you need to scan an HTTPS server, simply specify the URL with https:

perl nikto.pl -h https://secure-target.com

Nikto automatically handles the SSL connection and performs the necessary checks.

Best Practices

• Always Get Permission: Before scanning any server, ensure you have explicit authorization to avoid legal or ethical issues.
• Combine with Other Tools: Use Nikto alongside other scanning tools like Nmap to build a more complete picture of your target’s security posture.
• Review and Verify: Not every finding is a critical vulnerability. Always verify potential issues manually to prioritize remediation.
• Stay Updated: Regularly update Nikto’s plugins and vulnerability databases to ensure your scans are as effective as possible.

Final Thoughts

Nikto remains a go-to tool for web server vulnerability assessments, offering a robust set of features that help uncover common security issues. By incorporating Nikto into your security toolkit, you can automate part of the reconnaissance process, saving time and improving your overall assessment quality. As always, use Nikto responsibly and with the appropriate permissions.

Happy scanning!