Advance

Introducing And Install Nikto On Kali Linux

Richard 12 Min Read
Introducing And Install Nikto On Kali Linux

Nikto is one of the most popular web server scanners. It is an open-source, free, and easy-to-use tool that helps you to find potential problems and vulnerabilities very quickly. Nikto checks for the presence of multiple index files, HTTP server options, and identifies installed web servers and software. Using Nikto allows you to test a web server very quickly. It is not a stealthy tool and you can view the result in log files or to an IPS/IDS. This article is about Introducing and Install Nikto on Kali Linux. To buy your own Linux VPS, find your preferred package with an exact customized plan on Eldernode.

Introducing Nikto Tool

To find potential problems and vulnerabilities very quickly, you can choose no tool but Nikto. Since the webserver accepts the requests of visitors, answer and understands them, it is the most critical part of your website. In this way, attackers target your web server to find any vulnerabilities, configuration-related errors, and SSL certificate-related security issues. So, you have to protect it from attacks. Nikto allows you to check server configuration errors and any possible vulnerabilities they might have introduced. Previously, Nmap and Wpscan were introduced to you as network scanning tools. In the following, you will see how to scan webservers for vulnerabilities using Nikto in Kali Linux.

Recommended Article: Introducing And How To Install Twofi On Kali Linux

Nikto Features

In this section, we want to introduce you to 14 Nikto features. These features include:

1- Open-source and frequently updated

2- Ability to scan against 6,700+ known vulnerabilities and scan any web server such as Apache, Nginx, Lighttpd, Litespeed, etc

3- Checks for 1,250+ web servers

4- Scans for configuration-related issues such as open index directories

5- SSL certificate scanning

6- Scans multiple ports on a server with multiple web servers running

7-  Scan through a proxy and with HTTP authentication

8- Full HTTP proxy support

9- Logging to Metasploit

10- Replay saved positive requests

11- Interactive status, pause, and changes to verbosity settings

12- LibWhisker’s IDS encoding techniques

13- Nikto specifies maximum scan time, exclude certain types of scans and unusual report headers seen as well

14- Fast and accurate results

How to Install Nikto on Kali Linux

Nikto is included by default in pen-testing distros like Kali Linux. On other OSes/platforms, you need to install it manually. Nikto is all free and easy to setup. Many excellent open source security tools are available only in Linux versions. Join us with this section to see how to add the Nikto vulnerability scanner to your security analysis toolset on Kali Linux can be achieved with just a couple of commands. If you’re running Kali Linux, Nikto comes preinstalled.

To refresh your APT package lists and install pending updates, run:

sudo apt-get update && sudo apt-get upgrade

Now, you can use the following command to install the Nikto:

sudo apt-get install nikto -y

Also, you can verify that if the Nikto website vulnerability scanner is installed and ready for use or not. So, type:

nikto

Then, if you see an output as shown below ( lists the version of Nikto installed), you can make sure that Nikto is installed successfully.

root@home:~# nikto  - Nikto v2.1.5

To start using the Nikto, replace “http://www.example.com” with any domain or IP address you wish to scan and scan any website or IP address:

./nikto.pl -h http://www.example.com

If it is not working, run:

perl nikto.pl -h http://www.example.coma

How to use Nikto on Kali Linux

Nikto requires a host to scan. This host can be specified with -h or -host option. Use the following command to start Nikto to scan for your considered files with option 1:

nikto -host [hostname or IP]-Tuning 1

To find Web Server Vulnerabilities with Nikto Scanner in Kali Linux, follow the below path:

1- Log in to Kali Linux

2- Go to Applications

3- Vulnerability Analysis and click Nikto

In this way, the terminal will be opened. Then, you can Run the scanning against your web server. The best and quickest way to do this is the below:

# nikto –h $webserverurl

Note: Remember to change $webserverurl with your web server’s actual IP or FQDN.

Use the command below to see everything that can be done inside Nikto:

nikto -Help
Recommended Article: Introducing And How To Install Xplico On Kali Linux

Conclusion

In this article, Nikto is introduced to you and you learned How to install it on Kali Linux. Start using Nikto to test a Web site, Virtual Host, and Web Server for known security vulnerabilities and misconfiguration. Also, you can identify installed software on web servers via headers, favicons, and files. You are recommended to install Nikto on your remote computer and begin your assessments before you notice your site falls prey to a cyber attack.

View More Posts
Richard
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day