Nikto is one of the most popular web server scanners. It is an open-source, free, and easy-to-use tool that helps you to find potential problems and vulnerabilities very quickly. Nikto checks for the presence of multiple index files, HTTP server options, and identifies installed web servers and software. Using Nikto allows you to test a web server very quickly. It is not a stealthy tool and you can view the result in log files or to an IPS/IDS. This article is about Introducing and Install Nikto on Kali Linux. To buy your own Linux VPS, find your preferred package with an exact customized plan on Eldernode.
Table of Contents
Introducing Nikto Tool
To find potential problems and vulnerabilities very quickly, you can choose no tool but Nikto. Since the webserver accepts the requests of visitors, answer and understands them, it is the most critical part of your website. In this way, attackers target your web server to find any vulnerabilities, configuration-related errors, and SSL certificate-related security issues. So, you have to protect it from attacks. Nikto allows you to check server configuration errors and any possible vulnerabilities they might have introduced. Previously, Nmap and Wpscan were introduced to you as network scanning tools. In the following, you will see how to scan webservers for vulnerabilities using Nikto in Kali Linux.
Nikto Features
In this section, we want to introduce you to 14 Nikto features. These features include:
1- Open-source and frequently updated
2- Ability to scan against 6,700+ known vulnerabilities and scan any web server such as Apache, Nginx, Lighttpd, Litespeed, etc
3- Checks for 1,250+ web servers
4- Scans for configuration-related issues such as open index directories
5- SSL certificate scanning
6- Scans multiple ports on a server with multiple web servers running
7- Scan through a proxy and with HTTP authentication
8- Full HTTP proxy support
9- Logging to Metasploit
10- Replay saved positive requests
11- Interactive status, pause, and changes to verbosity settings
12- LibWhisker’s IDS encoding techniques
13- Nikto specifies maximum scan time, exclude certain types of scans and unusual report headers seen as well
14- Fast and accurate results
How to Install Nikto on Kali Linux
Nikto is included by default in pen-testing distros like Kali Linux. On other OSes/platforms, you need to install it manually. Nikto is all free and easy to setup. Many excellent open source security tools are available only in Linux versions. Join us with this section to see how to add the Nikto vulnerability scanner to your security analysis toolset on Kali Linux can be achieved with just a couple of commands. If you’re running Kali Linux, Nikto comes preinstalled.
To refresh your APT package lists and install pending updates, run:
sudo apt-get update && sudo apt-get upgradeNow, you can use the following command to install the Nikto:
sudo apt-get install nikto -yAlso, you can verify that if the Nikto website vulnerability scanner is installed and ready for use or not. So, type:
niktoThen, if you see an output as shown below ( lists the version of Nikto installed), you can make sure that Nikto is installed successfully.
root@home:~# nikto - Nikto v2.1.5To start using the Nikto, replace “http://www.example.com” with any domain or IP address you wish to scan and scan any website or IP address:
./nikto.pl -h http://www.example.comIf it is not working, run:
perl nikto.pl -h http://www.example.comaHow to use Nikto on Kali Linux
Nikto requires a host to scan. This host can be specified with -h or -host option. Use the following command to start Nikto to scan for your considered files with option 1:
nikto -host [hostname or IP]-Tuning 1To find Web Server Vulnerabilities with Nikto Scanner in Kali Linux, follow the below path:
1- Log in to Kali Linux
2- Go to Applications
3- Vulnerability Analysis and click Nikto
In this way, the terminal will be opened. Then, you can Run the scanning against your web server. The best and quickest way to do this is the below:
# nikto –h $webserverurlNote: Remember to change $webserverurl with your web server’s actual IP or FQDN.
Use the command below to see everything that can be done inside Nikto:
nikto -HelpConclusion
In this article, Nikto is introduced to you and you learned How to install it on Kali Linux. Start using Nikto to test a Web site, Virtual Host, and Web Server for known security vulnerabilities and misconfiguration. Also, you can identify installed software on web servers via headers, favicons, and files. You are recommended to install Nikto on your remote computer and begin your assessments before you notice your site falls prey to a cyber attack.
