How to Find Web Server Vulnerabilities With Nikto Scanner

NIKTO Web Vulnerability Scanner
NIKTO Web Vulnerability Scanner

Find Web Server Vulnerabilities with Nikto Scanner

Nikto is an open source web server vulnerabilities scanner, written in Perl languages. It function is to scan your web server for vulnerabilities.

Nikto scan for over 6700 items to detect misconfiguration, risky files, etc. and some of the features include;

  • You can save report in HTML, XML, CSV
  • It supports SSL and Full HTTP Proxy
  • Scan multiple ports on the server
  • Find subdomain
  • Apache user enumeration
  • Checks for outdated components
  • Detect parking sites
  • Server and software misconfigurations
  • Default files and programs
  • Insecure files and programs
  • Outdated servers and programs

Lets get started with the installation and how to use this tool

This can be installed on Kali Linux or other OS (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.), which support Perl.

Also Read- Kali Linux Commands Cheatsheet

In this article, I will explain how to use Nikto on Kali Linux .

Firstly we will install the Nikto tool from Github or Using apt install command on terminal.

Using help manual of Nikto we can see various options or parameters on how we can use this tool very efficiently.

Firstly we will use the basic syntax to check the vulnerability of the website.

However, Nikto is capable of doing a scan that can go after SSL and port 443, the port that HTTPS websites use (HTTP uses port 80 by default). So we’re not just limited to scanning old sites, we can do vulnerability assessments on sites that use SSL, which is pretty much a requirement these days to be indexed in search results.

If we know it’s an SSL site that we’re targeting, we can specify it in Nikto to save some time on the scan by adding -ssl to the end of the command

So by using this tool we can analyse the vulnerability of the website.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Subhashini Rai

Xerosploit- Penetration Testing Framework For Man-In-The-Middle Attack

Networking is a very important platform it is useful also and can...
Read More

Leave a Reply