How to Find Web Server Vulnerabilities With Nikto Scanner


Find Web Server Vulnerabilities with Nikto Scanner.

Nikto is an open source web server vulnerabilities scanner, written in Perl language. It function is to scan your web server for vulnerabilities.

Nikto scan for over 6700 items to detect misconfiguration, risky files, etc. and some of the features include:

  • You can save report in HTML, XML, CSV
  • It supports SSL and Full HTTP Proxy
  • Scan multiple ports on the server
  • Find subdomain
  • Apache user enumeration
  • Checks for outdated components
  • Detect parking sites
  • Server and software misconfigurations
  • Default files and programs
  • Insecure files and programs
  • Outdated servers and programs

Lets get started with the installation and how to use this tool

This can be installed on Kali Linux or other OS (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.), which support Perl.

Also Read- Kali Linux Commands Cheatsheet

In this article, I will explain how to use Nikto on Kali Linux .

Firstly we will install the Nikto tool from Github or Using apt install command on terminal.

Using help manual of Nikto we can see various options or parameters on how we can use this tool very efficiently.

Firstly we will use the basic syntax to check the vulnerability of the website.

However, Nikto is capable of doing a scan that can go after SSL and port 443, the port that HTTPS websites use (HTTP uses port 80 by default). So we’re not just limited to scanning old sites, we can do vulnerability assessments on sites that use SSL, which is pretty much a requirement these days to be indexed in search results.

If we know it’s an SSL site that we’re targeting, we can specify it in Nikto to save some time on the scan by adding -ssl to the end of the command.

So by using this tool we can analyse the vulnerability of the website, and later than to fix it.

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Phishing Protection Software

Protect Yourself With Phishing Protection Software

Next Article
Mac Malware

New MAC Malware Detected - OSX/CrescentCore

Related Posts