Find Web Server Vulnerabilities with Nikto Scanner.
Nikto is an open source web server vulnerabilities scanner, written in Perl language. It function is to scan your web server for vulnerabilities.
Nikto scan for over 6700 items to detect misconfiguration, risky files, etc. and some of the features include:
- You can save report in HTML, XML, CSV
- It supports SSL and Full HTTP Proxy
- Scan multiple ports on the server
- Find subdomain
- Apache user enumeration
- Checks for outdated components
- Detect parking sites
- Server and software misconfigurations
- Default files and programs
- Insecure files and programs
- Outdated servers and programs
Lets get started with the installation and how to use this tool
This can be installed on Kali Linux or other OS (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.), which support Perl.
Also Read- Kali Linux Commands Cheatsheet
In this article, I will explain how to use Nikto on Kali Linux .
Firstly we will install the Nikto tool from Github or Using apt install command on terminal.
Using help manual of Nikto we can see various options or parameters on how we can use this tool very efficiently.
Firstly we will use the basic syntax to check the vulnerability of the website.
However, Nikto is capable of doing a scan that can go after SSL and port 443, the port that HTTPS websites use (HTTP uses port 80 by default). So we’re not just limited to scanning old sites, we can do vulnerability assessments on sites that use SSL, which is pretty much a requirement these days to be indexed in search results.
If we know it’s an SSL site that we’re targeting, we can specify it in Nikto to save some time on the scan by adding -ssl to the end of the command.
So by using this tool we can analyse the vulnerability of the website, and later than to fix it.