How to install and use Nikto utility on Ubuntu

Nikto– one of the open source utilities that is widely used by Pentesters. Nikto has ability to identify potentially interesting files by referencing the robots.txt file, by spidering the surface of the application, and by cycling through a list of known files that contain sensitive information.

Nikto is a web server assessment tool that is able to :

  • Examine a web server to find potential problems and security vulnerabilities, including:
  • Server and software misconfigurations
  • Default files and programs
  • Insecure files and programs
  • Outdated servers and programs

Installation as well as use is very simple on Ubuntu.

 sudo apt-get install nikto

Update nikto database befoe scan and list availbale plugins

perl update
perl -list-plugins

You can now execute for example scan of webpage by issuing this command:

perl -h

Scan host on multiple ports

perl -h -p 80,443

As well as you can scan the host for vulnerability and show verbose output

perl -D v -h

One of my favourite scan option is use Nikto to run against a host with specific options and here ar ethe options:
0 – File Upload
1 – Interesting File // we will get in logs
2 – Misconfiguration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service // Scan for DDOS
7 – Remote File Retrieval – Server Wide
8 – Command Execution // Remote Shell
9 – SQL Injection // Scan for mysql vulnerabilities
a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options

Here is example to use the options – use Nikto scan against the host in order to discover SQL vulnerabilities on the host

 perl -Tuning 9 -h

One more option is also scan and save the result output into html file for later review

perl -Display V -o scan_result.html -Format html -h

As you can see this Nikto is a perl based security testing tool and this means it will run on most operating systems with the necessary Perl interpreter installed.It has a lot of options and features to offer. Nikto is a web scanner released under the GPL license, which is used to perform comprehensive tests on Web servers for multiple items including over 6500 potentially dangerous files/CGIs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.