Using Nikto for web scanning

Nikto is a perl based open source tool for the Linux terminal that allows users to scan and perform tests against web servers, including potentially dangerous files, outdated server versions, specific bugs and problems in those versions, and the presence of index files. This is a handy tool for testing web security, although not every check is a security problem. For installing it on Linux it’s as easy as $ sudo apt install nikto and it’s done! Now, let’s see some examples.

The basic host scanning only requires nikto -h and the address we want to check. For example:

This will return general information about our localhost. As default, the port is 80. We can also ask for a certain address using URL syntax. This is an example with a normal output:

We can check specific ports adding -p and the port or using URL syntax. For example:

$ nikto -h -p 83
$ nikto -h

If not specified, Nikto will check first HTTP and then, if it fails, HTTPS. If you are sure it’s using SSL and want to hurry things up, just add -ssl at the end. We can also check multiple ports using commas, like this:

$ nikto -h -p 50, 83, 443

What else can we do? Well, we can set up proxies if we want! How? First of all we should look for nikto.conf file. If you are not sure where it is, look for it using whereis nikto.conf and that should throw a clue. Then set your proxy variables PROXYHOST, PROXYPORT, PROXYUSER, PROXYPASS, and save. When it’s done you should be able to use the -useproxy option, like this:

$ nikto -h -p 50 -useproxy  

What is it useful for? For example, we can add a localhost proxy on a web host and analyze the requests using Burp Suite.

Last but not least, I’d like to mention “Plugins”. Beforehand, nikto used to have an option called -mutate that allowed the user to execute specific scripts. Now it’s deprecated, and it uses a series of plugins, also the user can add more customs plugins to the tool. To see all the default plugins available we should use -list-plugins.

$ nikto -list-plugins

To sum it up, this is a flexible, open tool, that comes in handy when we need a fast, general idea of a server state.

Cybersecurity engineer

Site Footer