What is Nikto and usage:


Nikto is an open-source web server vulnerability scanner that is used by security professionals and enthusiasts to identify potential security issues on web servers. It can detect various types of vulnerabilities, including outdated software versions, misconfigurations, and common security flaws, helping organizations and individuals to strengthen their web server security posture.

Features Of Nikto Tool:

Some important features of Nikto include:

1. Comprehensive Scanning: Nikto scans web servers comprehensively to identify a wide range of vulnerabilities, including outdated software versions, configuration issues, and common security misconfigurations.

2. SSL Support: Nikto supports SSL encryption, allowing it to scan websites that use HTTPS for secure communication.

Database of Known Vulnerabilities: Nikto incorporates a database of known vulnerabilities and attack signatures, enabling it to identify common security flaws and weaknesses in web servers.

3. Customizable Scans: Users can customize Nikto scans according to their specific requirements, adjusting scan parameters and options to focus on particular types of vulnerabilities or web server configurations.

4. Reporting Capabilities: Nikto generates detailed reports summarizing the results of the vulnerability scans, including identified vulnerabilities, potential risks, and recommendations for remediation.

5. Command-Line Interface: Nikto features a command-line interface (CLI) that allows users to initiate and control scans from the terminal, making it suitable for integration into automated testing workflows or scripting.

6. Open-Source and Free: Nikto is open-source software released under the GPL license, making it freely available for anyone to download, use, and modify. This fosters community collaboration and contributes to ongoing improvements and updates.

7. Platform Independence: Nikto is platform-independent, meaning it can run on various operating systems such as Linux, Windows, and macOS, providing flexibility for users with different computing environments.

8. These features collectively make Nikto a valuable tool for security professionals, penetration testers, and system administrators seeking to enhance the security of their web servers and applications.

More Features:

● Perform scans across numerous ports on a single server or multiple servers via an input file, which includes Nmap output.
● Utilize LibWhisker's IDS encoding techniques.
● Facilitate easy updates through a command-line function.
● Detect installed software by analyzing headers, favicons, and files.
● Enable host authentication with Basic and NTLM protocols.
● Employ subdomain guessing capabilities.
● Conduct Apache and cgiwrap username enumeration.
● Apply mutation techniques to probe for content on web servers.
● Fine-tune scans to include or exclude entire classes of vulnerability checks.
● Attempt to guess credentials for authorization realms, including numerous default username/password combinations.
● Handle authorization guessing for any directory, not limited to the root directory.
● Enhance false positive reduction through various methods such as analyzing headers, page content, and content hashing.
● Report captured "unusual" headers.
● Provide interactive status updates, pause functionality, and allow changes to verbosity settings.
● Save full request/response details for positive tests.
● Replay saved positive requests.
● Set a maximum execution time per target.
● Automatically pause scans at a specified time.
● Check for common "parking" sites.

How To Install Nikto:

To install Nikto on a Linux-based system, you can follow these steps:

1. Update Package Repository: It's a good practice to ensure your package repository is up to date. Run the following command:



2. Install Nikto: Nikto is available in the default repositories of many Linux distributions. You can install it using the package manager. For Debian-based systems like Ubuntu, use:



For Red Hat-based systems like CentOS or Fedora, you can use:


Or for newer versions of Fedora or CentOS:



3. Verify Installation: Once installed, you can verify that Nikto is available by running:



This command should display the help menu for Nikto, confirming that the installation was successful.

Usage: Now you can start using Nikto to scan web servers for vulnerabilities. For example:



Replace with the hostname or IP address of the web server you want to scan.

4. Optional: If you prefer, you can also install Nikto from its source. Here's how to do it:

● Download the Nikto source code from its GitHub repository: Nikto GitHub

● Extract the downloaded archive.

● Navigate to the extracted directory.

● Run Nikto using Perl:


Make sure you have Perl installed on your system before running Nikto from the source.

Following these steps should get Nikto installed and ready for use on your Linux system.

Basic Use of Nikto:

Nikto Help
root@kali:~# nikto -Help

Options:
       -ask+               Whether to ask about submitting updates
                               yes   Ask about each (default)
                               no    Don't ask, don't send
                               auto  Don't ask, just send
       -Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
       -config+            Use this config file
       -Display+           Turn on/off display outputs:
                               1     Show redirects
                               2     Show cookies received
                               3     Show all 200/OK responses
                               4     Show URLs which require authentication
                               D     Debug output
                               E     Display all HTTP errors
                               P     Print progress to STDOUT
                               S     Scrub output of IPs and hostnames
                               V     Verbose output
       -dbcheck            Check database and other key files for syntax errors
       -evasion+           Encoding technique:
                               1     Random URI encoding (non-UTF8)
                               2     Directory self-reference (/./)
                               3     Premature URL ending
                               4     Prepend long random string
                               5     Fake parameter
                               6     TAB as request spacer
                               7     Change the case of the URL
                               8     Use Windows directory separator (\)
                               A     Use a carriage return (0x0d) as a request spacer
                               B     Use binary value 0x0b as a request spacer
        -Format+            Save file (-o) format:
                               csv   Comma-separated-value
                               htm   HTML Format
                               msf+  Log to Metasploit
                               nbe   Nessus NBE format
                               txt   Plain text
                               xml   XML Format
                               (if not specified the format will be taken from the file extension passed to -output)
       -Help               Extended help information
       -host+              Target host
       -IgnoreCode         Ignore Codes--treat as negative responses
       -id+                Host authentication to use, format is id:pass or id:pass:realm
       -key+               Client certificate key file
       -list-plugins       List all available plugins, perform no testing
       -maxtime+           Maximum testing time per host
       -mutate+            Guess additional file names:
                               1     Test all files with all root directories
                               2     Guess for password file names
                               3     Enumerate user names via Apache (/~user type requests)
                               4     Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
                               5     Attempt to brute force sub-domain names, assume that the host name is the parent domain
                               6     Attempt to guess directory names from the supplied dictionary file
       -mutate-options     Provide information for mutates
       -nointeractive      Disables interactive features
       -nolookup           Disables DNS lookups
       -nossl              Disables the use of SSL
       -no404              Disables nikto attempting to guess a 404 page
       -output+            Write output to this file ('.' for auto-name)
       -Pause+             Pause between tests (seconds, integer or float)
       -Plugins+           List of plugins to run (default: ALL)
       -port+              Port to use (default 80)
       -RSAcert+           Client certificate file
       -root+              Prepend root value to all requests, format is /directory
       -Save               Save positive responses to this directory ('.' for auto-name)
       -ssl                Force ssl mode on port
       -Tuning+            Scan tuning:
                               1     Interesting File / Seen in logs
                               2     Misconfiguration / Default File
                               3     Information Disclosure
                               4     Injection (XSS/Script/HTML)
                               5     Remote File Retrieval - Inside Web Root
                               6     Denial of Service
                               7     Remote File Retrieval - Server Wide
                               8     Command Execution / Remote Shell
                               9     SQL Injection
                               0     File Upload
                               a     Authentication Bypass
                               b     Software Identification
                               c     Remote Source Inclusion
                               x     Reverse Tuning Options (i.e., include all except specified)
       -timeout+           Timeout for requests (default 10 seconds)
       -Userdbs            Load only user databases, not the standard databases
                               all   Disable standard dbs and load only user dbs
                               tests Disable only db_tests and load udb_tests
       -until              Run until the specified time or duration
       -update             Update databases and plugins from CIRT.net
       -useproxy           Use the proxy defined in nikto.conf
       -Version            Print plugin and database versions
       -vhost+             Virtual host (for Host header)
                          + requires a value
    


In summary, Nikto serves as a straightforward solution for uncovering potential issues and vulnerabilities within web servers, boasting compatibility even with lower-spec computer systems. One notable benefit lies in its frequent updates, ensuring accurate detection of the latest vulnerabilities. This aspect proves particularly advantageous for remote application testing conducted via command-line protocols such as SSH. Exporting targets to a file, running them through Nikto, and receiving results in a compatible format for other tools is a seamless process. Catering to the needs of security researchers, Nikto offers a versatile platform for exploration and analysis.