Nikto for Web Server Scanning

Nikto for Web Server Scanning

Official Nikto Documentation

Nikto is a powerful open-source web server scanner used by cybersecurity professionals to assess the security of web servers. It's designed to identify potential vulnerabilities and security issues in web applications. In this section, we'll explore the installation, usage, and common commands for Nikto.

Installation of Nikto

Nikto can be easily installed on various platforms, including Linux, Windows, and macOS. Below are installation instructions for Linux:

  1. Open your terminal.
  2. Install Nikto using the package manager (e.g., apt for Debian-based systems or yum for Red Hat-based systems): 
    sudo apt-get install nikto

Using Nikto

Once Nikto is installed, you can start scanning web servers using the following command:

nikto -h targetwebsite.com

Replace "targetwebsite.com" with the URL of the web server you want to scan.

Common Nikto Commands

Here are some common Nikto commands and options:

  1. Basic Scan: Perform a basic scan on a web server: 
    nikto -h targetwebsite.com
  2. Save Output to a File: Save scan results to a file: 
    nikto -h targetwebsite.com -o scan_report.txt
  3. Use a Specific Port: Scan a web server on a specific port (e.g., 8080): 
    nikto -h targetwebsite.com -p 8080
  4. Disable SSL Checks: Disable SSL certificate checks (use with caution): 
    nikto -h targetwebsite.com -ssl

Nikto Usage Examples

Let's explore some practical examples of using Nikto for web server scanning:

Example 1: Basic Scan

Perform a basic scan on a web server:

nikto -h targetwebsite.com

Example 2: Save Output to File

Save scan results to a file:

nikto -h targetwebsite.com -o scan_report.txt

Example 3: Scan a Specific Port

Scan a web server on a specific port (e.g., 8080):

nikto -h targetwebsite.com -p 8080
← Clickjacking/UI Redressing HTTP Request Smuggling →