nikto

Perform a basic Nikto scan against a target host

$ perl nikto.pl [[-h|-host]] [192.168.0.1]

$ perl nikto.pl [[-h|-host]] [192.168.0.1] [[-p|-port]] [443]

$ perl nikto.pl [[-h|-host]] [https://192.168.0.1:443/]

$ perl nikto.pl [[-h|-host]] [192.168.0.1] [[-p|-port]] [80,88,443]

$ perl nikto.pl [[-u|-update]]

nikto [-h target_host] [-H target_file] [options]
nikto -update

-h target_host
    Target host/IP address to scan. Can be a hostname or IP address.

-H target_file
    Scan hosts listed in the specified file, one per line. Useful for batch scanning.

-p ports
    Port(s) to scan. Can be a single port (e.g., '80'), a comma-separated list (e.g., '80,443'), or a range (e.g., '80-88').

-ssl
    Force SSL/HTTPS mode for connections to the target host.

-v
    Verbose output. Use multiple 'v's (e.g., '-vv') for more detailed output.

-C check_type
    Check specific content types. Options include 'all', 'cgi', 'edb' (Exploit-DB), 'user' (user-defined checks), 'dict' (dictionary attacks), 'rf' (remote file checks).

-o output_file
    Output scan results to the specified file.

-F format
    Output file format. Common options are 'htm' (HTML), 'csv' (Comma Separated Values), 'txt' (plain text), 'nbe' (Nessus NBE format), 'xml' (XML).

-T tuning_options
    Tuning options to control the scan. E.g., 'x' for skipping redirects, 'a' for full scan, 'd' for checking only default files.

-useragent string
    Override the default user-agent string sent in HTTP requests.

-evasion techniques
    Specify evasion techniques to use (e.g., '1' for using URL encoding, '2' for premature URL encoding).

-update
    Update the Nikto plugins and database files. It's crucial for keeping Nikto effective.

Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated server versions, and version-specific problems on over 270 server versions. It also checks for misconfigurations like default files or programs that should not be present, and attempts to identify installed web applications and their versions. Nikto can be used to scan for known vulnerabilities and security issues, making it a valuable tool for penetration testers and security professionals. It's often employed in the reconnaissance phase to gather information about a target web server's security posture. Nikto is not a full-fledged vulnerability scanner that exploits findings, but rather an information-gathering tool that points out potential weaknesses. It is a command-line utility, often included in security-focused Linux distributions.

Nikto can be quite noisy and easily detected by Intrusion Detection/Prevention Systems (IDPS) or Web Application Firewalls (WAFs). It may also generate a significant number of false positives, requiring manual verification of reported vulnerabilities. It does not perform exploitation of vulnerabilities; it merely identifies potential weaknesses. Regular updates using the '-update' option are essential for effective scanning, as new vulnerabilities and checks are constantly being added. Always ensure you have explicit permission before scanning any system.

Nikto is typically used in the initial phases of penetration testing or security assessments. It helps security professionals quickly identify low-hanging fruit, common misconfigurations, and outdated software versions that could pose a risk. It's also valuable for auditing one's own web servers to ensure compliance with security best practices.

Nikto is pre-installed on many security-focused Linux distributions, such as Kali Linux and Parrot OS. On other distributions, it can usually be installed via the default package manager, for example:
sudo apt install nikto (Debian/Ubuntu-based)
sudo yum install nikto (Red Hat/CentOS-based)

Nikto was originally developed by Chris Sullo and first released in 2001. It quickly gained popularity within the information security community as a quick and effective web server vulnerability scanner. It has been maintained by CIRT.net (Computer Incident Response Team) and continues to be updated with new checks and features. Its consistent development and inclusion in popular security distributions like Kali Linux have cemented its place as a standard tool for web server security assessments and reconnaissance.

nmap(1), wpscan(1), openvas(1), sqlmap(1)