Nikto is an open-source web server scanner included in Kali Linux that is used to perform comprehensive testing against web servers. It scans for potential vulnerabilities, misconfigurations, and issues such as outdated software versions, insecure files, and server misconfigurations. Nikto is commonly used during the reconnaissance and vulnerability assessment phases of penetration testing.

Key Features:

• Scans for over 6,700 vulnerabilities in web servers.
• Detects default files and configurations, such as default installations or configuration files that may expose sensitive data.
• Identifies outdated server software and vulnerabilities associated with the specific versions.
• Looks for potentially dangerous files or directories.
• Supports SSL/TLS checks and testing.
• Can perform server-specific vulnerability testing.
• Checks for security-related HTTP headers.

Common Nikto Commands:

nikto -h <target-url>

nikto -h http://example.com

nikto -h <target-url> -ssl

nikto -h https://example.com -ssl

nikto -h <ip-address>

nikto -h <target-url> -o <output-file> -Format <file-format>

nikto -h http://example.com -o scan_results.txt -Format txt

nikto -h <target-url> -Tuning <option>

nikto -h http://example.com -Tuning 9

nikto -h <target-file>

nikto -h targets.txt

nikto -h <target-url> -useproxy http://<proxy-ip>:<port>

nikto -h http://example.com -useproxy http://192.168.1.100:8080

nikto -h <target-url> -nossl

nikto -h <target-url> -Plugins <plugin-name>

nikto -h http://example.com -Plugins headers

nikto -h <target-url> -p <port-number>

nikto -h http://example.com -p 8080

Use Cases:

• Web Vulnerability Scanning: Used to identify security issues such as misconfigurations, weak SSL ciphers, outdated software, and vulnerable scripts.
• Penetration Testing: Helps penetration testers gather information about web server weaknesses as part of the reconnaissance phase.
• Compliance Testing: Ensures web servers meet certain security standards by identifying potential risk.

Nikto is a simple yet effective tool for web server vulnerability scanning, offering detailed insights into potential security risks and misconfigurations on a target website.