How to Find Web Server Vulnerabilities With Nikto Scanner


Nikto is an Open Source (GPL) web server scanner which performs complete tests against web servers for numerous items, including more than 6500 possibly risky files/CGIs, checks for outdated versions of more than 1250 servers, and version specific issues on more than 270 servers. It likewise checks for server configuration, for example, the presence of different index files, HTTP server options, and will attempt to recognize installed web servers and software.

Nikto Installation

On Windows :-

  • First download and install perl interpreter.
  • Next download nikto and extract the contents of the archive into a directory.
  • Now run from the command prompt like this.
C:\path\nikto-2.1.5>perl -h

On Linux :-

  • Clone the github repository.
git clone
  • Unpack it with an archive manager tool or use tar or gzip.
cd nikto-master/program

Nikto Features

  • Cgidirs: This option is utilized to check indicated CGI catalogs. Users can filter “none” or “all” to scan all CGI directories or none. An exacting an incentive for a CGI catalog, for example, “/cgi-test/” may likewise be determined (note that a trailing slash is required). On the off chance that this is not specified, all CGI catalogs listed in config.txt will be tried.
  • config: This choice permits the pentester, hacker, or developer to specify an alternative config file to use rather than the config.txt situated in the install directory.
  • Display: One can control the output that Nikto shows. Reference numbers are utilized for specification. Numerous numbers might be used too. The permitted reference numbers can be seen underneath:
  1. – Show redirects
  2. – Show cookies received
  3. – Show every one of the 200/OK responses
  4. – Show URLs which require authentication

D – Debug Output

V – Verbose Output

  • evasion: pentesters, hackers and developers are additionally permitted to specify the Intrusion Detection System technique technique to utilize. This choice likewise permits the utilization of reference numbers to determine the kind of technique. Multiple number references might be utilized:
  1. – Random URI encoding (non-UTF8)
  2. – Directory self-reference (/./)
  3. – Premature URL finishing
  4. – Prepend long random string
  5. – Fake parameter
  6. – TAB as request spacer
  7. – Change the case of the URL
  8. – Use Windows directory separator ()
  • Format: One may require output/results to be saved to a document after a scan. This choice does precisely that. The – o (- output) choice is utilized; be that as it may, if not determined, the default will be taken from the file extension indicated in the – output choice. Legitimate formats are:

csv – for a comma-separated records

htm – for a HTML report

txt – for a text report

xml – for a XML report

  • host: This choice is used to determine host(s) to target for a scan. It very well may be an IP address, hostname, or text file of hosts.
  • id: For sites that require authentication, this alternative is utilized to specify the ID and password to use. The usage format is “id:password”.
  • list-plugins: This option will list all plugins that Nikto can run against targets and afterward will exit without performing a scan. These can be tuned for a session utilizing the – plugins option.

The output format is:

Plugin name

full name – description

  • no404: This choice is utilized to disable 404 (file not found) checking. This decreases the all out number of requests made to the web server and might be ideal while looking at a server over a slow internet connection or an embedded device. Be that as it may, this will generally lead to all the more false positives being found.
  • plugins: This alternative permits one to choose the plugins that will be run on the predetermined targets. A comma-separated list ought to be given which records the names of the plugins. The names can be found by utilizing – list-plugins.

There are two special entries: ALL, which indicates all plugins will be run and NONE, which determines no plugins will be run. The default is ALL.

  • port: This alternative determines the TCP port(s) to target. To test more than one port on the same host, one can specify the list of ports in the – p (- port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-separated list, (i.e., 80,88,90). If not specified, port 80 is used.
  • Pause: This choice can be utilized to keep tests from being blocked by a WAF for appearing to be excessively suspicious. It defines the seconds to delay between each test.
  • timeout: This choice determines the number of seconds to pause. The default timeout is 10 seconds.
  • useproxy: This alternative is utilized if the networks connected with require an proxy. This choice asks Nikto to utilize the HTTP intermediary characterized in the design record.
  • update: This choice updates the plugins and databases directly from

Scanning Websites with Nikto

  • To perform basic scan
nikto -host [Website or IP]
  • To perform scan using proxy
nikto -host [Website or IP] -useproxy proxy

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *