Quick Tutorial - Nikto Free Web Vulnerability Scanner
Nikto is an open-source and popular Perl-based web vulnerability scanner among the security community. This tool performs a comprehensive scan of websites for the below items:
- dangerous files and programs on web servers
- check for outdated version of servers
- identify problems in web servers
Nikto generally complete scan in a very short duration. It may not replace commercial web scanner tools like Fortify WebInspect, Burpsuite Professional, etc but definitely one of the scans while performing a security audit of the web application.
You can use the Nikto scanner on Kali Linux which is the most popular operating system among hackers. It is pre-installed on Kali.
Nikto - Help option
Examples
#nikto -host <url>
Download and its Usage
git clone https://github.com/sullo/nikto
./nikto.pl -h http://www.test-site.com perl nikto.pl -h http://www.test-site.com
Advantages of using Nikto
- Able to scan SSL/TLS websites
- Able to save the output in different formats such as plain text, XML, HTML, NBE, or CSV
- Able to identify more subdomains
- Able to identify hidden web pages
- Able to update via command line
- less false positive vulnerabilities
- Able to provide guess vulnerable username and passwords
- Able to authenticate the host via NTLM
- Able to list plugin without performing the test
Conclusion
Nikto is must use web vulnerability scanner. It is lightweight and one of the activities while performing a security audit. If you have not used it yet, I highly recommended doing it so.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.