Nikto is an Open Source web security scanner that helps identify potential
vulnerabilities in web servers. Written in Perl, it is designed to quickly
scan a web server and provide a comprehensive report of any security issues it
finds.
One of Nikto's key features is its ability to scan for outdated versions of
server software. It maintains a database of over 1200 server versions and can
detect if a server is running an outdated version that may be vulnerable to
attacks. Additionally, Nikto can detect problems with specific version details
of over 200 servers, allowing administrators to address these issues before
they are exploited.
Another useful feature of Nikto is its ability to fingerprint servers using
favicon.ico files. By analyzing the favicon.ico file present on a server,
Nikto can determine the type and version of the server software running,
providing valuable information to administrators.
Unlike some other security tools, Nikto is not designed to be a stealth tool.
It is meant to be fast and time-efficient, allowing administrators to quickly
scan their servers for vulnerabilities. However, this means that a web admin
can easily detect if their server is being scanned by Nikto by looking at the
server's log files.
In addition to identifying security vulnerabilities, Nikto can also show items
that do not have security problems but are informational only. This
information can help administrators take full advantage of Nikto's
capabilities to secure their web servers more effectively.
Key Features:
- SSL Support: Nikto offers full support for SSL, ensuring secure communication with the server.
- Sub-domain Discovery: It can find sub-domains associated with a website, providing a more comprehensive view of the server's security posture.
- HTTP Proxy Support: Nikto supports full HTTP proxy, enabling scanning through a proxy server, which can be useful for testing servers behind a firewall.
- Outdated Component Reporting: Nikto can report on outdated components of a server, helping administrators identify and update vulnerable software.
- Multiple Output Formats: Results can be saved in various formats, such as XML or CSV, making it easy to share and analyze scan results.
- Username Guessing: Nikto can attempt to guess usernames on the server, which can be useful for testing password strength.
- Software Details: It provides details of installed software on the server, helping administrators identify and address security vulnerabilities.
- Nmap Integration: Nikto can use an Nmap file as input to scan ports on a web server, allowing for more comprehensive security testing.
- Dictionary Attack: Nikto can perform a dictionary attack to crack passwords, helping administrators identify weak passwords.
- Easy Updates: Nikto can be easily updated to ensure it has the latest vulnerability checks, keeping it effective against the latest threats.
Installing Nikto on Linux:
To install Nikto on Linux, follow these steps:
1. Clone the Nikto repository:
git clone https://github.com/sullo/nikto.git
2. Navigate to the Nikto program directory:
cd nikto/program
3. Run Nikto:
perl nikto.pl
How to Use Nikto:
Display Help Menu:
perl nikto.pl -H
|
| (Shows the help menu) |
Scan a Website:
perl nikto.pl -host https://www.example.com/
For example, enter the below command to scan webscantest website
perl nikto.pl -host https://www.webscantest.com/
|
| (Scans a specific website) |
Overall, Nikto is a powerful tool for identifying and addressing security
vulnerabilities in web servers. Its ease of use and comprehensive reporting
make it an invaluable tool for any web administrator looking to secure their
servers against cyber attacks.
Disclaimer: The information provided here is for educational purposes only. The use of Nikto or any other security tool for scanning or testing without proper authorization from the target system owner may be illegal. Always ensure you have permission before conducting any security testing. Use these tools responsibly and in accordance with applicable laws and regulations.
Leave a comment below if you have any problem accoding to Nikto