Beginner's Guide to Linux System Administration

How to Scan Vulnerabilities of Websites using Nikto in Linux?

Last Updated : 03 Jun, 2020

Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.

How to install Nikto?

If you are using a Kali Linux machine then Nikto is already pre-installed in it. You can find it under Vulnerability analysis menu or you can just type in the terminal

nikto -Help

It will launch an option menu which gives a brief about the tool and how to use it, Which looks like this

Nikto help

If you are using any other machine other than Kali you can install Nikto by using package manager example

Arch Linux

pacman -S nikto

Debian

apt-get install nikto

or you can simply get the github repository by using wget command and use it:

~ wget https://github.com/sullo/nikto/archive/master.zip .
~ unzip master.zip
~ cd /nikto-master/program

Example For how to use Nikto

Let’s see a very simple example of how to use Nikto in scanning websites for some vulnerability. Use the command:

nikto -h 128.199.222.244

if you are using git hub repository then just navigate to directory and use:

./nikto.pl -h 128.199.222.244

where 128.199.222.244 is scan against the Nginx web server, the scan may take several minutes. You can see the results in the screenshot

Beginner's Guide to Linux System Administration

M

Madhusudan_Soni

Improve

Article Tags :

Similar Reads

Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux

The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinel

Golismero - Scan Website, Vulnerability Scanning, WEB Server in Kali Linux

Golismero is a free and open-source tool available on GitHub. Golismero is an Open Source Intelligence and Information Gathering Tool based on (OSINT). Golismero is capable of doing everything almost you need for reconnaissance as per your need it can perform reconnaissance easily. Golismero works a

Vulscan - Vulnerability Scanning with Nmap in Kali Linux

Vulscan is a free and open-source tool available on GitHub. Vulscan uses nmap as the main scanner to scan the IP addresses and domains, the easiest and useful tool for reconnaissance of network. Vulscan interface is very similar to Metasploit 1 and Metasploit 2 which makes it easy to use. This tool

What is Vulnerability Scanning in Kali Linux?

To understand vulnerability scanning, it is important to know what is a vulnerability. In the field of Cyber Security, the vulnerability can be defined as the weakness of the computer system which can be exploited by attacking the system to perform unauthorized actions and for gaining unauthorized a

PwnXSS - Automated XSS Vulnerability Scanner Tool in Kali Linux

PwnXSS is a free and open-source tool available on Github. This tool is specially designed to find cross-site scripting. This tool is written in python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable to cross-site scripting(XSS)

Vscan - Vulnerability Scanner Tool Using Nmap And NSE Scripts in Kali Linux

Vscan is a free and open-source tool available on GitHub. Vscan has based nmap scanning techniques, the easiest and useful tool for reconnaissance. Vscan interface is very similar to Metasploit 1 and Metasploit 2. Vscan has its own modules that add additional value to the standard scanner which is n

Dork Scanner â€“ Vulnerable URLs Finder tool in Linux

Getting the relevant results for our search is challenging work on google or on the internet. Being a Technical person we need to perform some advanced search through which we can get relevant results for our search. So this advanced searching process is known as Dorking. We fire up an advanced quer

X Attacker Tool - Website Vulnerability Scanner and Auto Exploiter

XATTACKER tool is an automated approach tool used for scanning and also exploiting the target web applications. XATTACKER tool is developed in the Perl language and it's faster to use. You need to specify the target domain list and the rest of the work is done by the tool. This tool has the capabili

RapidScan â€“ The Multi-Tool Web Vulnerability Scanner in Kali Linux

RapidScan is a free and open-source tool available on GitHub which is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. The RapidScan interface is very similar to Metasploit 1 and Metasploit 2, which provides a command-line interface that you can run on Kal

PHPvuln â€“ Linux Tool to Find Vulnerabilities in PHP Code

PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such safety defects may lead to several regularly exploited attacks. Many vulnerabilities are usually not difficult to fix, but finding them in la