Open In App

How to Scan Vulnerabilities of Websites using Nikto in Linux?

Last Updated : 03 Jun, 2020
Comments
Improve
Suggest changes
Like Article
Like
Report
Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.

How to install Nikto?

If you are using a Kali Linux machine then Nikto is already pre-installed in it. You can find it under Vulnerability analysis menu or you can just type in the terminal
nikto -Help
It will launch an option menu which gives a brief about the tool and how to use it, Which looks like this Nikto help If you are using any other machine other than Kali you can install Nikto by using package manager example Arch Linux
pacman -S nikto
Debian 
apt-get install nikto
or you can simply get the github repository by using wget command and use it:
~ wget https://github.com/sullo/nikto/archive/master.zip .
~ unzip master.zip
~ cd /nikto-master/program

 Example For how to use Nikto

Let's see a very simple example of how to use Nikto in scanning websites for some vulnerability. Use the command:
nikto -h 128.199.222.244
if you are using git hub repository then just navigate to directory and use:
./nikto.pl -h 128.199.222.244
where 128.199.222.244 is scan against the Nginx web server, the scan may take several minutes. You can see the results in the screenshot

Next Article
Article Tags :

Similar Reads