Nikto -- Scan Vulnerabilities on Websites

Nikto is an Open Source web  vulnerability scanner which runs in command line. It can perform comprehensive tests against over 6700 potentially dangerous files or programs and checks for outdated versions on 1250 servers, and version specific problems on over 270 servers. Nikto can find vulnerabilities on hosts and web servers. Nikto comes pre-installed with Kali Linux.

Nikto Kali Linux Web vulnerability scanner


To use nikto on our Kali Linux, we fire up our Terminal, and type following commands to check the options in details in nikto:

nikto -H

We can see the detailed options in the following screenshot:

nikto options

Now run this tool against a vulnerable web target. In our case we have run Damn Vulnerable Web Application in our localhost, and we run nikto here.  So we use following command:

nikto -h http://127.0.0.1
This will take some time to complete the scan. Then the result comes like following screenshot:

nikto scan

Here we got the details nikto has find in this web server.

If we want to scan specific tuning then our command will be following:

nikto -h http://127.0.0.1 -Tuning 9
By using this command nikto will tuned for tune number 9. 9 number tune is for SQL Injection. We can see the tuning and other options in the -H (help) menu.


Nikto is an automated tool that find CGI and dangerous files and scan for vulnerabilities.  If we want to save the scan results and analyze later then we type following command:-

nikto -h http://127.0.0.1 -output /root/Desktop/nikto-scans -Format html
This command will save out scanned result in root/Desktop/nikto-scans and the file format will be in html.

nikto output

The HTML file looks like following screenshot:-

nikto scan output


We also can choose output file format as text,XML, NBE or CSV file format.

This is how we can use nikto in Kali Linux to scan for vulnerabilities, bad attackers takes advantage of this vulnerabilities but that will be a crime, searching for vulnerabilities may be crime in some cases.

So we always suggest to make a legal paper of penetration testing permission, and report the admins of the web application, that they can fix it.

Liked our tutorials then follow us on blogger and Twitter and visit our site regularly.
author-img
Kali Linux

Comments

3 comments
Post a Comment
  • chasey marina photo
    chasey marinaMarch 27, 2020 at 5:26 PM

    Really its very useful information that you have shared and thanks for sharing the information with us.
    123.hp.com/dj3755
    123.hp.com/dj3630

    Delete Comment
    • divakarmokal photo
      divakarmokalJuly 30, 2020 at 10:49 PM

      thank you so much sir

      Delete Comment
      • Unknown photo
        UnknownMarch 18, 2021 at 2:50 PM

        Do you have an HP printer it need some software to improve the performance of the hp printer, like WPS pin. These all software are performing differently by respective works like scanning your hp printer performance, identify the printer errors, checking ink cartridge level and also paper struck problems. So you need this type of software contact our website : wps pin

        Delete Comment
        google-playkhamsatmostaqltradent