How to Scan Web Servers With Nikto

Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous records/CGIs, obsolete server software, and different issues.
It is quite possibly the most normally utilized site vulnerability tool in entrance testing and is viewed as an industry-standard tool. The fundamental motivation behind Nikto is to look at websites and web applications and report back to the analyzer with any weaknesses that can be carried out to hack or exploit the webpage.

Features:

• SSL Support (Unix with OpenSSL or maybe Windows with ActiveState’s
  Perl/NetSSL)
• Full HTTP proxy support
• Checks for outdated server components
• Save reports in plain text, XML, HTML, NBE, or CSV
• Template engine to easily customize reports
• Scan multiple ports on a server, or multiple servers via input file (including Nmap output)
• LibWhisker’s IDS encoding techniques
• Easily updated via command line
• Identifies installed software via headers, favicons, and files
• Host authentication with Basic and NTLM
• Subdomain guessing
• Apache and cgiwrap username enumeration
• Mutation techniques to “fish” for content on web servers
• Scan tuning to include or exclude entire classes of vulnerability
  checks
• Guess credentials for authorization realms (including many default id/pw combos)
• Authorization guessing handles any directory, not just the root
  directory
• Enhanced false positive reduction via multiple methods: headers,
  page content, and content hashing
• Reports “unusual” headers seen
• Interactive status, pause, and changes to verbosity settings
• Save full request/response for positive tests
• Replay saved positive requests
• Maximum execution time per target
• Auto-pause at a specified time
• Checks for common “parking” sites

How to install Nikto?

Step 1: update the system repositories

sudo apt-get update && sudo apt-get upgrade -y

Step 2: Install the Nikto with the following command

sudo apt-get install nikto -y

Step 3: Use “nikto” for start nikto

nikto

How to use Nikto?

nikto –help

Basic Syntax

nikto -h <IP or hostname>

SSL-Enabled Website:
SSL represents Secure Sockets Layer and, to put it plainly, it’s the standard technology for keeping an internet connection secure and protecting any touchy data that is being sent between two ends point, keeping hoodlums from perusing and changing any data moved, including possible individual subtleties.
nikto -h <IP or hostname> –ssl

Scan on IP list

nikto -h IPlist.txt

Home Page:– https://www.cirt.net/Nikto2

About Author

Tinku

See author's posts