How to Scan Vulnerabilities of Websites using Nikto in Linux?

Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.

How to install Nikto?

If you are using a Kali Linux machine then Nikto is already pre-installed in it. You can find it under Vulnerability analysis menu or you can just type in the terminal

nikto -Help

It will launch an option menu which gives a brief about the tool and how to use it, Which looks like this

If you are using any other machine other than Kali you can install Nikto by using package manager example

Arch Linux

pacman -S nikto

Debian 

apt-get install nikto

or you can simply get the github repository by using wget command and use it:

~ wget https://github.com/sullo/nikto/archive/master.zip .
~ unzip master.zip
~ cd /nikto-master/program

 Example For how to use Nikto

Let’s see a very simple example of how to use Nikto in scanning websites for some vulnerability. Use the command:

nikto -h 128.199.222.244

if you are using git hub repository then just navigate to directory and use:

./nikto.pl -h 128.199.222.244

where 128.199.222.244 is scan against the Nginx web server, the scan may take several minutes. You can see the results in the screenshot