How to Scan Vulnerabilities of Websites using Nikto in Linux?
Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.
How to install Nikto?
If you are using a Kali Linux machine then Nikto is already pre-installed in it. You can find it under Vulnerability analysis menu or you can just type in the terminal
It will launch an option menu which gives a brief about the tool and how to use it, Which looks like this
If you are using any other machine other than Kali you can install Nikto by using package manager example
pacman -S nikto
apt-get install nikto
or you can simply get the github repository by using wget command and use it:
~ wget https://github.com/sullo/nikto/archive/master.zip . ~ unzip master.zip ~ cd /nikto-master/program
Example For how to use Nikto
Let’s see a very simple example of how to use Nikto in scanning websites for some vulnerability. Use the command:
nikto -h 188.8.131.52
if you are using git hub repository then just navigate to directory and use:
./nikto.pl -h 184.108.40.206
where 220.127.116.11 is scan against the Nginx web server, the scan may take several minutes. You can see the results in the screenshot