What is Nikto and it’s usages ?

Nikto is an Open Source software written in Perl language that is used to scan a web-server for the vulnerability that can be exploited and can compromise the server. It can also check for outdated version details of 1200 server and can detect problems with specific version details of over 200 severs. It can also fingerprint server using favicon.ico files present in the server. It is not designed to be a particularly a stealth tool rather than it is designed to be fast and time-efficient to achieve the task in very little time. Because of this, a web admin can easily detect that its server is being scanned by looking into the log files.
It can also show some items that do not have security problem but are info only which shows how to take full use of it to secure the web-server more properly.

Features:

  • Full support for SSL
  • Finds sub-domain
  • Supports full HTTP Proxy
  • Outdated component report
  • Result saved in multiple format (xml, csv etc)
  • Username guessing
  • Gives details of installed software
  • Takes Nmap file as input to scan port in a web-server.
  • Able to perform dictionary attack.
  • Updated easily

How to install Nikto in Linux:

Step 1: root@kali:~# git clone https://github.com/sullo/nikto.git
Step 2: root@kali:~# cd nikto/program
Step 3: root@kali:~/nikto/program# perl nikto.pl 

Usages:-

  • Help menu: root@kali:~/nikto/program# perl nikto.pl -H
  • Scan a website: root@kali:~/nikto/program# perl nikto.pl -host https://www.webscantest.com/
My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.