What is Nikto and it’s usages ?
Nikto is an Open Source software written in Perl language that is used to scan a web-server for the vulnerability that can be exploited and can compromise the server. It can also check for outdated version details of 1200 server and can detect problems with specific version details of over 200 servers. It can also fingerprint server using favicon.ico files present in the server. It is not designed to be a particularly a stealth tool rather than it is designed to be fast and time-efficient to achieve the task in very little time. Because of this, a web admin can easily detect that its server is being scanned by looking into the log files.
It can also show some items that do not have security problem but are info only which shows how to take full use of it to secure the web-server more properly.
- Full support for SSL
- Finds sub-domain
- Supports full HTTP Proxy
- Outdated component report
- Result saved in multiple format (xml, csv etc)
- Username guessing
- Gives details of installed software
- Takes Nmap file as input to scan port in a web-server.
- Able to perform dictionary attack.
- Updated easily
How to install Nikto in Linux:
Step 1: root@kali:~# git clone https://github.com/sullo/nikto.git Step 2: root@kali:~# cd nikto/program Step 3: root@kali:~/nikto/program# perl nikto.pl
- Help menu: root@kali:~/nikto/program# perl nikto.pl -H
- Scan a website: root@kali:~/nikto/program# perl nikto.pl -host https://www.webscantest.com/