Nikto

Alex Joseph

Nikto Comprehensive Guide & Cheat Sheet

Nikto is a widely used open-source web server scanner designed to identify vulnerabilities, misconfigurations, and security issues in web servers and web applications. This guide provides a thorough overview, including installation, usage, command-line options, best practices, troubleshooting, and more.

1. Background & Features

Nikto is a Perl-based tool that scans web servers for:

  • Over 6,700 potentially dangerous files/programs

  • Outdated versions of 1,250+ servers

  • Version-specific problems on 270+ servers

  • Server configuration issues (e.g., multiple index files, HTTP options)

  • SSL, proxy, and host authentication support

  • Customizable scans and plugin support

  • Integration with other security tools and extensive reporting/logging .

Technical Specs:

  • Runs on any platform with Perl (Linux, Windows, macOS)

  • Command-line interface

  • Built on LibWhisker2 .

2. Installation

Prerequisites

  • Perl (pre-installed on most Linux/macOS; install via Strawberry Perl on Windows)

  • Git (optional, for cloning the repository)

Installation Steps

Linux/macOS

git clone https://github.com/sullo/nikto.git
cd nikto/program
perl nikto.pl -H

Windows

  1. Install Strawberry Perl

  2. Download or clone Nikto as above

  3. Run via Command Prompt:

    perl nikto.pl -H

Note: Always update Nikto after installation:

perl nikto.pl -update

3. Command-Line Options Cheat Sheet

Option
Description
Example

-h <host>

Target host (IP, hostname, or URL)

-h example.com

-p <port>

Target port (default: 80)

-p 8080

-o <file>

Output file

-o results.txt

-Format <format>

Output format: txt, csv, html, xml

-Format html

-T <timeout>

Timeout for requests (seconds)

-T 10

-ssl

Force SSL (HTTPS)

-ssl

-Cgidirs <dirs>

CGI directories to scan (comma-separated)

-Cgidirs /cgi-bin/

-Plugins <plugin>

Specify plugins to use

-Plugins apache_expect_xss

-evasion <tech>

Use evasion techniques (anti-IDS)

-evasion 1

-Tuning <options>

Select test types (see below)

-Tuning 123

-useragent <string>

Set custom User-Agent

-useragent "Mozilla/5.0"

-useproxy

Use proxy (set in config)

-useproxy

-config <file>

Use alternate config file

-config /path/to/nikto.conf

-update

Update plugins and databases

-update

-list-plugins

List available plugins

-list-plugins

-Display <opts>

Control output verbosity (V, D, E, S, I, L, M, A)

-Display V

-Help or -H

Show help

-H

Tuning Options (for -Tuning):

  • 0: File Upload

  • 1: Interesting File / Seen in logs

  • 2: Misconfiguration / Default File

  • 3: Information Disclosure

  • 4: Injection (XSS, SQLi, etc.)

  • 5: Remote File Retrieval

  • 6: Denial of Service

  • 7: Remote File Execution

  • 8: Command Execution

4. Scanning Modes & Configuration

Scanning Modes

  • Standard Scan: Default, comprehensive scan for known vulnerabilities.

  • Tuning: Use -Tuning to focus on specific vulnerability types.

  • Evasion: Use -evasion to attempt bypassing IDS/IPS (not stealthy by default).

  • Custom Plugins: Use -Plugins to load specific vulnerability checks.

Configuration File (nikto.conf)

  • Set default options, proxy, user-agent, etc.

  • Example entries:

    PROXYHOST=127.0.0.1
PROXYPORT=8080
USERAGENT=Mozilla/5.0

5. Common Use Cases

  • Vulnerability Assessment: Identify known vulnerabilities and misconfigurations on web servers.

  • Security Audits: Regularly scan servers for compliance and security posture.

  • Penetration Testing: Use as part of a broader toolkit to simulate attacks.

  • CI/CD Integration: Automate scans in development pipelines to catch issues early .

6. Best Practices

  • Update Regularly: Keep Nikto and its databases up-to-date for latest vulnerability checks.

  • Combine Tools: Use Nikto alongside other scanners (e.g., Nmap, Burp Suite) for comprehensive coverage.

  • Customize Scans: Tailor scans using tuning, plugins, and configuration to reduce noise and false positives.

  • Permission: Always have explicit authorization before scanning any system.

  • Schedule Scans: Run during off-peak hours to minimize impact on production systems.

  • Review Results: Manually verify findings to filter out false positives .

7. Security Considerations & Limitations

  • Not Stealthy: Nikto is easily detected by IDS/IPS and will appear in server logs.

  • False Positives: May report issues that are not exploitable; manual review is necessary.

  • Limited to Known Vulnerabilities: Does not detect zero-days or complex logic flaws.

  • Potential Impact: Scans can be resource-intensive; avoid on sensitive/production systems without planning .

8. Troubleshooting & Community Resources

Common Issues

  • Perl Errors: Ensure Perl is installed and up-to-date.

  • Network Issues: Check connectivity and firewall settings.

  • False Positives: Cross-reference with other tools and manual inspection.

  • Update Failures: Run as administrator/root if permissions are an issue.

Resources

9. Real-World Examples

  • Enterprise: Regularly scheduled scans as part of vulnerability management.

  • Education: Used in cybersecurity courses for hands-on web security training.

  • Open Source Projects: Pre-release scans to ensure web app security .

10. Quick Reference: Example Commands

# Basic scan
perl nikto.pl -h http://example.com

# Scan with custom port and output to HTML
perl nikto.pl -h example.com -p 8080 -o scan.html -Format html

# Use SSL and specific tuning options
perl nikto.pl -h example.com -ssl -Tuning 123

# Use a proxy
perl nikto.pl -h example.com -useproxy

# List available plugins
perl nikto.pl -list-plugins

# Update Nikto
perl nikto.pl -update

11. Summary Table

Task
Command Example

Basic Scan

perl nikto.pl -h example.com

Scan HTTPS

perl nikto.pl -h example.com -ssl

Specify Port

perl nikto.pl -h example.com -p 8443

Output to File (HTML)

perl nikto.pl -h example.com -o out.html -Format html

Use Proxy

perl nikto.pl -h example.com -useproxy

Update Nikto

perl nikto.pl -update

List Plugins

perl nikto.pl -list-plugins

Custom User-Agent

perl nikto.pl -h example.com -useragent "TestAgent"

Tuning (e.g., XSS, Info)

perl nikto.pl -h example.com -Tuning 34

12. Further Reading & Learning

  • Official Documentation & Tutorials: Always refer to the official documentation for the latest features and usage.

  • Community Forums: Engage with the community for troubleshooting and advanced use cases.

  • Security Blogs & YouTube: Find step-by-step guides and real-world demonstrations.

By following this guide and cheat sheet, you can effectively install, configure, and use Nikto for web server vulnerability scanning, while understanding its strengths, limitations, and best practices for secure and responsible use .

PreviousAngry IP ScannerNextSnort

Last updated

Was this helpful?