1 of 1

Nikto

Alex Joseph

Nikto Comprehensive Guide & Cheat Sheet

Nikto is a widely used open-source web server scanner designed to identify vulnerabilities, misconfigurations, and security issues in web servers and web applications. This guide provides a thorough overview, including installation, usage, command-line options, best practices, troubleshooting, and more.

1. Background & Features

Nikto is a Perl-based tool that scans web servers for:

Over 6,700 potentially dangerous files/programs
Outdated versions of 1,250+ servers
Version-specific problems on 270+ servers
Server configuration issues (e.g., multiple index files, HTTP options)
SSL, proxy, and host authentication support
Customizable scans and plugin support
Integration with other security tools and extensive reporting/logging .

Technical Specs:

Runs on any platform with Perl (Linux, Windows, macOS)
Command-line interface
Built on LibWhisker2 .

2. Installation

Prerequisites

Perl (pre-installed on most Linux/macOS; install via Strawberry Perl on Windows)
Git (optional, for cloning the repository)

Installation Steps

Linux/macOS

git clone https://github.com/sullo/nikto.git
cd nikto/program
perl nikto.pl -H

Windows

Install Strawberry Perl
Download or clone Nikto as above
Run via Command Prompt:
```
perl nikto.pl -H
```

Note: Always update Nikto after installation:

perl nikto.pl -update

3. Command-Line Options Cheat Sheet

Option

Description

Example

-h <host>

Target host (IP, hostname, or URL)

-h example.com

-p <port>

Target port (default: 80)

-p 8080

-o <file>

Output file

-o results.txt

-Format <format>

Output format: txt, csv, html, xml

-Format html

-T <timeout>

Timeout for requests (seconds)

-T 10

-ssl

Force SSL (HTTPS)

-ssl

-Cgidirs <dirs>

CGI directories to scan (comma-separated)

-Cgidirs /cgi-bin/

-Plugins <plugin>

Specify plugins to use

-Plugins apache_expect_xss

-evasion <tech>

Use evasion techniques (anti-IDS)

-evasion 1

-Tuning <options>

Select test types (see below)

-Tuning 123

-useragent <string>

Set custom User-Agent

-useragent "Mozilla/5.0"

-useproxy

Use proxy (set in config)

-useproxy

-config <file>

Use alternate config file

-config /path/to/nikto.conf

-update

Update plugins and databases

-update

-list-plugins

List available plugins

-list-plugins

-Display <opts>

Control output verbosity (V, D, E, S, I, L, M, A)

-Display V

-Help or -H

Show help

-H

Tuning Options (for -Tuning):

0: File Upload
1: Interesting File / Seen in logs
2: Misconfiguration / Default File
3: Information Disclosure
4: Injection (XSS, SQLi, etc.)
5: Remote File Retrieval
6: Denial of Service
7: Remote File Execution
8: Command Execution

4. Scanning Modes & Configuration

Scanning Modes

Standard Scan: Default, comprehensive scan for known vulnerabilities.
Tuning: Use -Tuning to focus on specific vulnerability types.
Evasion: Use -evasion to attempt bypassing IDS/IPS (not stealthy by default).
Custom Plugins: Use -Plugins to load specific vulnerability checks.

Configuration File (`nikto.conf`)

Set default options, proxy, user-agent, etc.

Example entries:

PROXYHOST=127.0.0.1
PROXYPORT=8080
USERAGENT=Mozilla/5.0

5. Common Use Cases

Vulnerability Assessment: Identify known vulnerabilities and misconfigurations on web servers.
Security Audits: Regularly scan servers for compliance and security posture.
Penetration Testing: Use as part of a broader toolkit to simulate attacks.
CI/CD Integration: Automate scans in development pipelines to catch issues early .

6. Best Practices

Update Regularly: Keep Nikto and its databases up-to-date for latest vulnerability checks.
Combine Tools: Use Nikto alongside other scanners (e.g., Nmap, Burp Suite) for comprehensive coverage.
Customize Scans: Tailor scans using tuning, plugins, and configuration to reduce noise and false positives.
Permission: Always have explicit authorization before scanning any system.
Schedule Scans: Run during off-peak hours to minimize impact on production systems.
Review Results: Manually verify findings to filter out false positives .

7. Security Considerations & Limitations

Not Stealthy: Nikto is easily detected by IDS/IPS and will appear in server logs.
False Positives: May report issues that are not exploitable; manual review is necessary.
Limited to Known Vulnerabilities: Does not detect zero-days or complex logic flaws.
Potential Impact: Scans can be resource-intensive; avoid on sensitive/production systems without planning .

8. Troubleshooting & Community Resources

Common Issues

Perl Errors: Ensure Perl is installed and up-to-date.
Network Issues: Check connectivity and firewall settings.
False Positives: Cross-reference with other tools and manual inspection.
Update Failures: Run as administrator/root if permissions are an issue.

Resources

9. Real-World Examples

Enterprise: Regularly scheduled scans as part of vulnerability management.
Education: Used in cybersecurity courses for hands-on web security training.
Open Source Projects: Pre-release scans to ensure web app security .

10. Quick Reference: Example Commands

# Basic scan
perl nikto.pl -h http://example.com

# Scan with custom port and output to HTML
perl nikto.pl -h example.com -p 8080 -o scan.html -Format html

# Use SSL and specific tuning options
perl nikto.pl -h example.com -ssl -Tuning 123

# Use a proxy
perl nikto.pl -h example.com -useproxy

# List available plugins
perl nikto.pl -list-plugins

# Update Nikto
perl nikto.pl -update

11. Summary Table

Task

Command Example

Basic Scan

perl nikto.pl -h example.com

Scan HTTPS

perl nikto.pl -h example.com -ssl

Specify Port

perl nikto.pl -h example.com -p 8443

Output to File (HTML)

perl nikto.pl -h example.com -o out.html -Format html

Use Proxy

perl nikto.pl -h example.com -useproxy

Update Nikto

perl nikto.pl -update

List Plugins

perl nikto.pl -list-plugins

Custom User-Agent

perl nikto.pl -h example.com -useragent "TestAgent"

Tuning (e.g., XSS, Info)

perl nikto.pl -h example.com -Tuning 34

12. Further Reading & Learning

Official Documentation & Tutorials: Always refer to the official documentation for the latest features and usage.
Community Forums: Engage with the community for troubleshooting and advanced use cases.
Security Blogs & YouTube: Find step-by-step guides and real-world demonstrations.

By following this guide and cheat sheet, you can effectively install, configure, and use Nikto for web server vulnerability scanning, while understanding its strengths, limitations, and best practices for secure and responsible use .

Nikto

Alex Joseph

Nikto Comprehensive Guide & Cheat Sheet

1. Background & Features

Nikto is a Perl-based tool that scans web servers for:

Over 6,700 potentially dangerous files/programs
Outdated versions of 1,250+ servers
Version-specific problems on 270+ servers
Server configuration issues (e.g., multiple index files, HTTP options)
SSL, proxy, and host authentication support
Customizable scans and plugin support
Integration with other security tools and extensive reporting/logging .

Technical Specs:

Runs on any platform with Perl (Linux, Windows, macOS)
Command-line interface
Built on LibWhisker2 .

2. Installation

Prerequisites

Perl (pre-installed on most Linux/macOS; install via Strawberry Perl on Windows)
Git (optional, for cloning the repository)

Installation Steps

Linux/macOS

git clone https://github.com/sullo/nikto.git
cd nikto/program
perl nikto.pl -H

Windows

Install Strawberry Perl
Download or clone Nikto as above
Run via Command Prompt:
```
perl nikto.pl -H
```

Note: Always update Nikto after installation:

perl nikto.pl -update

3. Command-Line Options Cheat Sheet

Option

Description

Example

-h <host>

Target host (IP, hostname, or URL)

-h example.com

-p <port>

Target port (default: 80)

-p 8080

-o <file>

Output file

-o results.txt

-Format <format>

Output format: txt, csv, html, xml

-Format html

-T <timeout>

Timeout for requests (seconds)

-T 10

-ssl

Force SSL (HTTPS)

-ssl

-Cgidirs <dirs>

CGI directories to scan (comma-separated)

-Cgidirs /cgi-bin/

-Plugins <plugin>

Specify plugins to use

-Plugins apache_expect_xss

-evasion <tech>

Use evasion techniques (anti-IDS)

-evasion 1

-Tuning <options>

Select test types (see below)

-Tuning 123

-useragent <string>

Set custom User-Agent

-useragent "Mozilla/5.0"

-useproxy

Use proxy (set in config)

-useproxy

-config <file>

Use alternate config file

-config /path/to/nikto.conf

-update

Update plugins and databases

-update

-list-plugins

List available plugins

-list-plugins

-Display <opts>

Control output verbosity (V, D, E, S, I, L, M, A)

-Display V

-Help or -H

Show help

-H

Tuning Options (for -Tuning):

0: File Upload
1: Interesting File / Seen in logs
2: Misconfiguration / Default File
3: Information Disclosure
4: Injection (XSS, SQLi, etc.)
5: Remote File Retrieval
6: Denial of Service
7: Remote File Execution
8: Command Execution

4. Scanning Modes & Configuration

Scanning Modes

Standard Scan: Default, comprehensive scan for known vulnerabilities.
Tuning: Use -Tuning to focus on specific vulnerability types.
Evasion: Use -evasion to attempt bypassing IDS/IPS (not stealthy by default).
Custom Plugins: Use -Plugins to load specific vulnerability checks.

Configuration File (`nikto.conf`)

Set default options, proxy, user-agent, etc.

Example entries:

PROXYHOST=127.0.0.1
PROXYPORT=8080
USERAGENT=Mozilla/5.0

5. Common Use Cases

Vulnerability Assessment: Identify known vulnerabilities and misconfigurations on web servers.
Security Audits: Regularly scan servers for compliance and security posture.
Penetration Testing: Use as part of a broader toolkit to simulate attacks.
CI/CD Integration: Automate scans in development pipelines to catch issues early .

6. Best Practices

Update Regularly: Keep Nikto and its databases up-to-date for latest vulnerability checks.
Combine Tools: Use Nikto alongside other scanners (e.g., Nmap, Burp Suite) for comprehensive coverage.
Customize Scans: Tailor scans using tuning, plugins, and configuration to reduce noise and false positives.
Permission: Always have explicit authorization before scanning any system.
Schedule Scans: Run during off-peak hours to minimize impact on production systems.
Review Results: Manually verify findings to filter out false positives .

7. Security Considerations & Limitations

Not Stealthy: Nikto is easily detected by IDS/IPS and will appear in server logs.
False Positives: May report issues that are not exploitable; manual review is necessary.
Limited to Known Vulnerabilities: Does not detect zero-days or complex logic flaws.
Potential Impact: Scans can be resource-intensive; avoid on sensitive/production systems without planning .

8. Troubleshooting & Community Resources

Common Issues

Perl Errors: Ensure Perl is installed and up-to-date.
Network Issues: Check connectivity and firewall settings.
False Positives: Cross-reference with other tools and manual inspection.
Update Failures: Run as administrator/root if permissions are an issue.

Resources

9. Real-World Examples

Enterprise: Regularly scheduled scans as part of vulnerability management.
Education: Used in cybersecurity courses for hands-on web security training.
Open Source Projects: Pre-release scans to ensure web app security .

10. Quick Reference: Example Commands

# Basic scan
perl nikto.pl -h http://example.com

# Scan with custom port and output to HTML
perl nikto.pl -h example.com -p 8080 -o scan.html -Format html

# Use SSL and specific tuning options
perl nikto.pl -h example.com -ssl -Tuning 123

# Use a proxy
perl nikto.pl -h example.com -useproxy

# List available plugins
perl nikto.pl -list-plugins

# Update Nikto
perl nikto.pl -update

11. Summary Table

Task

Command Example

Basic Scan

perl nikto.pl -h example.com

Scan HTTPS

perl nikto.pl -h example.com -ssl

Specify Port

perl nikto.pl -h example.com -p 8443

Output to File (HTML)

perl nikto.pl -h example.com -o out.html -Format html

Use Proxy

perl nikto.pl -h example.com -useproxy

Update Nikto

perl nikto.pl -update

List Plugins

perl nikto.pl -list-plugins

Custom User-Agent

perl nikto.pl -h example.com -useragent "TestAgent"

Tuning (e.g., XSS, Info)

perl nikto.pl -h example.com -Tuning 34

12. Further Reading & Learning

Official Documentation & Tutorials: Always refer to the official documentation for the latest features and usage.
Community Forums: Engage with the community for troubleshooting and advanced use cases.
Security Blogs & YouTube: Find step-by-step guides and real-world demonstrations.

Nikto

Nikto Comprehensive Guide & Cheat Sheet

1. Background & Features

2. Installation

Prerequisites

Installation Steps

3. Command-Line Options Cheat Sheet

4. Scanning Modes & Configuration

Scanning Modes

Configuration File (nikto.conf)

5. Common Use Cases

6. Best Practices

7. Security Considerations & Limitations

8. Troubleshooting & Community Resources

Common Issues

Resources

9. Real-World Examples

10. Quick Reference: Example Commands

11. Summary Table

12. Further Reading & Learning

Nikto

Nikto Comprehensive Guide & Cheat Sheet

1. Background & Features

2. Installation

Prerequisites

Installation Steps

3. Command-Line Options Cheat Sheet

4. Scanning Modes & Configuration

Scanning Modes

Configuration File (nikto.conf)

5. Common Use Cases

6. Best Practices

7. Security Considerations & Limitations

8. Troubleshooting & Community Resources

Common Issues

Resources

9. Real-World Examples

10. Quick Reference: Example Commands

11. Summary Table

12. Further Reading & Learning

Configuration File (`nikto.conf`)

Configuration File (`nikto.conf`)