Nikto is a powerful open-source web server and web application
scanner that helps identify potential security vulnerabilities in websites
and web applications. This guide provides you with a step-by-step
walkthrough of Nikto’s installation, usage, and essential commands.
Remember, always obtain proper authorization before scanning any
system or network.
Installation:
Nikto is written in Perl and can be installed on various operating
systems.
Kali Linux:
Nikto comes preinstalled in the “Vulnerability Analysis” category. You
can run it directly from the terminal.
Other Linux Distros:
Use the package manager to install Nikto:sudo apt install nikto
Nikto Basic Vulnerability Scanning:
- Domain Scan (HTTP):
Scan a domain over HTTP on port 80.nikto -h scanme.nmap.org - Domain Scan (HTTPS):
Scan a domain over HTTPS on port 443.nikto -h https://nmap.org -ssl - IP Address Scan:
Scan a web server hosted on a specific IP address.nikto -h 45.33.32.156 - Multiple Domains from a Text File:
Create a text file (e.g., domains.txt) with domain names or IP
addresses separated by newlines. Then, scan using the file.nikto -h domains.txt
If you want to export Nikto Output then use below command :
- Export Scan Results (Text):
Save scan results in a text file.nikto -h scanme.nmap.org -o scan.txt - Export with Different Formats:
Export results in various formats (CSV, HTML, nbe, SQL, txt, XML).nikto -h scanme.nmap.org -o scan.csv -Format csv