How to use the command 'nikto' (with examples)
The ’nikto’ command is a web server scanner that performs tests against web servers for multiple items. It is used to identify potential vulnerabilities or weak points in a web server’s configuration. By scanning a target host, ’nikto’ can provide valuable information about any security flaws that may exist.
Use case 1: Perform a basic Nikto scan against a target host
Code:
perl nikto.pl -h 192.168.0.1
Motivation: Performing a basic Nikto scan against a target host is the simplest way to start uncovering security vulnerabilities in a web server. This use case helps users get a quick overview of any potential weaknesses.
Explanation:
perl nikto.pl: This is the command to execute the ’nikto’ script using Perl.-h 192.168.0.1: This specifies the target host IP address to scan.
Example output:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.0.1
+ Target Port: 80
+ Start Time: 2022-01-01 09:00:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Retrieved x-powered-by header: PHP/7.4.3
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
Use case 2: Specify the port number when performing a basic scan
Code:
perl nikto.pl -h 192.168.0.1 -p 443
Motivation: In some cases, web servers may be running on non-standard ports. By specifying the port number, ’nikto’ can scan the desired port directly, allowing users to focus their attention on a specific service.
Explanation:
-p 443: This specifies the port number (443) to scan.
Example output:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.0.1
+ Target Port: 443
+ Start Time: 2022-01-01 09:00:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Retrieved x-powered-by header: PHP/7.4.3
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
Use case 3: Scan ports and protocols with full URL syntax
Code:
perl nikto.pl -h https://192.168.0.1:443/
Motivation: The ’nikto’ command supports full URL syntax, allowing users to specify the target host with the corresponding port and protocol. This use case is especially useful when scanning web servers over HTTPS.
Explanation:
-h https://192.168.0.1:443/: This specifies the target host URL (https://192.168.0.1:443/) to scan.
Example output:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.0.1
+ Target Port: 443
+ Start Time: 2022-01-01 09:00:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Retrieved x-powered-by header: PHP/7.4.3
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
Use case 4: Scan multiple ports in the same scanning session
Code:
perl nikto.pl -h 192.168.0.1 -p 80,88,443
Motivation: By scanning multiple ports in the same scanning session, ’nikto’ can provide a comprehensive analysis of a web server’s security across different port numbers. This use case helps to uncover vulnerabilities that may affect specific services running on different ports.
Explanation:
-p 80,88,443: This specifies multiple port numbers (80, 88, 443) to scan.
Example output:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.0.1
+ Target Ports: 80, 88, 443
+ Start Time: 2022-01-01 09:00:00
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Retrieved x-powered-by header: PHP/7.4.3
+ Apache/2.4.29 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
Use case 5: Update to the latest plugins and databases
Code:
perl nikto.pl -update
Motivation: To stay up to date with the latest security vulnerabilities and tests, it is important to regularly update the ’nikto’ plugins and databases. This use case ensures that ’nikto’ is using the most recent information when performing scans.
Explanation:
-update: This command updates the plugins and databases used by ’nikto'.
Example output:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Updating Nikto plugins...
+ Plugins updated successfully.
Conclusion:
The ’nikto’ command is a powerful web server scanner that can be utilized to identify potential vulnerabilities in web servers. By using different options and arguments, users can perform various types of scans, target specific ports, update plugins, and more. This flexibility makes ’nikto’ a valuable tool for security professionals and system administrators looking to enhance the security of their web servers.
