Nikto Web Vulnerability Scanner

Websites are a critical part of almost every business or organization in the world. From your nearby florist to
global brands, almost everyone uses a website as part of their branding.

Unfortunately, websites are also one of the most unsecured gateways through which an attacker can exploit your
company.

Since most websites are not backed by strong technical teams, it is important to understand website and web
application security to protect your organization.

Nikto can perform comprehensive tests against web servers for multiple security threats, including over 6700
potentially dangerous files/programs. Nikto can also perform checks for outdated web servers software, and
version-specific problems.

Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs,
outdated server software and other problems. It performs generic and server type specific checks. It also
captures and prints any cookies received.

Here are some of the cool things that Nikto can do:
 Find SQL injection, XSS, and other common vulnerabilities

 Identify installed software (via headers, favicons, and files)

 Guess subdomains

 Includes support for SSL (HTTPS) websites

 Saves reports in plain text, XML, HTML or CSV

 “Fish” for content on web servers

 Report unusual headers

 Check for server configuration items like multiple index files, HTTP server options, and so on

 Has full HTTP proxy support

 Guess credentials for authorization (including many default username/password combinations)

 Is configured with a template engine to easily customize reports

 Exports to Metasploit

Open source
How to Scan a Domain with SSL Enabled
For domains with HTTPS enabled, you have to specify the -ssl flag to scan port 443:
> nikto -h https://nmap.org -ssl

How to Scan an IP Address

Sometimes you just want to scan an IP address where a web server is hosted.

To do that, use the same -h flag you used for domain scanning:

> nikto -h 45.33.32.156
 Nikto IP Address Scan

How to Scan Multiple IP Addresses From a Text File

To scan multiple IP addresses or domains, just put them in a text file separated by newlines. Nikto will know
that the scan has to be performed on each domain / IP address.

Let's assume we have a file named domains.txt with two domain names:

 scanme.nmap.org

 nmap.org.
To scan both of them with Nikto, run the following command:

> nikto -h domains.txt

Nikto will start scanning the domains one after the other:

Nikto Multi Domain Scan

How to Export Scan Results

Nikto scans take a while to complete. When you are a professional pen-tester, you don't want to repeat scans
very often unless there are major changes to the web application.

To export a scan result, use the -o flag followed by the file name:

> nikto -h scanme.nmap.org -o scan.txt
You can also use the -Format flag to specify an output format. You can choose from CSV, HTML, nbe
(Nessus format), SQL, txt, and XML:
> nikto -h scanme.nmap.org -o scan.csv -Format csv

Nikto Output formats