🔍Nikto

Web Server Vulnerability Scanner

📋 Overview

Nikto adalah open-source web server vulnerability scanner yang dikembangkan oleh Chris Sullo dan sekarang dikelola oleh community. Nikto digunakan untuk melakukan comprehensive scanning terhadap web servers dan mengidentifikasi vulnerabilities, misconfigurations, dan security issues.

🎯 Key Features

🔍 Comprehensive Scanning

6,700+ Tests - Extensive vulnerability database
Web Server Detection - Identify server types and versions
Vulnerability Detection - Find known vulnerabilities
Configuration Issues - Detect misconfigurations
Security Best Practices - Check against security standards

🗄️ Server Support

Apache, Nginx, IIS, LiteSpeed
Tomcat, Jetty, WebLogic, WebSphere
Node.js, Python, Ruby servers
Cloud Services - AWS S3, Azure Blob, Google Cloud Storage
Embedded Devices - Routers, cameras, IoT devices

🔧 Advanced Features

Proxy Support - Scan through HTTP proxies
SSL/TLS Testing - Certificate and encryption analysis
Authentication - Basic, NTLM, form-based auth
Custom Tests - User-defined scan plugins
Session Management - Maintain authentication state

📊 Reporting Options

Multiple Formats - HTML, XML, CSV, TXT
Detailed Reports - Complete vulnerability information
Customizable Output - Configurable report templates
Integration Ready - Import into other security tools

🚀 Installation

Linux Installation

# Ubuntu/Debian
sudo apt-get update
sudo apt-get install nikto

# CentOS/RHEL/Fedora
sudo dnf install nikto

# From GitHub (latest version)
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/local/bin/
sudo chmod +x /usr/local/bin/nikto.pl
sudo mkdir -p /usr/local/nikto
sudo cp -r databases /usr/local/nikto/
sudo cp -r plugins /usr/local/nikto/
sudo cp -r templates /usr/local/nikto/

Kali Linux (Pre-installed)

# Nikto comes pre-installed on Kali Linux
# Update to latest version
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/bin/nikto
sudo chmod +x /usr/bin/nikto
sudo cp -r * /usr/share/nikto/

macOS Installation

# Using Homebrew
brew install nikto

# From source
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/local/bin/nikto
sudo chmod +x /usr/local/bin/nikto
sudo mkdir -p /usr/local/nikto
sudo cp -r databases /usr/local/nikto/
sudo cp -r plugins /usr/local/nikto/
sudo cp -r templates /usr/local/nikto/

Windows Installation

# Install Perl (ActivePerl or Strawberry Perl)
# Download from https://www.perl.org/get.html

# Clone Nikto repository
git clone https://github.com/sullo/nikto.git
cd nikto

# Run with Perl interpreter
perl nikto.pl -h https://target.com

# Create batch file for easy execution
# nikto.bat:
# @echo off
# perl "C:\path\to\nikto\nikto.pl" %*

Docker Installation

# Pull Nikto image
docker pull frapsoft/nikto

# Run basic scan
docker run --rm frapsoft/nikto -h https://target.com

# Run with custom options
docker run --rm frapsoft/nikto -h https://target.com -Tuning 9

🔧 Basic Usage

Command Structure

nikto -h [host] [options]

# Basic syntax
nikto -h https://target.com
nikto -h http://192.168.1.100:8080

Common Commands

# Basic scan
nikto -h https://target.com

# Scan specific port
nikto -h target.com -p 8080

# Save output to file
nikto -h https://target.com -o report.html -Format htm

# Tuning options
nikto -h https://target.com -Tuning 9

# Use proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080

🎯 Scanning Options

Host Options

# Single host
nikto -h https://target.com

# Multiple hosts from file
nikto -h targets.txt

# Host with specific port
nikto -h target.com -p 443

# Host range
nikto -h 192.168.1.1-192.168.1.254

# CIDR notation
nikto -h 192.168.1.0/24

Port Options

# Single port
nikto -h target.com -p 80

# Multiple ports
nikto -h target.com -p 80,443,8080

# Port range
nikto -h target.com -p 80-443

# Default ports
nikto -h target.com -p default

# All ports
nikto -h target.com -p all

Output Options

# HTML report
nikto -h https://target.com -o report.html -Format htm

# XML report
nikto -h https://target.com -o report.xml -Format xml

# CSV report
nikto -h https://target.com -o report.csv -Format csv

# Text report
nikto -h https://target.com -o report.txt -Format txt

# Multiple formats
nikto -h https://target.com -o report.html -Format htm,xml,csv

🔧 Advanced Configuration

Tuning Options

# Available tuning options
nikto -Tuning [0-9,a,b,c]

# Explanation of tuning numbers:
0 - File Upload
1 - Interesting File / Seen in logs
2 - Misconfiguration / Default File
3 - Information Disclosure
4 - Injection (XSS/Script/HTML)
5 - Remote File Retrieval
6 - Denial of Service
7 - Remote File Inclusion
8 - Command Execution / Backdoor
9 - SQL Injection

# Letter options:
a - Authentication Bypass
b - Software Identification
c - Remote Source Code Inclusion

# Example usage:
nikto -h https://target.com -Tuning 9  # SQL injection tests only
nikto -h https://target.com -Tuning 8,9  # Command execution and SQL injection
nikto -h https://target.com -Tuning x  # All tests (default)

Authentication

# Basic authentication
nikto -h https://target.com -id user:pass

# Form-based authentication
nikto -h https://target.com -id user:pass -form "username_field:password_field"

# NTLM authentication
nikto -h https://target.com -id domain\\user:pass

# Cookie authentication
nikto -h https://target.com -cookie "session=abc123; user=admin"

Proxy Configuration

# Use HTTP proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080

# Use proxy with authentication
nikto -h https://target.com -useproxy http://user:pass@127.0.0.1:8080

# SOCKS proxy
nikto -h https://target.com -useproxy socks://127.0.0.1:1080

📊 Customization and Plugins

Database Updates

# Update Nikto databases
nikto -update

# Manual database update
cd /usr/local/nikto
git pull origin master

# Check database version
nikto -Version

Custom Plugins

# Use custom plugin directory
nikto -h https://target.com -plugins /path/to/custom/plugins/

# List available plugins
nikto -list-plugins

# Disable specific plugins
nikto -h https://target.com -Plugins "-plugin_name"

# Use specific plugin only
nikto -h https://target.com -Plugins "+plugin_name"

User-Agent Customization

# Custom User-Agent
nikto -h https://target.com -useragent "Custom Scanner 1.0"

# Random User-Agent
nikto -h https://target.com -useragent rand

# Use mobile User-Agent
nikto -h https://target.com -useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)"

🎯 Common Use Cases

1. Basic Web Server Scan

# Comprehensive scan of a web server
nikto -h https://example.com -o scan_report.html -Format htm

# Scan specific port
nikto -h example.com -p 8080 -o port_8080_scan.txt

# Scan with all tuning options
nikto -h https://example.com -Tuning x -o full_scan.xml -Format xml

2. Authenticated Scanning

# Scan authenticated application
nikto -h https://app.example.com -id admin:password -o auth_scan.html -Format htm

# Form-based authentication
nikto -h https://app.example.com -id user:pass -form "username:password" -o form_auth.html -Format htm

# Cookie-based authentication
nikto -h https://app.example.com -cookie "JSESSIONID=ABC123; CSRF_TOKEN=XYZ789" -o cookie_auth.html -Format htm

3. Proxy-Based Scanning

# Scan through Burp Suite proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080 -o burp_scan.html -Format htm

# Scan through corporate proxy
nikto -h https://external.com -useproxy http://proxy.company.com:8080 -id user:pass -o external_scan.html -Format htm

4. Targeted Testing

# SQL injection testing only
nikto -h https://target.com -Tuning 9 -o sqli_test.txt

# XSS testing only
nikto -h https://target.com -Tuning 4 -o xss_test.txt

# Command execution testing
nikto -h https://target.com -Tuning 8 -o cmd_exec_test.txt

# File upload testing
nikto -h https://target.com -Tuning 0 -o file_upload_test.txt

5. Batch Scanning

# Create targets file (targets.txt)
https://site1.com
https://site2.com
https://site3.com

# Scan multiple targets
nikto -h targets.txt -o batch_scan.html -Format htm

# Scan with custom options
nikto -h targets.txt -Tuning 9 -o sqli_batch_scan.txt

📈 Report Analysis

Understanding Report Format

<!-- Sample HTML Report Structure -->
<html>
<head><title>Nikto Scan Report</title></head>
<body>
<h1>Target: https://example.com</h1>
<h2>Server: Apache/2.4.41</h2>
<h3>Vulnerabilities Found:</h3>
<ul>
<li>+ /admin/ - Directory listing found</li>
<li>- /backup.sql - Potential database backup file</li>
<li>! /login.php - Form with potential XSS</li>
</ul>
</body>
</html>

<!-- Legend:
+ = Positive finding
- = Negative finding
! = Informational note

Critical Findings Analysis

# High priority findings to investigate:
# 1. Directory listing enabled
# 2. Default/backup files present
# 3. Server version disclosure
# 4. Potential XSS vulnerabilities
# 5. SQL injection points
# 6. File upload capabilities
# 7. Administrative interfaces
# 8. Configuration files exposed

Report Customization

# Custom report template
nikto -h https://target.com -o custom_report.html -Format htm -template /path/to/template.tmpl

# Multiple output formats
nikto -h https://target.com -o report -Format htm,xml,csv

# Timestamped reports
nikto -h https://target.com -o "scan_$(date +%Y%m%d_%H%M%S).html" -Format htm

🔧 Integration and Automation

Bash Automation

#!/bin/bash
# Automated Nikto scanning script

TARGETS_FILE="targets.txt"
OUTPUT_DIR="nikto_results"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $OUTPUT_DIR/$DATE

# Read targets and scan
while read -r target; do
    echo "Scanning: $target"
    filename=$(echo "$target" | sed 's|https\?://||g' | tr '/' '_')
    nikto -h "$target" -o "$OUTPUT_DIR/$DATE/${filename}_${DATE}.html" -Format htm
done < "$TARGETS_FILE"

echo "Scan completed. Results saved to: $OUTPUT_DIR/$DATE"

Python Integration

#!/usr/bin/env python3
# Python script to automate Nikto scanning

import subprocess
import os
import datetime

def run_nikto(target, output_dir):
    """Run Nikto scan on target"""
    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
    filename = f"{target.replace('https://', '').replace('http://', '').replace('/', '_')}_{timestamp}.html"
    output_path = os.path.join(output_dir, filename)

    command = f"nikto -h {target} -o {output_path} -Format htm"
    result = subprocess.run(command, shell=True, capture_output=True, text=True)

    return output_path, result.returncode

def main():
    targets = ["https://example1.com", "https://example2.com"]
    output_dir = "nikto_results"

    os.makedirs(output_dir, exist_ok=True)

    for target in targets:
        output_file, returncode = run_nikto(target, output_dir)
        if returncode == 0:
            print(f"Scan completed: {output_file}")
        else:
            print(f"Scan failed for {target}")

if __name__ == "__main__":
    main()

CI/CD Integration

# GitHub Actions example
name: Nikto Security Scan
on: [push, pull_request]

jobs:
  nikto-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Nikto
        run: sudo apt-get install nikto
      - name: Run Nikto scan
        run: |
          nikto -h https://your-app.com -o nikto_report.html -Format htm
      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: nikto-report
          path: nikto_report.html

🎓 Learning Resources

Official Documentation

Training Resources

Complementary Tools

OWASP ZAP - Comprehensive web security testing
Burp Suite - Professional web application security
Nmap - Network scanning and discovery
OpenVAS - Vulnerability assessment platform

📈 Comparison with Other Tools

Feature

Nikto

OWASP ZAP

Acunetix

Nessus

Cost

🆓 Free

💰 Enterprise

Scanning Depth

🟡 Medium

✅ Deep

Web Application

✅

Limited

Authentication

✅

Limited

Customization

✅

Limited

Learning Curve

📚 Easy

📚 Medium

📚 Easy

Updates

Community

Active

Vendor

🔧 Troubleshooting

Common Issues

# SSL/TLS errors
nikto -h https://target.com -ssl  # Force SSL checking
nikto -h https://target.com -nossl  # Skip SSL checking

# Connection timeouts
nikto -h https://target.com -timeout 60

# Proxy issues
nikto -h https://target.com -useproxy http://proxy:8080 -timeout 120

# Large target scanning
nikto -h https://target.com -maxtime 3600  # 1 hour limit

Performance Optimization

# Control scan speed
nikto -h https://target.com -evasion 1  # Random URI encoding

# Limit scan time
nikto -h https://target.com -maxtime 1800  # 30 minutes

# Skip certain tests
nikto -h https://target.com -Plugins "-db_tests"

# Use custom user-agent
nikto -h https://target.com -useragent "Googlebot/2.1"

Debug Mode

# Verbose output
nikto -h https://target.com -debug

# Show HTTP requests
nikto -h https://target.com -dump-requests

# Save debugging information
nikto -h https://target.com -debug -o debug_output.txt

🛡️ Security and Legal Considerations

Legal Compliance

Authorization: Only scan systems you own or have permission
Rate Limiting: Avoid overwhelming target systems
Scope: Stay within defined testing boundaries
Documentation: Keep records of authorization

Best Practices

Scan Frequency: Regular but respectful scanning
Impact Assessment: Understand potential impact of scanning
Responsible Disclosure: Report vulnerabilities ethically
Follow-Up: Track remediation progress

Network Etiquette

# Use respectful scanning intervals
nikto -h https://target.com -evasion 8  # Random case sensitivity

# Avoid aggressive scanning patterns
nikto -h https://target.com -maxtime 300  # 5 minute limit

# Respect robots.txt (manual check required)
curl -s https://target.com/robots.txt

📊 Advanced Usage Examples

Cloud Storage Scanning

# AWS S3 bucket scanning
nikto -h https://bucket.s3.amazonaws.com -Tuning 2

# Azure Blob Storage
nikto -h https://account.blob.core.windows.net/container -Tuning 2

# Google Cloud Storage
nikto -h https://storage.googleapis.com/bucket-name -Tuning 2

API Endpoint Testing

# REST API scanning
nikto -h https://api.example.com/v1 -Tuning 9

# GraphQL endpoint
nikto -h https://api.example.com/graphql -Tuning 4,9

# SOAP web service
nikto -h https://api.example.com/wsdl -Tuning 8

Mobile Application Testing

# Mobile API backend
nikto -h https://mobile-api.example.com -Tuning x

# Mobile web application
nikto -h https://m.example.com -useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)"

# Progressive Web App
nikto -h https://pwa.example.com -Tuning 4,6

⚠️ Legal Notice: Nikto should only be used on systems you own or have explicit permission to test. Unauthorized web scanning may violate computer crime laws and network policies.

⚡ Pro Tip: Always review Nikto findings manually to confirm vulnerabilities and avoid false positives. Combine Nikto with other security tools for comprehensive testing.

📅 Last Updated: 2024

Last updated 5 months ago

hashtag📋 Overview

hashtag🎯 Key Features

hashtag🔍 Comprehensive Scanning

hashtag🗄️ Server Support

hashtag🔧 Advanced Features

hashtag📊 Reporting Options

hashtag🚀 Installation

hashtagLinux Installation

hashtagKali Linux (Pre-installed)

hashtagmacOS Installation

hashtagWindows Installation

hashtagDocker Installation

hashtag🔧 Basic Usage

hashtagCommand Structure

hashtagCommon Commands

hashtag🎯 Scanning Options

hashtagHost Options

hashtagPort Options

hashtagOutput Options

hashtag🔧 Advanced Configuration

hashtagTuning Options

hashtagAuthentication

hashtagProxy Configuration

hashtag📊 Customization and Plugins

hashtagDatabase Updates

hashtagCustom Plugins

hashtagUser-Agent Customization

hashtag🎯 Common Use Cases

hashtag1. Basic Web Server Scan

hashtag2. Authenticated Scanning

hashtag3. Proxy-Based Scanning

hashtag4. Targeted Testing

hashtag5. Batch Scanning

hashtag📈 Report Analysis

hashtagUnderstanding Report Format

hashtagCritical Findings Analysis

hashtagReport Customization

hashtag🔧 Integration and Automation

hashtagBash Automation

hashtagPython Integration

hashtagCI/CD Integration

hashtag🎓 Learning Resources

hashtagOfficial Documentation

hashtagTraining Resources

hashtagComplementary Tools

hashtag📈 Comparison with Other Tools

hashtag🔧 Troubleshooting

hashtagCommon Issues

hashtagPerformance Optimization

hashtagDebug Mode

hashtag🛡️ Security and Legal Considerations

hashtagLegal Compliance

hashtagBest Practices

hashtagNetwork Etiquette

hashtag📊 Advanced Usage Examples

hashtagCloud Storage Scanning

hashtagAPI Endpoint Testing

hashtagMobile Application Testing

📋 Overview

🎯 Key Features

🔍 Comprehensive Scanning

🗄️ Server Support

🔧 Advanced Features

📊 Reporting Options

🚀 Installation

Linux Installation

Kali Linux (Pre-installed)

macOS Installation

Windows Installation

Docker Installation

🔧 Basic Usage

Command Structure

Common Commands

🎯 Scanning Options

Host Options

Port Options

Output Options

🔧 Advanced Configuration

Tuning Options

Authentication

Proxy Configuration

📊 Customization and Plugins

Database Updates

Custom Plugins

User-Agent Customization

🎯 Common Use Cases

1. Basic Web Server Scan

2. Authenticated Scanning

3. Proxy-Based Scanning

4. Targeted Testing

5. Batch Scanning

📈 Report Analysis

Understanding Report Format

Critical Findings Analysis

Report Customization

🔧 Integration and Automation

Bash Automation

Python Integration

CI/CD Integration

🎓 Learning Resources

Official Documentation

Training Resources

Complementary Tools

📈 Comparison with Other Tools

🔧 Troubleshooting

Common Issues

Performance Optimization

Debug Mode

🛡️ Security and Legal Considerations

Legal Compliance

Best Practices

Network Etiquette

📊 Advanced Usage Examples

Cloud Storage Scanning

API Endpoint Testing

Mobile Application Testing