# Nikto

> **Web Server Vulnerability Scanner**

## 📋 Overview

Nikto adalah open-source web server vulnerability scanner yang dikembangkan oleh Chris Sullo dan sekarang dikelola oleh community. Nikto digunakan untuk melakukan comprehensive scanning terhadap web servers dan mengidentifikasi vulnerabilities, misconfigurations, dan security issues.

## 🎯 Key Features

### 🔍 **Comprehensive Scanning**

* **6,700+ Tests** - Extensive vulnerability database
* **Web Server Detection** - Identify server types and versions
* **Vulnerability Detection** - Find known vulnerabilities
* **Configuration Issues** - Detect misconfigurations
* **Security Best Practices** - Check against security standards

### 🗄️ **Server Support**

* **Apache**, **Nginx**, **IIS**, **LiteSpeed**
* **Tomcat**, **Jetty**, **WebLogic**, **WebSphere**
* **Node.js**, **Python**, **Ruby** servers
* **Cloud Services** - AWS S3, Azure Blob, Google Cloud Storage
* **Embedded Devices** - Routers, cameras, IoT devices

### 🔧 **Advanced Features**

* **Proxy Support** - Scan through HTTP proxies
* **SSL/TLS Testing** - Certificate and encryption analysis
* **Authentication** - Basic, NTLM, form-based auth
* **Custom Tests** - User-defined scan plugins
* **Session Management** - Maintain authentication state

### 📊 **Reporting Options**

* **Multiple Formats** - HTML, XML, CSV, TXT
* **Detailed Reports** - Complete vulnerability information
* **Customizable Output** - Configurable report templates
* **Integration Ready** - Import into other security tools

## 🚀 Installation

### Linux Installation

```bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install nikto

# CentOS/RHEL/Fedora
sudo dnf install nikto

# From GitHub (latest version)
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/local/bin/
sudo chmod +x /usr/local/bin/nikto.pl
sudo mkdir -p /usr/local/nikto
sudo cp -r databases /usr/local/nikto/
sudo cp -r plugins /usr/local/nikto/
sudo cp -r templates /usr/local/nikto/
```

### Kali Linux (Pre-installed)

```bash
# Nikto comes pre-installed on Kali Linux
# Update to latest version
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/bin/nikto
sudo chmod +x /usr/bin/nikto
sudo cp -r * /usr/share/nikto/
```

### macOS Installation

```bash
# Using Homebrew
brew install nikto

# From source
git clone https://github.com/sullo/nikto.git
cd nikto
sudo cp nikto.pl /usr/local/bin/nikto
sudo chmod +x /usr/local/bin/nikto
sudo mkdir -p /usr/local/nikto
sudo cp -r databases /usr/local/nikto/
sudo cp -r plugins /usr/local/nikto/
sudo cp -r templates /usr/local/nikto/
```

### Windows Installation

```powershell
# Install Perl (ActivePerl or Strawberry Perl)
# Download from https://www.perl.org/get.html

# Clone Nikto repository
git clone https://github.com/sullo/nikto.git
cd nikto

# Run with Perl interpreter
perl nikto.pl -h https://target.com

# Create batch file for easy execution
# nikto.bat:
# @echo off
# perl "C:\path\to\nikto\nikto.pl" %*
```

### Docker Installation

```bash
# Pull Nikto image
docker pull frapsoft/nikto

# Run basic scan
docker run --rm frapsoft/nikto -h https://target.com

# Run with custom options
docker run --rm frapsoft/nikto -h https://target.com -Tuning 9
```

## 🔧 Basic Usage

### Command Structure

```bash
nikto -h [host] [options]

# Basic syntax
nikto -h https://target.com
nikto -h http://192.168.1.100:8080
```

### Common Commands

```bash
# Basic scan
nikto -h https://target.com

# Scan specific port
nikto -h target.com -p 8080

# Save output to file
nikto -h https://target.com -o report.html -Format htm

# Tuning options
nikto -h https://target.com -Tuning 9

# Use proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080
```

## 🎯 Scanning Options

### Host Options

```bash
# Single host
nikto -h https://target.com

# Multiple hosts from file
nikto -h targets.txt

# Host with specific port
nikto -h target.com -p 443

# Host range
nikto -h 192.168.1.1-192.168.1.254

# CIDR notation
nikto -h 192.168.1.0/24
```

### Port Options

```bash
# Single port
nikto -h target.com -p 80

# Multiple ports
nikto -h target.com -p 80,443,8080

# Port range
nikto -h target.com -p 80-443

# Default ports
nikto -h target.com -p default

# All ports
nikto -h target.com -p all
```

### Output Options

```bash
# HTML report
nikto -h https://target.com -o report.html -Format htm

# XML report
nikto -h https://target.com -o report.xml -Format xml

# CSV report
nikto -h https://target.com -o report.csv -Format csv

# Text report
nikto -h https://target.com -o report.txt -Format txt

# Multiple formats
nikto -h https://target.com -o report.html -Format htm,xml,csv
```

## 🔧 Advanced Configuration

### Tuning Options

```bash
# Available tuning options
nikto -Tuning [0-9,a,b,c]

# Explanation of tuning numbers:
0 - File Upload
1 - Interesting File / Seen in logs
2 - Misconfiguration / Default File
3 - Information Disclosure
4 - Injection (XSS/Script/HTML)
5 - Remote File Retrieval
6 - Denial of Service
7 - Remote File Inclusion
8 - Command Execution / Backdoor
9 - SQL Injection

# Letter options:
a - Authentication Bypass
b - Software Identification
c - Remote Source Code Inclusion

# Example usage:
nikto -h https://target.com -Tuning 9  # SQL injection tests only
nikto -h https://target.com -Tuning 8,9  # Command execution and SQL injection
nikto -h https://target.com -Tuning x  # All tests (default)
```

### Authentication

```bash
# Basic authentication
nikto -h https://target.com -id user:pass

# Form-based authentication
nikto -h https://target.com -id user:pass -form "username_field:password_field"

# NTLM authentication
nikto -h https://target.com -id domain\\user:pass

# Cookie authentication
nikto -h https://target.com -cookie "session=abc123; user=admin"
```

### Proxy Configuration

```bash
# Use HTTP proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080

# Use proxy with authentication
nikto -h https://target.com -useproxy http://user:pass@127.0.0.1:8080

# SOCKS proxy
nikto -h https://target.com -useproxy socks://127.0.0.1:1080
```

## 📊 Customization and Plugins

### Database Updates

```bash
# Update Nikto databases
nikto -update

# Manual database update
cd /usr/local/nikto
git pull origin master

# Check database version
nikto -Version
```

### Custom Plugins

```bash
# Use custom plugin directory
nikto -h https://target.com -plugins /path/to/custom/plugins/

# List available plugins
nikto -list-plugins

# Disable specific plugins
nikto -h https://target.com -Plugins "-plugin_name"

# Use specific plugin only
nikto -h https://target.com -Plugins "+plugin_name"
```

### User-Agent Customization

```bash
# Custom User-Agent
nikto -h https://target.com -useragent "Custom Scanner 1.0"

# Random User-Agent
nikto -h https://target.com -useragent rand

# Use mobile User-Agent
nikto -h https://target.com -useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)"
```

## 🎯 Common Use Cases

### 1. **Basic Web Server Scan**

```bash
# Comprehensive scan of a web server
nikto -h https://example.com -o scan_report.html -Format htm

# Scan specific port
nikto -h example.com -p 8080 -o port_8080_scan.txt

# Scan with all tuning options
nikto -h https://example.com -Tuning x -o full_scan.xml -Format xml
```

### 2. **Authenticated Scanning**

```bash
# Scan authenticated application
nikto -h https://app.example.com -id admin:password -o auth_scan.html -Format htm

# Form-based authentication
nikto -h https://app.example.com -id user:pass -form "username:password" -o form_auth.html -Format htm

# Cookie-based authentication
nikto -h https://app.example.com -cookie "JSESSIONID=ABC123; CSRF_TOKEN=XYZ789" -o cookie_auth.html -Format htm
```

### 3. **Proxy-Based Scanning**

```bash
# Scan through Burp Suite proxy
nikto -h https://target.com -useproxy http://127.0.0.1:8080 -o burp_scan.html -Format htm

# Scan through corporate proxy
nikto -h https://external.com -useproxy http://proxy.company.com:8080 -id user:pass -o external_scan.html -Format htm
```

### 4. **Targeted Testing**

```bash
# SQL injection testing only
nikto -h https://target.com -Tuning 9 -o sqli_test.txt

# XSS testing only
nikto -h https://target.com -Tuning 4 -o xss_test.txt

# Command execution testing
nikto -h https://target.com -Tuning 8 -o cmd_exec_test.txt

# File upload testing
nikto -h https://target.com -Tuning 0 -o file_upload_test.txt
```

### 5. **Batch Scanning**

```bash
# Create targets file (targets.txt)
https://site1.com
https://site2.com
https://site3.com

# Scan multiple targets
nikto -h targets.txt -o batch_scan.html -Format htm

# Scan with custom options
nikto -h targets.txt -Tuning 9 -o sqli_batch_scan.txt
```

## 📈 Report Analysis

### Understanding Report Format

```html
<!-- Sample HTML Report Structure -->
<html>
<head><title>Nikto Scan Report</title></head>
<body>
<h1>Target: https://example.com</h1>
<h2>Server: Apache/2.4.41</h2>
<h3>Vulnerabilities Found:</h3>
<ul>
<li>+ /admin/ - Directory listing found</li>
<li>- /backup.sql - Potential database backup file</li>
<li>! /login.php - Form with potential XSS</li>
</ul>
</body>
</html>

<!-- Legend:
+ = Positive finding
- = Negative finding
! = Informational note
```

### Critical Findings Analysis

```bash
# High priority findings to investigate:
# 1. Directory listing enabled
# 2. Default/backup files present
# 3. Server version disclosure
# 4. Potential XSS vulnerabilities
# 5. SQL injection points
# 6. File upload capabilities
# 7. Administrative interfaces
# 8. Configuration files exposed
```

### Report Customization

```bash
# Custom report template
nikto -h https://target.com -o custom_report.html -Format htm -template /path/to/template.tmpl

# Multiple output formats
nikto -h https://target.com -o report -Format htm,xml,csv

# Timestamped reports
nikto -h https://target.com -o "scan_$(date +%Y%m%d_%H%M%S).html" -Format htm
```

## 🔧 Integration and Automation

### Bash Automation

```bash
#!/bin/bash
# Automated Nikto scanning script

TARGETS_FILE="targets.txt"
OUTPUT_DIR="nikto_results"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $OUTPUT_DIR/$DATE

# Read targets and scan
while read -r target; do
    echo "Scanning: $target"
    filename=$(echo "$target" | sed 's|https\?://||g' | tr '/' '_')
    nikto -h "$target" -o "$OUTPUT_DIR/$DATE/${filename}_${DATE}.html" -Format htm
done < "$TARGETS_FILE"

echo "Scan completed. Results saved to: $OUTPUT_DIR/$DATE"
```

### Python Integration

```python
#!/usr/bin/env python3
# Python script to automate Nikto scanning

import subprocess
import os
import datetime

def run_nikto(target, output_dir):
    """Run Nikto scan on target"""
    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
    filename = f"{target.replace('https://', '').replace('http://', '').replace('/', '_')}_{timestamp}.html"
    output_path = os.path.join(output_dir, filename)

    command = f"nikto -h {target} -o {output_path} -Format htm"
    result = subprocess.run(command, shell=True, capture_output=True, text=True)

    return output_path, result.returncode

def main():
    targets = ["https://example1.com", "https://example2.com"]
    output_dir = "nikto_results"

    os.makedirs(output_dir, exist_ok=True)

    for target in targets:
        output_file, returncode = run_nikto(target, output_dir)
        if returncode == 0:
            print(f"Scan completed: {output_file}")
        else:
            print(f"Scan failed for {target}")

if __name__ == "__main__":
    main()
```

### CI/CD Integration

```yaml
# GitHub Actions example
name: Nikto Security Scan
on: [push, pull_request]

jobs:
  nikto-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Nikto
        run: sudo apt-get install nikto
      - name: Run Nikto scan
        run: |
          nikto -h https://your-app.com -o nikto_report.html -Format htm
      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: nikto-report
          path: nikto_report.html
```

## 🎓 Learning Resources

### Official Documentation

* [Nikto Official GitHub](https://github.com/sullo/nikto)
* [Nikto Documentation](https://cirt.net/Nikto2)
* [Nikto User Guide](https://github.com/sullo/nikto/wiki)
* [Vulnerability Database](https://github.com/sullo/nikto/tree/master/databases)

### Training Resources

* [Web Security Testing with Nikto](https://www.tutorialspoint.com/what-is-nikto)
* [Web Application Security Scanning](https://owasp.org/www-project-web-security-testing-guide/)
* [Vulnerability Assessment Best Practices](https://www.sans.org/white-papers/)

### Complementary Tools

* [OWASP ZAP](https://www.zaproxy.org/) - Comprehensive web security testing
* [Burp Suite](https://portswigger.net/burp) - Professional web application security
* [Nmap](https://nmap.org/) - Network scanning and discovery
* [OpenVAS](https://www.openvas.org/) - Vulnerability assessment platform

## 📈 Comparison with Other Tools

| Feature             | Nikto     | OWASP ZAP | Acunetix      | Nessus        |
| ------------------- | --------- | --------- | ------------- | ------------- |
| **Cost**            | 🆓 Free   | 🆓 Free   | 💰 Enterprise | 💰 Enterprise |
| **Scanning Depth**  | 🟡 Medium | ✅ Deep    | ✅ Deep        | ✅ Deep        |
| **Web Application** | ✅         | ✅         | ✅             | Limited       |
| **Authentication**  | ✅         | ✅         | ✅             | Limited       |
| **Customization**   | ✅         | ✅         | Limited       | Limited       |
| **Learning Curve**  | 📚 Easy   | 📚 Medium | 📚 Easy       | 📚 Easy       |
| **Updates**         | Community | Active    | Vendor        | Vendor        |

## 🔧 Troubleshooting

### Common Issues

```bash
# SSL/TLS errors
nikto -h https://target.com -ssl  # Force SSL checking
nikto -h https://target.com -nossl  # Skip SSL checking

# Connection timeouts
nikto -h https://target.com -timeout 60

# Proxy issues
nikto -h https://target.com -useproxy http://proxy:8080 -timeout 120

# Large target scanning
nikto -h https://target.com -maxtime 3600  # 1 hour limit
```

### Performance Optimization

```bash
# Control scan speed
nikto -h https://target.com -evasion 1  # Random URI encoding

# Limit scan time
nikto -h https://target.com -maxtime 1800  # 30 minutes

# Skip certain tests
nikto -h https://target.com -Plugins "-db_tests"

# Use custom user-agent
nikto -h https://target.com -useragent "Googlebot/2.1"
```

### Debug Mode

```bash
# Verbose output
nikto -h https://target.com -debug

# Show HTTP requests
nikto -h https://target.com -dump-requests

# Save debugging information
nikto -h https://target.com -debug -o debug_output.txt
```

## 🛡️ Security and Legal Considerations

### Legal Compliance

* **Authorization**: Only scan systems you own or have permission
* **Rate Limiting**: Avoid overwhelming target systems
* **Scope**: Stay within defined testing boundaries
* **Documentation**: Keep records of authorization

### Best Practices

* **Scan Frequency**: Regular but respectful scanning
* **Impact Assessment**: Understand potential impact of scanning
* **Responsible Disclosure**: Report vulnerabilities ethically
* **Follow-Up**: Track remediation progress

### Network Etiquette

```bash
# Use respectful scanning intervals
nikto -h https://target.com -evasion 8  # Random case sensitivity

# Avoid aggressive scanning patterns
nikto -h https://target.com -maxtime 300  # 5 minute limit

# Respect robots.txt (manual check required)
curl -s https://target.com/robots.txt
```

## 📊 Advanced Usage Examples

### Cloud Storage Scanning

```bash
# AWS S3 bucket scanning
nikto -h https://bucket.s3.amazonaws.com -Tuning 2

# Azure Blob Storage
nikto -h https://account.blob.core.windows.net/container -Tuning 2

# Google Cloud Storage
nikto -h https://storage.googleapis.com/bucket-name -Tuning 2
```

### API Endpoint Testing

```bash
# REST API scanning
nikto -h https://api.example.com/v1 -Tuning 9

# GraphQL endpoint
nikto -h https://api.example.com/graphql -Tuning 4,9

# SOAP web service
nikto -h https://api.example.com/wsdl -Tuning 8
```

### Mobile Application Testing

```bash
# Mobile API backend
nikto -h https://mobile-api.example.com -Tuning x

# Mobile web application
nikto -h https://m.example.com -useragent "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)"

# Progressive Web App
nikto -h https://pwa.example.com -Tuning 4,6
```

***

**⚠️ Legal Notice**: Nikto should only be used on systems you own or have explicit permission to test. Unauthorized web scanning may violate computer crime laws and network policies.

**⚡ Pro Tip**: Always review Nikto findings manually to confirm vulnerabilities and avoid false positives. Combine Nikto with other security tools for comprehensive testing.

*📅 Last Updated: 2024*