How to install and Use Nikto in Linux

Jul 24, 2016 | 9:15 am

Published by | Chandan Singh

What is Nikto
Nikto is web-server scanner which is open source which can be use to scan the server for malicious file and programs. Using NIKTO we can scan HTTP, HTTPS and HTTPD traffics too. NIKTO can be used to outdated version of program also, and at the end of scan it’s generate log file too. To run NIKTO, you don’t have need any other resources, if our server installed Perl.

Download NIKTO
Download package of Nikto from there website https://cirt.net/nikto/nikto-2.1.5.tar.gz
Now extract the package using below command
tar -zxvf nikto-2.1.5.tar.gz

nikto1

Navigate to the directory where NIKTO is download then
sudo cp -apvf nikto-2.1.5/* /usr/local/bin/
and then
ls -l /usr/local/bin
nikto2
To make permission and create links
Now we need to create a link for our conf file to /etc/ because nikto look for conf file under /etc/. Then make our nikto script as executable using chmod.
sudo ln -s /usr/local/bin/nikto.conf /etc/nikto.conf
ls -l /etc/nikto.conf
sudo chmod 755 /usr/local/bin/nikto.pl
ls -l /usr/local/bin/nikto.pl
nikto3

Now Update the NIKTO database
/usr/local/bin/nikto.pl -update
nikto4

To list the available Plugins for nikto we can use the below command.
nikto.pl -list-plugins

nikto5

Now Scan For Vulnerabilities

To scan for a website using host name we can use the option -h followed by NIKTO command.
nikto.pl -h www.cyberops.in

nikto6

Scan for host name using multiple ports
nikto.pl -h www.google.com -p 80,443

While scanning for vulnerabilities we can see the process
nikto.pl -D v -h www.google.com
Here
-D = Display
v  = Verbose
-h = Host name

NIKTO provide tuning option to scan only using specific check
Below Options are available for specific scan’s.
0 – File Upload
1 – Interesting File // we will get in logs
2 – Configuration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service // Scan for DDOS
7 – Remote File Retrieval – Server Wide
8 – Command Execution // Remote Shell
9 – SQL Injection // Scan for MySQL vulnerabilities
a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options

For example you want to scan Denial of Service and Remote File Retrieval
nikto.pl -Tuning 69 -h www.cyberops.in
Scan and save the result
nikto.pl -Display V -o nikto_scan_result.html -Format html -h 192.168.0.166