Deprecated: Hook custom_css_loaded is deprecated since version jetpack-13.5! Use WordPress Custom CSS instead. Jetpack no longer supports Custom CSS. Read the documentation to learn how to apply custom styles to your site: in /home/cyberopswebsite/public_html/blog/wp-includes/functions.php on line 6078
How to install and Use Nikto in Linux


+91 9610101337

How to install and Use Nikto in Linux

How to install and Use Nikto in Linux

By Prempal Singh 0 Comment July 24, 2016

What is Nikto
Nikto is web-server scanner which is open source which can be use to scan the server for malicious file and programs. Using NIKTO we can scan HTTP, HTTPS and HTTPD traffics too. NIKTO can be used to outdated version of program also, and at the end of scan it’s generate log file too. To run NIKTO, you don’t have need any other resources, if our server installed Perl.

Download NIKTO
Download package of Nikto from there website
Now extract the package using below command
tar -zxvf nikto-2.1.5.tar.gz


Navigate to the directory where NIKTO is download then
sudo cp -apvf nikto-2.1.5/* /usr/local/bin/
and then
ls -l /usr/local/bin
To make permission and create links
Now we need to create a link for our conf file to /etc/ because nikto look for conf file under /etc/. Then make our nikto script as executable using chmod.
sudo ln -s /usr/local/bin/nikto.conf /etc/nikto.conf
ls -l /etc/nikto.conf
sudo chmod 755 /usr/local/bin/
ls -l /usr/local/bin/

Now Update the NIKTO database
/usr/local/bin/ -update

To list the available Plugins for nikto we can use the below command. -list-plugins


Now Scan For Vulnerabilities

To scan for a website using host name we can use the option -h followed by NIKTO command. -h


Scan for host name using multiple ports -h -p 80,443

While scanning for vulnerabilities we can see the process -D v -h
-D = Display
v  = Verbose
-h = Host name

NIKTO provide tuning option to scan only using specific check
Below Options are available for specific scan’s.
0 – File Upload
1 – Interesting File // we will get in logs
2 – Configuration / Default File
3 – Information Disclosure
4 – Injection (XSS/Script/HTML)
5 – Remote File Retrieval – Inside Web Root
6 – Denial of Service // Scan for DDOS
7 – Remote File Retrieval – Server Wide
8 – Command Execution // Remote Shell
9 – SQL Injection // Scan for MySQL vulnerabilities
a – Authentication Bypass
b – Software Identification
c – Remote Source Inclusion
x – Reverse Tuning Options

For example you want to scan Denial of Service and Remote File Retrieval -Tuning 69 -h
Scan and save the result -Display V -o nikto_scan_result.html -Format html -h

error: Content is protected by Cyberops !!