Nikto: Web Server Scanner


Nikto: Web Server Scanner

Introduction

Nikto is an open source web server scanner that has the ability to perform in-depth scans on web servers. This tool can be used to identify server-based vulnerabilities such as server misconfigurations and outdated servers. It can also spot programs and files that may be insecure or software that is misconfigured.

Nikto: Web Server Scanner

Nikto: Open-Source Web Server Scanner

Nikto is loaded with a long list of features that allows it to effectively perform tests on web servers within the shortest time possible. This tool can be used to run scans on a number of servers and this makes it to be very useful when it comes to testing intranet applications.

Currently, it can be used to run scans for 6700+ items in order to detect any underlying vulnerabilities within a server. Nikto can also be used to carry out checks on in-log files to identify other items that may be unknown. It also supports multiple port scanning allowing you to run tests on a number of ports within a single session. All you have to do is specify the number of ports that you would like to perform scans on.

In advanced use cases parameters such as the –mutate can be used to launch complex scans on suspected servers. The mutation technique will enable you to combine a number of tests, making the test being performed to have a greater impact or the web server being targeted.

If properly used Nikto can not only act as a vulnerability scanner but can also be used to acquire additional information about servers. This may include items that the pentester or attacker may not be initially aware of. In as much as this tool may be useful at gathering information from web servers, it’s not designed to be stealthy, so it can easily be detected.

Features:

  • Metasploit Logging
  • Subdomain guessing
  • Report saving(using plain text: NBE, XML, CSV, and  HTML)
  • Multiple Port Scanning
  • Easy updates (through command lines)
  • Host authentication (using NTLM and Basic)
  • LibWhisker’s IDS
  • Template engine (for easy report customization)
  • Thorough documentation
  • SSL support (on Unix that has OpenSSL and windows that have Activestate’s Perl/NetSSL)
  • Authorization guessing (handles all directories)
  • Scan tuning
  • Mutation technique
Nikto: Web Server Scanner

Supported Platforms:

  • Unix/Linux including OS X, Windows (must have ActiveState Perl/ Strawberry Perl)
Some of the OSs, including Kali Linux, come pre-installed with Nikto.

Nikto Install

Important: Unix/Linux users: Before installing Nikto ensure that you have installed the required Perl module that your system supports. LibWhisker is already included.

Clone the repo:

$ git clone https://github.com/sullo/nikto.git

Run as Docker container

$ cd nikto
$ docker build -t sullo/nikto

Basic Usage

Use -h to list available options:

$ docker run --rm sullo/nikto -h http://www.example.com
Options:
       -ask+               Whether to ask about submitting updates
                               yes   Ask about each (default)
                               no    Don't ask, don't send
                               auto  Don't ask, just send
       -Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
       -config+            Use this config file
       -Display+           Turn on/off display outputs:
                               1     Show redirects
                               2     Show cookies received
                               3     Show all 200/OK responses
                               4     Show URLs which require authentication
                               D     Debug output
                               E     Display all HTTP errors
                               P     Print progress to STDOUT
                               S     Scrub output of IPs and hostnames
                               V     Verbose output
       -dbcheck           Check database and other key files for syntax errors
       -evasion+          Encoding technique:
                               1     Random URI encoding (non-UTF8)
                               2     Directory self-reference (/./)
                               3     Premature URL ending
                               4     Prepend long random string
                               5     Fake parameter
                               6     TAB as request spacer
                               7     Change the case of the URL
                               8     Use Windows directory separator (\)
                               A     Use a carriage return (0x0d) as a request spacer
                               B     Use binary value 0x0b as a request spacer
        -Format+           Save file (-o) format:
                               csv   Comma-separated-value
                               htm   HTML Format
                               msf+  Log to Metasploit
                               nbe   Nessus NBE format
                               txt   Plain text
                               xml   XML Format
...

For detailed documentation and instructions click on the “documentation” button below.

Documentation Box
Download Box