Nikto Core Operations
Learn about the core operations and essential functionality of Nikto web vulnerability scanner
This guide covers the core operations and essential functionality of Nikto, a powerful web server scanner used for vulnerability assessment and penetration testing.
Command Line Structure
Nikto uses a straightforward command line structure:
nikto [options] -h host
Where:
[options]are various flags and parameters to customize the scan-h hostspecifies the target host (required)
Essential Options
Here are the most commonly used Nikto options:
Target Specification
# Scan a single host
nikto -h example.com
# Scan a host on a specific port
nikto -h example.com -p 8080
# Scan multiple ports
nikto -h example.com -p 80,443,8080
# Scan a range of ports
nikto -h example.com -p 80-443
# Scan multiple hosts from a file
nikto -h hosts.txt
Authentication Options
# Basic authentication
nikto -h example.com -id username:password
# Form-based authentication
nikto -h example.com -id username:password -form /login.php
Output Control
# Save output to a file
nikto -h example.com -o report.txt
# Save output in HTML format
nikto -h example.com -o report.html -Format htm
# Save output in CSV format
nikto -h example.com -o report.csv -Format csv
# Save output in XML format
nikto -h example.com -o report.xml -Format xml
# Save output in JSON format
nikto -h example.com -o report.json -Format json
Scan Control
# Set scan tuning options
nikto -h example.com -Tuning 123
# Enable SSL/TLS
nikto -h example.com -ssl
# Specify a proxy
nikto -h example.com -useproxy http://proxy:8080
# Set timeout (in seconds)
nikto -h example.com -timeout 10
Scan Modes and Tuning
Nikto offers various scan modes and tuning options to focus on specific types of tests:
Scan Tuning
The -Tuning option allows you to specify which tests to run:
# Run all tests
nikto -h example.com -Tuning x
# Run only file upload tests
nikto -h example.com -Tuning 7
# Run multiple test categories
nikto -h example.com -Tuning 123
Tuning Options:
- 0 - File Upload
- 1 - Interesting File / Seen in logs
- 2 - Misconfiguration / Default File
- 3 - Information Disclosure
- 4 - Injection (XSS/Script/HTML)
- 5 - Remote File Retrieval (Inside Web Root)
- 6 - Denial of Service
- 7 - Remote File Retrieval (Server Wide)
- 8 - Command Execution / Remote Shell
- 9 - SQL Injection
- a - Authentication Bypass
- b - Software Identification
- c - Remote Source Inclusion
- x - Reverse Tuning Options (exclude)
Understanding Nikto Output
Nikto provides detailed output about discovered vulnerabilities and issues:
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.1.100
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2023-10-15 12:34:56 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.41 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.4.41 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 7915 requests: 0 error(s) and 7 item(s) reported on remote host
+ End Time: 2023-10-15 12:40:23 (GMT-4) (327 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Key Output Elements
- Header Information: Target details and scan start time
- Server Information: Web server type and version
- Vulnerability Findings: Discovered issues with references
- Statistics: Number of requests, errors, and findings
- Timing Information: Scan duration and completion time
Severity Indicators
Nikto uses symbols to indicate the severity of findings:
+- Informational item-- Negative (not vulnerable)*- Vulnerability found!- Critical vulnerability
Next Steps
Now that you understand the core operations of Nikto, explore the following topics:
- Basic Usage - Learn how to perform common scanning tasks
- Scan Options - Explore detailed scanning configuration options
- Output Formats - Learn about different output formats and reporting
- Advanced Techniques - Discover advanced usage scenarios and techniques