Nikto Basic Usage

Learn how to perform common scanning tasks with Nikto web vulnerability scanner

This guide covers the basic usage of Nikto for common web vulnerability scanning scenarios. You'll learn how to perform basic scans, interpret results, and customize scans for different environments.

Installation Verification

Before using Nikto, verify that it's properly installed and functioning:

nikto -Version

This should display the Nikto version information and basic details about the installation.

Basic Scanning

Simple Host Scan

The most basic Nikto scan targets a single host:

Specify Target Host

Run a basic scan against a target website:

nikto -h example.com

This will scan the default HTTP port (80) on the specified host.

Review Results

Nikto will display findings as they are discovered:

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          93.184.216.34
+ Target Hostname:    example.com
+ Target Port:        80
+ Start Time:         2023-10-15 14:30:12 (GMT-4)
---------------------------------------------------------------------------
+ Server: ECS (dcb/7F84)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ 7915 requests: 0 error(s) and 3 item(s) reported on remote host
+ End Time:           2023-10-15 14:35:27 (GMT-4) (315 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Save Results

Save the scan results to a file:

nikto -h example.com -o results.txt

This saves the output in plain text format for later review.

Scanning HTTPS Sites

For secure websites using HTTPS:

# Scan HTTPS on default port (443)
nikto -h example.com -ssl

# Scan HTTPS on a non-standard port
nikto -h example.com -ssl -p 8443

Note:

When scanning HTTPS sites, Nikto will automatically handle SSL/TLS connections and certificate validation. Use the -ssl flag to ensure proper handling of secure connections.

Scanning Multiple Ports

To scan multiple ports on the same host:

# Scan specific ports
nikto -h example.com -p 80,443,8080,8443

# Scan a range of ports
nikto -h example.com -p 80-90

# Scan all ports (very time-consuming)
nikto -h example.com -p-

Scanning Multiple Hosts

To scan multiple hosts:

# Create a file with one host per line
echo "example.com" > hosts.txt
echo "test.com" >> hosts.txt
echo "192.168.1.100" >> hosts.txt

# Scan all hosts in the file
nikto -h hosts.txt

Authentication

Basic Authentication

For sites requiring HTTP Basic Authentication:

nikto -h example.com -id username:password

Form-Based Authentication

For sites using form-based authentication:

nikto -h example.com -id username:password -form /login.php

Note:

Form-based authentication support in Nikto is limited. For complex authentication flows, consider using a proxy like Burp Suite in conjunction with Nikto.

Common Scanning Scenarios

Quick Scan

For a fast overview of potential issues:

nikto -h example.com -Tuning 123bx

This focuses on:

File/path discovery (1)
Misconfigurations (2)
Information disclosure (3)
Software identification (b)

And excludes time-consuming tests (x).

Output Options

Saving Results

Save scan results in different formats:

# Plain text output
nikto -h example.com -o results.txt -Format txt

# HTML report
nikto -h example.com -o results.html -Format htm

# CSV format
nikto -h example.com -o results.csv -Format csv

# XML format
nikto -h example.com -o results.xml -Format xml

# JSON format
nikto -h example.com -o results.json -Format json

Verbosity Control

Control the amount of information displayed:

# Display all information
nikto -h example.com -Display V

# Display only vulnerabilities
nikto -h example.com -Display 1

# Display vulnerabilities and information
nikto -h example.com -Display 12

# Disable output to terminal (save to file only)
nikto -h example.com -o results.txt -Format txt -Display 0

Proxy Integration

Using a Proxy

Route Nikto scans through a proxy:

# Use a proxy
nikto -h example.com -useproxy http://proxy:8080

# Use a proxy with authentication
nikto -h example.com -useproxy http://username:password@proxy:8080

Integration with Burp Suite

To route Nikto through Burp Suite for additional analysis:

# Start Burp Suite and configure the proxy listener (default: 127.0.0.1:8080)
# Then run Nikto with the proxy setting
nikto -h example.com -useproxy http://127.0.0.1:8080

Practical Examples

WordPress Site Scan

Scanning a WordPress site for common vulnerabilities:

nikto -h wordpress-site.com -Tuning 123459 -Plugins wp_enum

E-commerce Site Scan

Scanning an e-commerce site with focus on injection vulnerabilities:

nikto -h shop.example.com -ssl -Tuning 49a -id customer:password -useproxy http://127.0.0.1:8080

Internal Web Application Scan

Scanning an internal web application with authentication:

nikto -h 192.168.1.100:8080 -id admin:password -form /login -Tuning x

Troubleshooting

Common Issues

Connection Issues

If Nikto cannot connect to the target:

# Verify the host is reachable
ping example.com

# Check if the port is open
nmap -p 80 example.com

# Try increasing the timeout
nikto -h example.com -timeout 60

Next Steps

Now that you understand the basic usage of Nikto, explore the following topics:

Scan Options - Explore detailed scanning configuration options
Output Formats - Learn about different output formats and reporting
Advanced Techniques - Discover advanced usage scenarios and techniques

PreviousCore Operations

NextScan Options

Penetration Testing Guide

Hashcat Guide

Hydra Guide

Nikto Guide

OWASP ZAP Guide

Burp Suite Guide

XSS Guide

SQLMap Guide

Reverse Shells Guide

John the Ripper Guide

Nmap Guide