The Expert's Nikto Guide

A comprehensive guide to web server scanning and vulnerability assessment with Nikto

Nikto is a powerful open-source web server scanner designed to identify potential vulnerabilities, misconfigurations, and security issues in web servers and web applications. This comprehensive tool performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers.

Nikto is an open-source web server scanner that performs comprehensive tests against web servers for multiple security issues. It scans for outdated server software, dangerous files, misconfigurations, and other vulnerabilities. Unlike many other security scanners, Nikto is designed to be fast, thorough, and easy to use, making it an essential tool for security professionals conducting web application assessments. It's not designed to be stealthy, but rather to provide a complete and thorough examination of the target web server.

Why Use Nikto?

Comprehensive Coverage: Tests for thousands of potential issues and vulnerabilities
Ease of Use: Simple command-line interface with straightforward options
Thorough Reporting: Detailed output with multiple format options
Active Development: Regularly updated with new vulnerability checks
Integration Capabilities: Works well with other penetration testing tools
Free and Open Source: Available to everyone with an active community
Low Resource Requirements: Runs efficiently on modest hardware

Getting Started with Nikto

Install Nikto

Nikto comes pre-installed in many security-focused Linux distributions like Kali Linux. For other systems:

Debian/Ubuntu:

sudo apt update
sudo apt install nikto

Fedora/RHEL:

sudo dnf install nikto

From Source:

git clone https://github.com/sullo/nikto.git
cd nikto/program

Docker:

docker pull sullo/nikto
docker run -it sullo/nikto -h example.com

Verify Installation

Test your installation by running:

nikto -Version

This should display the current version of Nikto and its components.

Understand Basic Syntax

The basic syntax for Nikto is:

nikto -h [target host]

For example, to scan a website:

nikto -h https://example.com

This will perform a comprehensive scan of the target web server.

Core Scanning Options

Basic Scanning

The most basic Nikto scan requires only a target:

nikto -h target.com

For HTTPS sites, you can specify the protocol:

nikto -h https://target.com

To specify a non-standard port:

nikto -h target.com -p 8080

Authentication

Nikto supports various authentication methods:

# Basic authentication
nikto -h target.com -id username:password

# Form-based authentication
nikto -h target.com -id username:password -form /login.php

Tuning Scan Options

Customize the scan with tuning options:

# Scan only for specific vulnerabilities
nikto -h target.com -Tuning 123

Tuning options include:

0: File Upload
1: Interesting File / Seen in logs
2: Misconfiguration / Default File
3: Information Disclosure
4: Injection (XSS/Script/HTML)
5: Remote File Retrieval
6: Denial of Service
7: Remote File Retrieval
8: Command Execution / Remote Shell
9: SQL Injection
a: Authentication Bypass
b: Software Identification
c: Remote Source Inclusion
x: Reverse Tuning Options (disable these)

Output and Reporting

Nikto offers multiple output formats for reporting:

Default plain text output to console or file:

nikto -h target.com -o report.txt -Format txt

This creates a human-readable text report.

Advanced Options

Proxy Support

Route scans through a proxy server:

nikto -h target.com -useproxy http://proxy.example.com:8080

SSL/TLS Options

Customize SSL/TLS behavior:

# Specify SSL version
nikto -h target.com -ssl -sslv 1.2

# No certificate validation
nikto -h target.com -ssl -nossl

Plugin Management

Nikto uses a plugin architecture for its tests:

# List available plugins
nikto -list-plugins

# Enable specific plugins
nikto -h target.com -Plugins "apacheusers(users:admin;root;user),report_html"

# Update plugins database
nikto -update

Evasion Techniques

Nikto offers several evasion options to avoid detection:

nikto -h target.com -evasion 1

Evasion options include:

Random URI encoding
Directory self-reference (/./)
Premature URL ending
Prepend long random string
Fake parameter
TAB as request spacer
Change the case of the URL
Use Windows directory separator () A. Use a carriage return (0x0d) as a request spacer B. Use binary value 0x0b as a request spacer

Note:

Evasion techniques may cause false negatives as some servers might not process the requests correctly.

Practical Examples

Basic Web Server Scan

nikto -h example.com

Comprehensive Scan with Full Options

nikto -h example.com -port 443 -ssl -Tuning x6 -Display V -o report.html -Format html

This performs a scan:

Against HTTPS (port 443)
Excluding DoS tests (x6)
With verbose output (-Display V)
Saving results to an HTML file

Multiple Host Scanning

nikto -h target1.com target2.com

Or scan from a file:

nikto -h hosts.txt

Integration with Other Tools

Nikto can be integrated with Metasploit:

# In Metasploit
msf> load nikto
msf> nikto_scan -h target.com

Interpreting Results

Nikto scan results are organized by severity and include:

Server Information: Web server type, version, and configuration details
Vulnerabilities: Potential security issues found
Misconfigurations: Server setup problems
Information Disclosure: Sensitive data exposure
Outdated Software: Deprecated or vulnerable components

Each finding includes:

Description of the issue
URL or path where it was found
Severity indication
References to related vulnerabilities (CVE, OSVDB)

Note:

Nikto may report false positives. Always verify findings manually before taking action.

Guide Structure

This guide is organized into several sections:

Core Operations: Basic syntax, scanning options, and fundamental usage
Advanced Techniques: Customization options, evasion methods, and specialized approaches
Integration: Using Nikto with other security tools
Best Practices: Optimizing scans and interpreting results accurately

Each section provides detailed explanations, command examples, and real-world use cases to help you master Nikto for ethical penetration testing and security assessment.

Next Steps

Now that you understand the basics of Nikto, explore the following sections to deepen your knowledge:

Core Operations - Learn the fundamental commands and operations
Advanced Techniques - Explore sophisticated scanning strategies
Integration Guide - Learn how to use Nikto with other security tools
Best Practices - Optimize your workflow and ensure accurate results

PreviousBest Practices

NextCore Operations

Penetration Testing Guide

Hashcat Guide

Hydra Guide

Nikto Guide

OWASP ZAP Guide

Burp Suite Guide

XSS Guide

SQLMap Guide

Reverse Shells Guide

John the Ripper Guide

Nmap Guide