nikto

Nikto is a widely used web application scanner designed to test websites for security vulnerabilities. It performs comprehensive scans and identifies potential threats, outdated software, and misconfigurations in web applications.

Installation on Unix systems

sudo apt update && sudo apt install nikto

Basic scan

nikto -h <IP:PORT>

Mutiple hosts & ports

nikto -h <IP> -p <PORTS>
nmap -p 80 <IPs> 172.16.0.0/24 -oG - | nikto -h -

Plugins

nikto -h <TARGET> -Plugin <PLUGIN>
Plugin Name
Description

apacheusers

Attempt to enumerate Apache HTTP Authentication Users

cgi

Look for CGI scripts that we may be able to exploit

robots

Analyse the robots.txt file which dictates what files/folders we are able to navigate to

dir_traversal

Attempt to use a directory traversal attack (i.e. LFI) to look for system files such as /etc/passwd on Linux (http://ip_address/application.php?view=../../../../../../../etc/passwd)

Vulnerability scan

nikto -h <TARGET> -Tunining <Number>
Category Name
Description
Tuning Option

File Upload

Search for anything on the web server that may permit us to upload a file. This could be used to upload a reverse shell for an application to execute.

0

Misconfigurations / Default Files

Search for common files that are sensitive (and shouldn't be accessible such as configuration files) on the web server.

2

Information Disclosure

Gather information about the web server or application (i.e. verison numbers, HTTP headers, or any information that may be useful to leverage in our attack later)

3

Injection

Search for possible locations in which we can perform some kind of injection attack such as XSS or HTML

4

Command Execution

Search for anything that permits us to execute OS commands (such as to spawn a shell)

8

SQL Injection

Look for applications that have URL parameters that are vulnerable to SQL Injection

9

# Verbosity

nikto -h <TARGET> -DisplayArgument>

Argument
Description
Reasons for Use

1

Show any redirects that are given by the web server.

Web servers may want to relocate us to a specific file or directory, so we will need to adjust our scan accordingly for this.

2

Show any cookies received

Applications often use cookies as a means of storing data. For example, web servers use sessions, where e-commerce sites may store products in your basket as these cookies. Credentials can also be stored in cookies.

E

Output any errors

This will be useful for debugging if your scan is not returning the results that you expect!

PreviousarjunNextsqlmap

Last updated