RatSec Blog

Nikto - An overview

- Posted in tools by

Nitko Scanner

Nikto is an open-source web server scanner that helps security professionals and administrators identify potential vulnerabilities and security issues in web servers and web applications. It is written in Perl and designed to be versatile, making it compatible with a wide range of web servers and platforms.

Nikto is widely used for its comprehensive scanning capabilities, which include:

  1. Web Server and Software Version Detection: Nikto can identify the web server software and its version, as well as the software stack running on the server (e.g., PHP, Python, Ruby, etc.).

  2. Outdated Software and Components: It checks for outdated server software, plugins, and libraries, which may be vulnerable to known exploits.

  3. Security Misconfigurations: Nikto scans for common security misconfigurations, such as directory listings, open ports, and default files, that can lead to security vulnerabilities.

  4. Known Vulnerabilities: The tool uses its extensive database to search for known vulnerabilities in web applications and server software.

  5. CORS and SSL/TLS Issues: Nikto can detect Cross-Origin Resource Sharing (CORS) issues and SSL/TLS configuration problems.

  6. Security Headers: It checks for the presence and proper configuration of security headers like Content Security Policy (CSP), X-Content-Type-Options, and X-Frame-Options.

  7. Multiple Scanning Options: Nikto provides various scanning profiles and options, allowing users to customize the scan based on their specific needs and compliance requirements.


Here's a basic overview of how to use Nikto:

  1. Installation: Nikto is typically pre-installed on many Linux distributions. However, you can also download it from the official GitHub repository (https://github.com/sullo/nikto) and install it manually. Follow the installation instructions provided in the repository's README file.

  2. Basic Scan: To perform a basic scan on a target web server, open a terminal and run the following command:

    nikto -h <target_host>

    Replace <target_host> with the IP address or domain name of the web server you want to scan.

  3. Customized Scans: Nikto allows you to customize your scans using various command-line options. For example, you can specify a different output format, set authentication credentials, enable or disable specific tests, and more. Use the -help option to view the available options and their descriptions:

    nikto -help
  4. Output Options: By default, Nikto outputs scan results to the terminal. However, you can save the results to a file using the -o option:

    nikto -h <target_host> -o <output_file>
  5. Using Plugins: Nikto supports plugins that can extend its functionality. You can find and install plugins from the Nikto Plugins Repository (https://github.com/sullo/nikto-extras).

  6. Updating Databases: Periodically update Nikto's database of vulnerabilities and plugins to ensure it has the latest information:

    nikto -update
  7. Scanning for Specific Ports: Nikto primarily scans the default HTTP and HTTPS ports (80 and 443). To scan a different port, use the -p option:

    nikto -h <target_host> -p <port_number>
  8. Scanning Multiple Ports: Nikto can scan multiple ports in the same scanning session. To test more than one port on the same host, specify the list of ports in the -p (-port) option. Ports can be specified as a range (i.e., 80-90), or as a comma-delimited list, (i.e., 80,88,90). This will scan the host on ports 80, 88 and 443.

    nikto -h <target host> -p 80,88,443
  9. Multiple Hosts: Nikto support scanning multiple hosts in the same session via a text file of host names or IPs. Instead of giving a host name or IP for the -h (-host) option, a file name can be provided. A file of hosts must be formatted as one host per line, with the port number(s) at the end of each line. Ports can be separated from the host and other ports via a colon or a comma. If no port is specified, port 80 is assumed.


Remember that while Nikto is a powerful tool for identifying potential vulnerabilities, it should be used responsibly and with proper authorization, as scanning a server without permission may be illegal. Always ensure you have the necessary permissions and follow ethical hacking practices when using Nikto or any other security scanning tool.