How to Use Nikto for Web Server Vulnerability Scanning in Kali Linux

Install Nikto

Nikto is an open source web server vulnerability scanner that is available for use in Kali Linux. It is a powerful tool that can be used to detect a wide range of web server vulnerabilities. In order to use Nikto, it must first be installed on your system. To install Nikto, open a terminal window and type the following command:

sudo apt-get install nikto

Once the installation is complete, you can verify that Nikto is installed by typing the following command:

nikto -h

This will display the help information for Nikto. You can also check the version of Nikto that is installed by typing the following command:

nikto -V

Now that Nikto is installed, you can begin using it to scan for web server vulnerabilities. Before you begin, however, it is important to make sure that you have the latest version of Nikto installed. To update Nikto, type the following command:

sudo apt-get update nikto

This will update Nikto to the latest version. Once the update is complete, you can begin using Nikto to scan for web server vulnerabilities.

Update Nikto

Nikto is a web server vulnerability scanner that is included in Kali Linux. It is important to keep Nikto up to date in order to ensure that it is able to detect the latest vulnerabilities. To update Nikto, open a terminal window and type the following command:

apt-get update && apt-get upgrade nikto

This command will update the package list and then upgrade the Nikto package. Once the update is complete, you can run a scan to check for any vulnerabilities. To learn more about how to use Nikto, you can visit the official website.

Run a Scan

Now that Nikto is installed and updated, it's time to run a scan. To do this, open a terminal window and type the following command: nikto -h http://example.com. This will scan the website for any known vulnerabilities. You can also specify a port number if the website is running on a non-standard port. For example, if the website is running on port 8080, you can use the following command: nikto -h http://example.com:8080. You can also specify a range of ports to scan, for example: nikto -h http://example.com -p 1-65535. This will scan all ports from 1 to 65535. You can also specify a range of IP addresses to scan, for example: nikto -h http://example.com -i 192.168.1.1-192.168.1.255. This will scan all IP addresses from 192.168.1.1 to 192.168.1.255. Once the scan is complete, Nikto will generate a report with the results of the scan.

Review the Results

Once the scan is complete, Nikto will generate a report with the results. The report will contain information about the web server, such as the version of the server, the operating system, and the type of web server. It will also list any vulnerabilities that were found, such as cross-site scripting, SQL injection, and directory traversal. It is important to review the results of the scan carefully, as some of the vulnerabilities may be false positives. To help with this, Nikto provides a detailed description of each vulnerability, as well as a link to the CVE database for more information.

To review the results of the scan, open the report file in a text editor. The report will be in HTML format, so it can be viewed in a web browser as well. The report will contain a summary of the scan, as well as a list of the vulnerabilities that were found. It is important to review each vulnerability carefully, as some of them may be false positives. If any vulnerabilities are found, it is important to take steps to fix them as soon as possible.

It is also important to keep the Nikto scan up to date. To do this, run the nikto -update command periodically. This will ensure that the scan is using the latest version of the Nikto database, and will help to ensure that any new vulnerabilities are detected.

Useful Links